Document Sample
119 Powered By Docstoc
					               Controlled Access to Restricted Areas of DESY Accelerators.

                                 Andreas Labudda, DESY, Hamburg, Germany

                                                                single position the coordination of access can be done by
                                                                a single member of the accelerators crew.
   DESY has two different systems for controlled access
to restricted areas. A pure hardware based system for the       2.1    The Design Goals of the New System of
first build accelerators like LINAC and DESY with eight                Controlled Access
access doors and a software supported system for DORIS,
PETRA and HERA with 30 access doors. The Software                 These are several design goals. One design goal is to
has three design goals.                                         control the access from a single position in the BKR. The
       Scalability for different numbers of accelerators.      other design goal is to build the systems in small software
       All access doors can be operated from a central         modules with well-defined interfaces. This enables an
          position                                              easy reaction in case of redesign of hardware systems
       Small changes in applications due to changes in         without effecting modules that interact with existing
          the existing hardware.                                hardware. At least the system should be scaleable to
   To reach this goal the software was implemented as a         several accelerators without rewriting of code.
PC based client - server system in 1998.
                                                                2.2    The Equipment
              1     INTRODUCTION                                  Every point of access at DESY is equipped with nearly
   No person should be near the accelerator if the              identical hardware. At first Serial Data Acquisition
accelerator is going to be used. To ensure this a search        (SEDAC) driven devices like
crew searches the area around the accelerators. Each part                An access door with
of the accelerator must be registered as “clean” before the              several     contacts     to
interlock is fixed and the accelerator can be turned on.                 register the state of the
After the area is searched any unauthorized access will
prevent the accelerator from use.                                        A box of accelerator
                                                                         keys. The accelerators
   To enable a short-term work near the accelerator
                                                                         can be turned on only if
without the necessity of a following search, the procedure
                                                                         all of the keys are back in
of the “controlled access” is established. A person who
                                                                         the box.
wants to access has to announce himself at the operator
                                                                         Video cameras, which
via phone and video. If the accelerator is offline, the
                                                                         are selected by video
operator has five steps to do.
                                                                         multiplexers. There are
   Select the video camera to see where the person
                                                                         two different types of
       wants to enter the accelerator.
                                                                         multiplexers available. One type of
   Register the person name.                                            multiplexer is “eight to one“. It selects a
   Enable the person to get a key for preventing the                    cameras signal to be displayed. The other
       accelerator to be switched on.                                    type of multiplexer is “four to four”. It selects the
   Select the door to be bridged.                                       screen, where the signal has to be displayed.
   Bridge the doors contacts to let the person enter                 Several contacts which register the state of the
       without breaking the interlock.                                   area. Every area consists of several access doors.
                                                                  Likewise exist optional serial driven card readers and
   2     CONTROLED ACCESS AT DESY                               some devices, which are not controlled by the control
  DESY has got two different systems for controlled             system like lamps, telephones and speakers.
access. An old, pure hardware based system for the                Every driven “access device “ of an accelerator is
smaller accelerators like the LINACS and DESYS and a            connected to one device server PC.
software supported system for DORIS, PETRA and
HERA. Both systems for the controlled access are                   3    The Implementation of the Software
concentrated at one single position in the BKR. By                 The device server PC hosts several applications to
concentrating the controlled access for all accelerators at a   manage the controlled access. There are pure device
                                                                servers that act on hardware devices and of data server.
The data server registers the data of the controlled           3.6    Service Console
accesses like name of the person who accesses, location of
                                                                  The service console is just for testing and debugging
access, time of access and duration of access.
                                                               the hardware. Every status bit is decoded and displayed at
  For the operator there are two applications available.
                                                               the service console. Also every available bit of the device
One application for the procedure of controlled access
                                                               can be controlled. The service console is not designed to
and another application for services like device checking.
                                                               execute the controlled access.

3.1    The Device Server for the Boxes of Keys                 3.7    Operating Console
       and Doors of Access.
                                                                  By the operating console the operator executes the
  This device server reads the status of the boxes of keys     procedure of controlled access. The operating console
and the interlock doors. The status can be:                    enables the operator
     Is the box open? Yes or No?                                   to view the states of the areas
     Are all of the keys in the box? Yes or No?                    control the box of keys and
     Is the interlock door open? Yes or No?                        prepare the interlock door for opening.
     Is the interlock door prepared to use? Yes or No?           The operating console also displays the states of the
  The commands the server processes enable the box of          devices, but no specific errors are displayed. The
keys to open and they prepare the contacts of the interlock    operating console displays an “OK” if all devices in an
door to be bridged.                                            area have no errors. If one device is not ok, its type of is
                                                               displayed. For further debugging the service console must
3.2    The Device Server for the Areas of                      be used.
       Controlled Access
   The device server for the areas of controlled access         4     A Critical Review of the Software after
accepts no commands. The server only checks the state of             Implementing and Two Years of Use.
the areas. The status can be “No Interlock”, “Cleaning the        At first, the crew has not used the card server and the
area” and “Interlock OK”.                                      data the server. Fore the pure hardware based system, the
                                                               registration of accesses has to be done manually. Also the
3.3    The Device Server for Video Multiplexers                registration of access in the software-based system was
   The device server for video multiplexers reads the          done manually, too.
status of the connected devices via SEDAC. The status is          The systems of the different accelerators are not well
the selected input line of each channel. The server accepts    separated. The video signals of three different accelerators
commands selecting a channel of each multiplexer               have to be displayed on two different video screens. One
separately.                                                    device server has to serve the switch where the connection
                                                               from the accelerators video signal to video display will be
3.4    The Device Server for Card Readers                      made. This is a single point of failure for all accelerators.
                                                                  After all the controlled access to restricted areas is a
   The device server reads the data of magnetic cards          stable system, which needed no software support the last
including the owners name, the number and the period of        two years.
validity. Also the device server reads the error status and
the some I/O statistics. For controlling the card readers
the device server offers commands to display text on the
                                                                          5    A View Into the Future.
card readers display, eject cards, alter processing, reset a      We plan to replace all card reader systems with a new
device and turn the device off and on.                         transponder system. This will result in a replacement of
                                                               the servers for card readers. There will be no software
3.5    The Data Server                                         changes in any other device server. The amount of
                                                               changes of the console applications will depend on the
  The data server has no connection to any device. The         interface of the new server for the transponder.
Data Server holds the data of accesses to a controlled            The plan is to equip the hardware based system with
area. All off them are made available by the consoles          transponders, too. This will not interfere with the existing
commands. The server offers commands to check in,              device server. Just the server of the central monitors has
check out and print statistics. No command is available to     to be configured for the new input. A new instance of an
delete data.                                                   accelerators system of controlled access has to be adopted
  The Names of persons, who did not check out yet are          for the new integrated accelerators.
send as status data by the “Data Server”.

Shared By: