Trusted TMR Expander Interface: Product Overview
PD-T8311 Trusted
Trusted TMR Expander Interface
Product Overview
The Trusted® TMR Expander Interface Module resides in the Trusted Controller Chassis and
provides the ‘master’ interface between the Inter-Module Bus (IMB) in the Controller Chassis and
the Expander Bus. The Expander Bus allows multiple chassis systems to be implemented using
Unshielded Twisted Pair (UTP) cable connections whilst maintaining the fault tolerant, high
bandwidth IMB capabilities.
The Module provides fault containment for the Expander Bus, the Module itself and the IMB in the
Controller Chassis, ensuring that the effects of these potential faults are localised and system
availability maximised. The Module is fault tolerant with HIFT TMR architecture. Comprehensive
diagnostics, monitoring and testing provide rapid fault identification. Hot-standby and module
spare slot configurations are supported, allowing automatic and manual repair strategies.
Features:
• Triple Modular Redundant (TMR), fault tolerant (3-2-0) operation.
• Hardware Implemented Fault Tolerant (HIFT) architecture.
• Dedicated hardware and software test regimes which provide very fast fault recognition and
response times.
• Automatic fault handling without nuisance alarming.
• Hot replacement.
• Front Panel indicators that show module health and status.
• TϋV Certified IEC 61508 SIL 3.
Rockwell Automation Publication PD-T8311 Issue 15
Trusted PD-T8311
Page intentionally left blank
Rockwell Automation Publication PD-T8311 Issue 15
Trusted TMR Expander Interface PREFACE
PREFACE
In no event will Rockwell Automation be responsible or liable for indirect or consequential damages
resulting from the use or application of this equipment. The examples given in this manual are
included solely for illustrative purposes. Because of the many variables and requirements related to
any particular installation, Rockwell Automation does not assume responsibility or reliability for
actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, with respect to use of information, circuits,
equipment, or software described in this manual.
All trademarks are acknowledged.
DISCLAIMER
It is not intended that the information in this publication covers every possible detail about the
construction, operation, or maintenance of a control system installation. You should also refer to
your own local (or supplied) system safety manual, installation and operator/maintenance manuals.
REVISION AND UPDATING POLICY
This document is based on information available at the time of its publication. The document
contents are subject to change from time to time. The latest versions of the manuals are available at
the Rockwell Automation Literature Library under "Product Information" information "Critical
Process Control & Safety Systems".
TRUSTED RELEASE
This technical manual applies to Trusted Release: 3.6.1.
LATEST PRODUCT INFORMATION
For the latest information about this product review the Product Notifications and Technical Notes
issued by technical support. Product Notifications and product support are available at the Rockwell
Automation Support Centre at
http://rockwellautomation.custhelp.com
At the Search Knowledgebase tab select the option "By Product" then scroll down and select the
Trusted product.
Some of the Answer ID’s in the Knowledge Base require a TechConnect Support Contract. For more
information about TechConnect Support Contract Access Level and Features please click on the
following link:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/50871
This will get you to the login page where you must enter your login details.
Rockwell Automation Publication PD-T8311 Issue 15 i
PREFACE Trusted TMR Expander Interface
IMPORTANT A login is required to access the link. If you do not have an account then you can create one
using the "Sign Up" link at the top right of the web page.
DOCUMENTATION FEEDBACK
Your comments help us to write better user documentation. If you discover an error, or have a
suggestion on how to make this publication better, send your comment to our technical support
group at http://rockwellautomation.custhelp.com
ii Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface PREFACE
SCOPE
This manual specifies the maintenance requirements and describes the procedures to assist
troubleshooting and maintenance of a Trusted system.
WHO SHOULD USE THIS MANUAL
This manual is for plant maintenance personnel who are experienced in the operation and
maintenance of electronic equipment and are trained to work with safety systems.
SYMBOLS
In this manual we will use these notices to tell you about safety considerations.
SHOCK HAZARD: Identifies an electrical shock hazard. If a warning label is fitted, it
can be on or inside the equipment.
WARNING: Identifies information about practices or circumstances that can cause
an explosion in a hazardous environment, which can cause injury or death,
property damage or economic loss.
ATTENTION: Identifies information about practices or circumstances that can cause
injury or death.
CAUTION: Identifies information about practices or circumstances that can cause
property damage or economic loss.
BURN HAZARD: Identifies where a surface can reach dangerous temperatures. If a
warning label is fitted, it can be on or inside the equipment.
This symbol identifies items which must be thought about and put in place when
designing and assembling a Trusted controller for use in a Safety Instrumented
Function (SIF). It appears extensively in the Trusted Safety Manual.
IMPORTANT Identifies information that is critical for successful application and understanding of
the product.
NOTE Provides key information about the product or service.
TIP Tips give helpful information about using or setting up the equipment.
Rockwell Automation Publication PD-T8311 Issue 15 iii
PREFACE Trusted TMR Expander Interface
WARNINGS AND CAUTIONS
WARNING: EXPLOSION RISK
Do not connect or disconnect equipment while the circuit is live or unless the area is
known to be free of ignitable concentrations or equivalent
AVERTISSEMENT - RISQUE D’EXPLOSION
Ne pas connecter ou déconnecter l’équipement alors qu’il est sous tension, sauf si
l’environnement est exempt de concentrations inflammables ou équivalente
MAINTENANCE
Maintenance must be carried out only by qualified personnel. Failure to follow these
instructions may result in personal injury.
CAUTION: RADIO FREQUENCY INTERFERENCE
Most electronic equipment is influenced by Radio Frequency Interference. Caution
should be exercised with regard to the use of portable communications equipment
around such equipment. Signs should be posted in the vicinity of the equipment
cautioning against the use of portable communications equipment.
CAUTION:
The module PCBs contains static sensitive components. Static handling precautions
must be observed. DO NOT touch exposed connector pins or attempt to dismantle a
module.
iv Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface PREFACE
ISSUE RECORD
Issue Date Comments
9 Oct 05 Format
10 Nov 06 Specification
11 Dec 06 Cable distance
12 May 07 System INI
13 Oct 15 Rebranded and reformatted
14 Apr 16 Standardisation of Relative Humidity Range and Operating Temperature
Statements in the Specification Section
15 Apr 18 New look front panel. Reformatted and updated Specifications table.
Rockwell Automation Publication PD-T8311 Issue 15 v
PREFACE Trusted TMR Expander Interface
Page intentionally left blank
vi Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface Table of Contents
Table of Contents
1. Description ............................................................................................................. 3
1.1. Overview ..................................................................................................................................... 4
1.2. Power Distribution ...................................................................................................................... 4
2. Application ............................................................................................................. 5
2.1. Module Installation ..................................................................................................................... 5
2.2. Module Insertion and Removal................................................................................................... 5
2.2.1. Module Replacement .......................................................................................................... 6
2.3. Expander Bus Connection ........................................................................................................... 7
2.3.1. Cable Assembly Replacement ............................................................................................. 7
2.4. Trusted Module Polarisation/Keying .......................................................................................... 8
3. Operation ............................................................................................................... 9
3.1. Message Forwarding ................................................................................................................... 9
3.2. Control Signal Forwarding ........................................................................................................... 9
3.3. I/O Complex Equipment Definition T8311 ................................................................................ 10
3.3.1. Voltage Level Format......................................................................................................... 11
3.4. Module Information .................................................................................................................. 12
3.5. System Initialisation File............................................................................................................ 12
3.6. Expander Chassis IMB Connector (SK1) .................................................................................... 13
3.7. Expander Chassis Bus Connector (PL4) ..................................................................................... 14
4. Operation ............................................................................................................. 16
4.1. Operating Modes ...................................................................................................................... 16
4.1.1. Standby .............................................................................................................................. 16
4.1.2. Active ................................................................................................................................. 16
4.1.3. Expander Interface Module Active/Standby Control ........................................................ 16
4.2. Communication Busses ............................................................................................................. 17
4.2.1. Expander Bus ..................................................................................................................... 17
4.2.2. Inter-Module Bus............................................................................................................... 17
4.3. Front Panel ................................................................................................................................ 18
4.3.1. Healthy Indicator ............................................................................................................... 19
4.3.2. Active Indicator ................................................................................................................. 19
4.3.3. Standby Indicator .............................................................................................................. 19
5. Fault Finding and Maintenance.............................................................................. 20
5.1. PCBs and Connectors ................................................................................................................ 20
5.2. Troubleshooting ........................................................................................................................ 20
Rockwell Automation Publication PD-T8311 Issue 15 1
Table of Contents Trusted TMR Expander Interface
6. Specifications........................................................................................................ 22
2 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 1. Description
1. Description
Figure 1 Functional Block Diagram
Rockwell Automation Publication PD-T8311 Issue 15 3
1. Description Trusted TMR Expander Interface
1.1. Overview
The TMR Expander Interface is a fault tolerant design based on TMR architecture arranged
in a lock-step configuration. Figure 1 shows, in simplified terms, the basic structure of the
TMR Expander Interface.
The Module has three main fault containment regions (FCR A, B and C). Each of the main
FCRs contains interfaces to the Expander Bus and Inter-Module Bus (IMB), an active/standby
interface to the other TMR Expander Interface in the Chassis, control logic, communications
transceivers and power supplies.
Communication between the Module and the TMR Processor is via the IMB on the
Backplane of the Controller Chassis. The IMB provides fault tolerance and high bandwidth
communications between the Interface Modules and the TMR Processor. All transactions
are voted, localising faults to the IMB should they occur.
Communication between the Interface Module and the TMR Expander Processor in the
Expander Chassis is via the Expander Bus. The Expander Bus is triplicated, point-to-point
architecture. Each channel of the Expander Bus comprises separate command and response
media. Voting is provided at the Expander Bus Interface to ensure that cable faults are
tolerated, and the remainder of the Expander Processor operates in a fully triplicated mode,
even in case of cable faults occurring.
A fourth FCR (FCR D) provides the non-critical monitoring and display functions and is also
part of the inter-FCR Byzantine voting structure.
Isolation is provided between FCRs wherever interfaces are required, to ensure that faults
cannot propagate between them.
1.2. Power Distribution
The TMR Expander Interface Module derives its internal voltages from dual redundant
+24 Vdc power supplied via the module connector from the Trusted Controller Chassis
Backplane. Each FCR derives the required supplies independently.
4 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 2. Application
2. Application
2.1. Module Installation
CAUTION:
The Expander Interface Module must reside in one of the I/O slots within the
Controller Chassis. Modules must be configured as a pair in the System Configuration
Tool, in adjacent slots, and with the left hand slot an odd numbered slot. An even
numbered slot can only be configured as an Expander Interface Module if the
preceding odd numbered slot is already configured as an Expander Interface Module.
To provide redundancy the Modules can be installed in pairs, but can also be installed
singly, in either configured slot. If a single Module is installed the adjacent slot in the
configured pair must be empty. Expander Interface Modules must not be fitted in the
triple-width Main Chassis Processor slots as this may cause damage to the Modules.
The two Interface slots must be interconnected using the Expander Interface Adapter Unit
T8312.
The Expander Interface Modules are connected to the Expander Processor Modules by the
Expander Interface Hot Link Cable TC-301 via the Trusted Expander Interface Adapter Unit
T8312.
The connection to remote Expander Chassis is via the Trusted Fibre Optic Tx/Rx Unit using
the Expander Interface Adapter to Fibre Tx/Rx Unit (Remote Expanders) Cable TC-302.
2.2. Module Insertion and Removal
CAUTION:
The module contains static sensitive parts. Static handling precautions must be
observed. Specifically ensure that exposed connector pins are not touched. Under no
circumstances should the module housing be removed.
Before installation, visually inspect the module for damage. Ensure that the module housing
appears undamaged and inspect the I/O connector at the back of the module for bent pins.
If the module appears damaged or any pins are bent, do not install the module. Do not try
to straighten bent pins. Return the module for replacement.
Ensure that the module is of the correct type.
Record the module type, revision and serial number of the module before installation.
Rockwell Automation Publication PD-T8311 Issue 15 5
2. Application Trusted TMR Expander Interface
If the module is to reside in a new chassis, or the system is being configured for the first
time, ensure that the chassis address has been set correctly before installing the modules.
See Controller Chassis Product Description (PD-T8100) for further details.
To install the module:
1. Ensure that the cable assembly is correctly located.
2. Release the ejector tabs on the module using the release key. Ensure that the ejector
tabs are fully open.
3. Holding the ejectors, carefully insert the module into the intended slot.
4. Push the module fully home by pressing on the top and bottom of the module fascia.
5. Close the module ejectors, ensuring that they click into their locked position.
2.2.1. Module Replacement
The replacement module must be inserted in the vacant processor slot, ensuring that the
module is correctly located and the ejector tabs are closed (see 2.2). The newly installed
module will perform its power-up sequence.
Ensure that the Light Emitting Diode (LED) indicators on the newly installed module are as
follows:
LED 1 Healthy A Steady Green
LED 2 Healthy B Steady Green
LED 3 Healthy C Steady Green
If the original module has reported faults, the TMR Processor may automatically initiate the
changeover to the newly installed module. Manual changeover may be initiated either using
the ejector tabs on the original module or using commands via the diagnostic interface. To
initiate the changeover using the ejector tabs use the following sequence:
1. Release both the top and bottom ejector tabs on the original module using the
ejector release tool. DO NOT remove the module.
2. Wait until the original module indicates that it is in the standby mode of operation
and the newly installed module is in the active mode.
3. Remove the original module.
Note: Under no circumstances remove a module that is indicating ACTIVE mode. Removal of an Active Module
may result in Modules within the Chassis adopting their default (shutdown) state, and initiate shutdown states
via the application program.
6 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 2. Application
In Hot-standby configurations, with both Expander Interface Modules installed, the faulted
module may be either the active or the standby module. In most cases the system will
automatically switch to the healthiest module, therefore only the standby module will
require replacement. To replace the active module follow the steps described above. To
replace the standby module:
1. Release both the top and bottom ejectors tabs on the standby module using the
ejector release tool.
2. Ensure that the other module is indicating the active mode of operation.
3. Remove the standby module.
In Hot-standby configurations, the replacement module should then be installed in the
position where the previous module was removed. This module will become the standby
module.
2.3.Expander Bus Connection
Further details of the Expander Bus cable assembly are provided in the associated Product
Description (PD-TC300).
2.3.1. Cable Assembly Replacement
It is not intended that the cable should need replacement, however this may be achieved by
replacement of the complete cable assembly and requires that the system be shutdown. To
remove a cable:
1. Ensure that the correct chassis and slot positions are selected.
2. Ensure the associated chassis slots are not occupied by modules.
3. Press in the hood release button and slide the hood downwards.
4. Remove the hood from the chassis slot by sliding down and rearward.
To insert a new or replacement cable:
1. Ensure that the correct chassis and slot positions are selected.
2. Ensure that the associated chassis slots are not occupied by modules.
3. Present the connector to the chassis backplate slot, taking care to align the lugs of
the connector with the cut-outs of the slot.
4. Push the connector hood in and upwards into the slot until the latch engages with
the backplate lip.
5. Ensure that the connector hood is secure in its position.
Rockwell Automation Publication PD-T8311 Issue 15 7
2. Application Trusted TMR Expander Interface
Where it is critical to maintain system operation additional chassis may be installed and
on-line operation maintained by transferred control to modules within that chassis using the
I/O modules Smart Slot capability.
2.4. Trusted Module Polarisation/Keying
All Trusted Modules have been Keyed to prevent insertion into the wrong position within a
chassis. The polarisation comprises two parts: the module and the associated field cable.
Each module type has been keyed during manufacture. The organisation responsible for the
integration of the Trusted system must key the cable by removing the keying pieces from
the cable so that they correspond with the bungs fitted to the associated module prior to
fitting.
Cable Exit
Polarising/Keying
Pins. Trusted Smart Swap
Connector
(Remove using Cable hood if Fitted
side cutters where
identified below)
12
Release button
Figure 2 Module Polarisation
For Cables with Companion Slot installations both keying strips must be polarised.
For this Module (T8311) remove keying pins 1, 2, 6.
8 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 3. Operation
3. Operation
3.1. Message Forwarding
The primary function of the Expander is to provide a method of extending the IMB beyond a
single Processor Chassis. The active TMR Expander Interface Module receives messages
from the Processor Chassis IMB/backplane and forwards them to the Expander Bus when its
slot position is enabled. Similarly, the active TMR Expander Processor Module forwards all
messages received from the Expander Bus to the addressed Expander Chassis IMB.
For other command messages the response message received by the active Expander
Processor from the addressed Module is passed to the Expander Bus and hence to the TMR
Expander Interface Module. The active TMR Expander Interface Module then passes the
message to the Processor Chassis IMB, subject to the prevailing IMB control signals.
The messages received from the Controller Chassis IMB at the TMR Expander Interface
Module are re-synchronised and majority voted (Byzantine voted) before being passed to
the triplicated Expander Bus. Similarly, messages received by the TMR Expander Processor
Module from the Expander Chassis IMB are re-synchronised and majority voted before
onward transmission.
Messages received from the Expander Bus at both the TMR Expander Interface Module and
TMR Expander Processor Module are re-synchronised and majority voted before being
passed to the associated IMB.
Errors in messages are corrected, and therefore masked using this method. This, however,
makes it important that discrepancies in faults in these signals are detected and the
information made available for fault reporting purposes to avoid latent fault issues.
3.2. Control Signal Forwarding
The active TMR Expander Processor Module continually monitors and transmits the state of
the following signals:
• Power Failure Warning
• System Watchdog
• Command Response Control
All three signals are fully triplicated. These signals are distributed to all of the attached
Expander Busses. The TMR Expander Processor Modules forward the received state of these
signals to the Expander Chassis IMB. The direction of these signals is always from TMR
Processor to TMR Expander Interface to TMR Expander Processor to Interface (I/O) Module.
Rockwell Automation Publication PD-T8311 Issue 15 9
3. Operation Trusted TMR Expander Interface
As with the message forwarding, these signals are re-synchronised and majority voted, i.e.
Byzantine voted at the TMR Expander Interface and TMR Expander Processor Modules. The
signals are synchronous within the Expander Chassis even in the case of a fault within the
Processor Chassis.
3.3. I/O Complex Equipment Definition T8311
The Expander Interface requires no configuration to the Module itself.
Each Module fitted in a Trusted System requires an entry in the I/O Connection table,
specifying its chassis and slot number. The I/O Complex Equipment Definition allows control
of the Module’s functions, and provides information on its status. For information on editing
the I/O Connection table, refer to PD-T8082. The definition for this Module is described
below.
OEM PARAMETERS
OEM parameter Valid numbers Description
TICS_CHASSIS 1 This value is fixed (Expander Interface Modules may only be placed in
the Processor Chassis) and is included for consistency with other
Modules in the Trusted range.
TICS_SLOT 1 - 8 (Chassis 1) The Processor Chassis slot number in which the primary Expander
Interface Module is placed. By definition, this must be an odd
numbered slot. The secondary Module, if configured, resides in an
even numbered slot adjacent, and to the right of the primary.
CONFIGURATION
Physical Module:
RACK 1: [XIM_0] 16 ANALOGUE Channel 1: Not used
inputs Channel 2: 24 Vdc Feed 1 (always 0)
Channel 3: 24 Vdc Feed 2 (always 0)
Channel 4: Not used
Channel 5: Not used
Channel 6: Not used
Channel 7: Slice A Rx Error Count
Channel 8: Slice B Rx Error Count
Channel 9: Slice C Rx Error Count
Channels 10 to 16: Not used
10 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 3. Operation
RACK 2: (INFO) 11 INTEGER inputs Channel 1:Chassis position of AM
Channel 2:Slot position of AM
Channel 3:Indication of global health of AM
1 – No slice errors and module is responding
0 – Some error has been found
Channel 4:Current state of AM
Channel 5:Chassis position of SM
0 – No partner exists
Channel 6:Slot position of SM
0 – No partner exists
Channel 7:Indication of global health of SM
1 – No slice errors and module is responding
0 – Some error has been found
Channel 8:Current state of SM
Channel 9:Slice information of modules. See Note
Channel 10:Is AM the Primary Module
1 – Yes 0 – Not
Channel 11:Not used
APPENDIX:
Note: Bit 0 AM slice A:
1 - Slice is responding and there are no slice errors.
0 - Slice is either NOT responding or there is a slice error.
Bit 1 AM slice B:
1 - Slice is responding and there are no slice errors.
0 - Slice is either NOT responding or there is a slice error.
Bit 2 AM slice C:
1 - Slice is responding and there are no slice errors.
0 - Slice is either NOT responding or there is a slice error.
Bit 3 AM ejectors open:
1 - AM ejectors open.
0 - AM ejectors closed.
Bit 4 SM slice A:
1 - Slice is responding and there are no slice errors.
0 - Slice is either NOT responding or there is a slice error.
Bit 5 SM slice B:
1 - Slice is responding and there are no slice errors.
0 - Slice is either NOT responding or there is a slice error.
Bit 6 SM slice C:
1 - Slice is responding and there are no slice errors.
0 - Slice is either NOT responding or there is a slice error.
Bit 7 SM ejectors open:
1 – SM ejectors open.
0 - SM ejectors closed.
3.3.1. Voltage Level Format
The voltage level is reported as an integer, with the units being 1/512V. This may be used
directly, scaled arithmetically or scaled using the conversion tables.
When used directly the value may be considered as a fixed-point binary value, i.e.:
Rockwell Automation Publication PD-T8311 Issue 15 11
3. Operation Trusted TMR Expander Interface
Bit
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Sign Integer · Fractional
To scale the value arithmetically simply divide the returned ‘integer’ by 512 to return the
voltage as either a REAL or INTEGER as required.
The input conversion tables may be used to convert the input value to engineering units, in
this case voltage. This is the recommended method where the value is not to be used
directly. The full-scale range for this number format is decimal ±256, corresponding to
physical range –32768 to +32767.
3.4. Module Information
The following information is recorded by the TMR Expander Interface Module and made
available to the TMR Processor.
• Expander Bus link quality, including receive error counts for each communications
link and link status.
• Received message error, on a per link/FCR basis, including frame error, checksum
error and discrepancy.
• HIFT Clock, master and slave clock status, and master/slave switching.
• FCR watchdog status.
• Current active/standby status.
• IMB status information.
• Module type code and serial number.
• Module removed flap status.
3.5. System Initialisation File
This Module requires a simple entry in the System.INI configuration. Within this entry, the
System Configurator allows the connection of Expansion Chassis to each port on the
Expander Interface. There is no further configuration required. For details of editing the
system INI configuration, please refer to PD-T8082.
In the System.INI configuration, the Module should be defined in both the primary position
and the secondary (hot swap spare) position. This is required to enable the Module to be
hot swapped. The chassis allocation only needs to be set up in one of the positions; it will be
automatically copied to the other position.
12 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 3. Operation
3.6. Expander Chassis IMB Connector (SK1)
SK1 is a 185-way DIN41642 type connector.
CONNECTOR SK1 PIN-OUT
PIN E D C B A
2 CHASSIS_GND CHASSIS_GND CHASSIS_GND CHASSIS_GND CHASSIS_GND
4 IMB_+24V_RTN IMB_+24V_RTN IMB_+24V_RTN IMB_+24V_RTN IMB_+24V_RTN
6 IMB_+24V_1 IMB_+24V_1 IMB_+24V_1 IMB_+24V_1 IMB_+24V_1
8 IMB_+24V_2 IMB_+24V_2 IMB_+24V_2 IMB_+24V_2 IMB_+24V_2
10
11 IMBA_CMDN_RSP GND IMBA_IOM_SELN IMBA_INTLK_N IMBA_MN/X_ID
12 IMBA_D0 GND IMBA_D1 IMBA_SLOT0_ID
13 IMBA_D2 GND IMBA_D3 IMBA_SLOT1_ID
14 IMBA_D4 GND IMBA_D5 IMBA_SLOT2_ID
15 IMBA_D6 GND IMBA_D7 IMBA_SLOT3_ID
16 GND
17 IMBA_IOM_CK1 GND IMBA_SFTY_WDOG GND IMBA_+6.5V
18 IMBA_IOM_CK2 GND IMBA_PWR_FAIL GND IMBA_+6.5V
19
20 IMBB_CMDN_RSP GND IMBB_IOM_SELN IMBB_INTLK_N IMBB_MN/X_ID
21 IMBB_D0 GND IMBB_D1 IMBB_SLOT0_ID
22 IMBB_D2 GND IMBB_D3 IMBB_SLOT1_ID
23 IMBB_D4 GND IMBB_D5 IMBB_SLOT2_ID
24 IMBB_D6 GND IMBB_D7 IMBB_SLOT3_ID
25 GND
26 IMBB_IOM_CK1 GND IMBB_SFTY_WDOG GND IMBB_+6.5V
27 IMBB_IOM_CK2 GND IMBB_PWR_FAIL GND IMBB_+6.5V
28
29 IMBC_CMDN_RSP GND IMBC_IOM_SELN IMBC_INTLK_N IMBC_MN/X_ID
Rockwell Automation Publication PD-T8311 Issue 15 13
3. Operation Trusted TMR Expander Interface
CONNECTOR SK1 PIN-OUT
PIN E D C B A
30 IMBC_D0 GND IMBC_D1 IMBC_SLOT0_ID
31 IMBC_D2 GND IMBC_D3 IMBC_SLOT1_ID
32 IMBC_D4 GND IMBC_D5 IMBC_SLOT2_ID
33 IMBC_D6 GND IMBC_D7 IMBC_SLOT3_ID
34 GND
35 IMBC_IOM_CK1 GND IMBC_SFTY_WDOG GND IMBC_+6.5V
36 IMBC_IOM_CK2 GND IMBC_PWR_FAIL GND IMBC_+6.5V
37
38 CHASSIS_GND CHASSIS_GND CHASSIS_GND CHASSIS_GND CHASSIS_GND
Table 1 Chassis Connector (SK1) Pin-out
3.7. Expander Chassis Bus Connector (PL4)
PL4 is a 96-way DIN41612, C-type connector.
CONNECTOR PL4 PIN-OUT
Pin
A B C
1 TXA3+ TXA2+ TXA1+
2 TXA3- TXA2- TXA1-
3 TXA6+ TXA5+ TXA4+
4 TXA6- TXA5- TXA4-
5 RXA1+ LB_A_ACTN/STB_1 TXA7+
6 RXA1- LB_A_ACTN/STB_2 TXA7-
7 RXA4+ RXA3+ RXA2+
8 RXA4- RXA3- RXA2-
9 RXA7+ RXA6+ RXA5+
10 RXA7- RXA6- RXA5-
11 GND GND GND
14 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 3. Operation
CONNECTOR PL4 PIN-OUT
Pin
A B C
12 TXB3+ TXB2+ TXB1+
13 TXB3- TXB2- TXB1-
14 TXB6+ TXB5+ TXB4+
15 TXB6- TXB5- TXB4-
16 RXB1+ LB_B_ACTN/STB_1 TXB7+
17 RXB1- LB_B_ACTN/STB_2 TXB7-
18 RXB4+ RXB3+ RXB2+
19 RXB4- RXB3- RXB2-
20 RXB7+ RXB6+ RXB5+
21 RXB7- RXB6- RXB5-
22 GND GND GND
23 TXC3+ TXC2+ TXC1+
24 TXC3- TXC2- TXC1-
25 TXC6+ TXC5+ TXC4+
26 TXC6- TXC5- TXC4-
27 RXC1+ LB_C_ACTN/STB_1 TXC7+
28 RXC1- LB_C_ACTN/STB_2 TXC7-
29 RXC4+ RXC3+ RXC2+
30 RXC4- RXC3- RXC2-
31 RXC7+ RXC6+ RXC5+
32 RXC7- RXC6- RXC5-
Table 2 Chassis Bus Connector (PL4)
Rockwell Automation Publication PD-T8311 Issue 15 15
Trusted TMR Expander Interface 4. Operation
4. Operation
4.1. Operating Modes
4.1.1. Standby
Standby is the default mode of operation for the Module, once internal supply levels are
established. In this mode the Module may respond to command messages addressed to the
Module itself over the IMB. Communication between the Controller Chassis IMB and the
Expansion Chassis is inhibited.
4.1.2. Active
In the Active Mode, the Module is responsible for the forwarding of messages from the
Controller Chassis IMB to the Expander Bus, and response messages from the Expander Bus
to the Controller Chassis IMB. The Module also provides all of the functions available within
the Standby Mode of operation.
4.1.3. Expander Interface Module Active/Standby Control
The TMR Expander Interface Modules transition between Active and Standby Modes (and
vice-versa) is controlled by command messages generated by the TMR Processor. Interlocks
are incorporated within the TMR Expander Interface Module to ensure that both Modules
within an Active/Standby configuration cannot assume active Mode operation.
Where both Modules within a pair are installed, the TMR Processor determines which
Module should be Active depending on its condition. Where both Modules are healthy, the
Active Mode of operation defaults to the left-most Module.
Rockwell Automation Publication PD-T8311 Issue 15 16
Trusted TMR Expander Interface 4. Operation
4.2. Communication Busses
4.2.1. Expander Bus
Each TMR Expander Interface Module contains a Bus Interface, isolation components and
transceivers to the Expander Bus. The triplicated Expander Bus provides communication
interconnection between the TMR Processor Chassis and the Expander Chassis at a data
transfer rate of 1.5 Gbps via unshielded twisted pair (UTP) cables.
4.2.2. Inter-Module Bus
Each TMR Expander Interface Module FCR contains a Bus Interface to the Inter-Module Bus.
The triplicated Inter-Module Bus provides communication interconnection between
modules in the TMR Controller Chassis, at a data transfer rate of up to 12.5 Mbps.
The Inter-Module Bus handles the following triplicated signals:
Data - 8-bit, bi-directional bus.
Control - Bus clocks, module enables and bus direction control.
System Watchdog - System Watchdog signal to the I/O Modules.
Power Fail - System power fail warning to I/O Modules.
Slot - Indicating the left or right Trusted TMR Expander Processor
slot position to the Trusted TMR Processor.
Chassis ID - a 4-bit code indicating the chassis number or id.
Rockwell Automation Publication PD-T8311 Issue 15 17
4. Operation Trusted TMR Expander Interface
4.3. Front Panel
Figure 3 Module Front Panel
18 Issue 15 Rockwell Automation Publication PD-T8311
Trusted TMR Expander Interface 4. Operation
4.3.1. Healthy Indicator
Three LEDs, one for each of the three channels, indicating the overall health of each
channel:
LED 1 = Channel A
LED 2 = Channel B
LED 3 = Channel C
A steady green LED indicates a healthy module; a flashing red indicates a fault in the
corresponding channel.
4.3.2. Active Indicator
This LED is green when the module is in the Active Mode.
4.3.3. Standby Indicator
A steady green LED when the module is in the Standby Mode.
Rockwell Automation Publication PD-T8311 Issue 15 19
Trusted TMR Expander Interface 5. Fault Finding and Maintenance
5. Fault Finding and Maintenance
5.1. PCBs and Connectors
The TMR Expander Interface Module comprises a single printed circuit board (PCB) assembly
fitted with two connectors, one each for the Expander Chassis IMB (SK1) and Expander Bus
(PL4). These are detailed in 3.6 and 3.7 respectively.
5.2. Troubleshooting
Symptom Possible Cause Solution
All front panel Lack of power If all other modules within the chassis also show no indicators, check
indicators off the power distribution and connection to the chassis.
Front Panel interface Check if other modules within the chassis have LEDs illuminated.
(FCR D) failure Check if it is possible to communicate with other modules within the
chassis – using either the chassis board type (T8300) or the
diagnostic utility. If communications is possible and this is the only
Expander Processor installed, the failure is within FCRD and the
module should be replaced,
If another Expander Processor module is installed, check its status
indication. If the other module is indicating active mode, check if
communications with the potentially faulty module is possible (again
using either the Expander Chassis board or diagnostic utility). If
communications is possible, note the information returned as part of
the Expander Processor board and then initiate the module
replacement.
Single FCR indicator Single main FCR The module will continue to provide communications between the
flashing RED failure. expander bus and the modules within the chassis. However, the
module should be replaced as soon as practical.
Multiple FCR Multiple failure. This condition may be indicated briefly during module power-up, but
indicating flashing in other circumstances, this indicates a failure beyond the modules
RED fault tolerant capabilities.
If the failed module is not the active module, it should be removed
immediately. A replacement module should be installed as soon as
practical.
If the module was the active module, the system will attempt to
switch to the standby, if it is installed and if the failures do not occur
simultaneously.
Flashing standby Software detected This indicates that the TMR Processor has detected a fault within the
indicator fault module and has switched to the previously standby module. The
faulted module should be removed as soon as possible and a
replacement installed as soon as practical.
Rockwell Automation Publication PD-T8311 Issue 15 20
Trusted TMR Expander Interface 5. Fault Finding and Maintenance
Symptom Possible Cause Solution
Both active or LED failure This condition may be indicated briefly during module power-up.
standby LEDs OFF If another Expander Processor module is installed within the same
chassis, use its indicators to verify the active/standby mode of this
module. To avoid confusion it is recommended that this module be
replaced at some convenient time, initiating the active/standby
changeover to the other module if necessary.
All other modules TMR Processor not Verify the condition of the TMR processor and start the application
within the chassis running (faulted, or as necessary.
indicate standby application not
mode. started).
Expander Processor Verify the Expander Processor is faulty by checking the reported
Fault condition within the T8300 chassis board or the diagnostic utility. If
the module is shown not to be responding, replace the module
immediately.
Expander Bus Fault Verify that the fault is not the result of a failed Expander Processor
(see above).
Check that the Expander Bus is connected correctly at both the
Processor and Expander Chassis.
Check that the Expander Processor(s) are installed in the correct
slot(s).
Expander Processor Ensure a healthy Expander Processor module is installed in the
not installed. correct slot.
Minor BIU errors Interface Module The error counters for a single module will be incrementing. Check
counters Fault the values using the diagnostic utility. If the count exceeds a defined
incrementing limit, the system will attempt to indicate this fault by setting the
corresponding healthy LED on the module to red flashing.
Replace the faulty interface module.
Expander Processor The error counters for all the modules within the corresponding
Fault chassis will be incrementing. Check the values using the diagnostic
utility. If the count exceeds a defined limit, the system will attempt
to indicate this fault by setting the corresponding healthy LED on the
module to red flashing.
Replace the faulty Expander Processor module as soon as possible.
Table 3 Troubleshooting Guide
Rockwell Automation Publication PD-T8311 Issue 15 21
Trusted TMR Expander Interface 6. Specifications
6. Specifications
Backplane (IMB) Supply 20 Vdc to 32 Vdc
Field Supply N/A
Power Dissipation 54 W Backplane Supply
Module Location T8100 I/O Module Slot
Isolation 50 V Basic Insulation, Module to
Backplane Supply
Fusing Not User Serviceable
Expander Comms Max Distance
Using TC-301 copper cable 30 m
Using T8314 Fibre TX/RX Units 10 km
Operating Temperature 0 °C to +60°C (+32 °F to +140 °F)
Storage Temperature -25 °C to +70 °C (-13 °F to +158 °F)
Relative Humidity – Operating and Storage 10 % – 95 %, non-condensing
Environmental Specifications Refer to document 552517
Dimensions
