Follow-up of the Availability Modelling Workshop III

30-5-039 (CERN)



Third follow-up meeting of the Availability Modelling Workshop, held at CERN on the 7th July

Participants: A. Apollonio (chair), M. Blumenschein, A. Fernandez, S. Hurst, M. Jonker, O. Rey Orozco, R. Schmidt, B. Todd and J. Uythoven (chair)


Layout comparison of the SBDS5 vertical kicker 

(M. Blumenschein)

M. Blumenschein presented the reliability studies of the upgrade of the SPS Beam Dumping system. The horizontal kicker, whose function is to dilute the beam, will remain the same whereas the vertical kicker, which extracts the beam, will be reconfigured. Therefore, the reliability studies were focused on the different design options for the SPS beam dump vertical kicker.

The future vertical kicker configuration was presented. The magnets will have the same design. The most important changes will be done in the switches: the thyragnitron will be replaced by solid state switches. M. Blumenschein presented the layout possibilities for the main switch, triggering and retriggering systems.

The effect of the beam on the different vertical kicker failure modes considered in the fault tree analysis were shown. In Slide 7, the absorber block is represented in grey and the beam in colours. B. Todd suggested to keep the scale of the plots the same so the difference between failure modes are easier to compare. M. Jonker wondered why beam losses are not considered and M. Blumenschein highlighted that the studies are focused on the layout comparison. J. Uythoven mentioned that beam losses are matter of timing, depending on the retriggering, not on the layout.

The input values and the assumptions taken for the Fault Tree Analysis (FTA) were explained. The fault trees are modelled in Isograph.

M. Blumenschein showed the results obtained for each design, failure mode, layout and input data sets. M. Blumenschein explained that as Power Trigger Modules (PTMs) are added, also more erratic behavior is considered but less probability that a magnet does not trigger. M. Blumenschein highlighted that the most reliable layout depends not only the input data set considered, but on the layout of the system. The results show that the redundancy not always improves the availability of the system.

For the 1oo3 generators fault tree analysis, the layout with 2 Stacks and 1 PTM is proven to be the most reliable. The failure rates considered have minor impact on the results. J. Uythoven asked if still the layout with 2 Stacks and 2 PTM is been considered. M. Blumenschein explained that only 1 PTM is being considered and tested at the moment, even if more current is needed for one than for two PTMs.

For the 2003 generators faults tree analysis, the layout with 2 Stacks and 2 PTMs is proven to be the most reliable. As in the previous case, the failure rate variations do not change the pattern.

For the fault tree where false dumps failure mode is analyzed, it is assumed that all erratic are detected by FIDS (active retrigger system). In this case it is shown that the higher the number of potentially erratic components the higher the probability of false dumps.

Considering the three failure modes and layouts under study, M. Blumenschein concluded with the priorities for a better availability. Taking this into account the preferred configuration is two GTOs with one PTM per GTO.

The studies performed by M. Blumenschein will be published in a CERN note.



Risk Reduction Levels… (B. Todd)

The presentation given by B. Todd is explained in detail in the following paper:

B. Todd highlighted the importance of differentiating the terms safety and risk. When performing such a study, systems are built using a risk-based approach.

Regarding the risk matrix, M. Jonker showed concern about the fact of showing the risk in a colored table because people often guess the values. From his point of view it would be enough with a numerical assessment. B. Todd explained that the matrix is just for visualization and showed the risk assessment approach.

Regarding Slide 58, B. Todd explained that controls are not included in the analysis, only failure modes of the protection systems. M. Blumenschein asked if the Beam Dump is part of the protection systems. B. Todd explained that officially it is part of the protection system but not part of the safety system, even if some people do consider.


There are minutes attached to this event. Show them.