Hardy history of reliability2

Download Report

Transcript Hardy history of reliability2

A BRIEF HISTORY OF
ACCELERATOR RELIABILITY
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
1
WHAT IS RELIABILITY ?
Military standard definition of reliability:
« The probability that an item will perform a required function
without failure under stated conditions for a stated period of time »
Note:
• A functional definition of failure is needed. For example, a failure means different
things to the user and to the person repairing the failure,
• The system's operating conditions must be specified (e.g. external temperature).
• A period of time is needed.
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
2
RELIABILITY: A MODERN CONCEPT, YOU SAID ?
« As concerns the gold ring set with an Emerald, we
guarantee that for 20 years the emerald will not fall out of
the gold ring. If the emerald should fall out of the gold ring
before the end of 20 years, we shall pay unto Bel-NadinShumu an indemnity of 10 mana of silver. »
Record found on a clay tablet in Egypt - 429. BC …
Source :
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
3
« The probability that an item will perform a required function
without failure under stated conditions for a stated period of time. »
When was the probability concept ‘born’ ?
1654: The Chevalier de Méré, a French nobleman, called Pascal's attention to an
apparent contradiction concerning a popular dice game.
• The game consisted in throwing a pair of dice 24 times,
• The problem was to decide whether or not to bet money on the occurrence of at least
one "double six" during the 24 throws. A well-established gambling rule led de Méré
to believe that betting on a double six in 24 throws would be profitable, but his own
calculations indicated just the opposite …
Then followed an exchange of letters between Pascal and Fermat in which the
fundamental principles of probability theory were formulated for the first time.
The Dutch scientist Christian Huygens learned of this correspondence and shortly
thereafter (in 1657) published the first book on probability; entitled De Ratiociniis
in Ludo Aleae, which was a treatise on problems associated with gambling
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
4
FIRST STEPS OF RELIABILITY THEORY
• Not formally used before World War I
• During and after World War I, reliability was just a measure of the
number of accidents the planes had per hour of flight time.
• 1920-1930: telephones and electron vacuum tubes grew in demand  need to make
them more economically and improve their reliability. These two new technologies
spurred early reliability studies.
• 1926: Walter Shewhart, Harold F. Dodge, and Harry G. Romig laid down the
theoretical basis for using statistical methods in quality control of industrial products,
founding the trial and error approach to reliability study
• Again, no formal use before World War II
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
5
FIRST RELIABILITY MODELS REALLY START WITH WORLD WAR II
The V-1 rocket: reliability of 1 success out of 11 attempts  reliability of 9.1%
The mathematician Robert Lusser analysed the missile
system and quickly derived the product probability of
series components making the first step into the
development of the Reliability Theory
for a series system:
Rs = R1 * R2 * * Rn
where Ri is the probability of
survival for 1 element
Robert Lusser
 A system with a large number of components like the V-1 will reach a low
reliability level even with very reliable components
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
6
FIRST RELIABILITY MODELS REALLY START WITH WORLD WAR II
For a series system: Rs = R1 * R2 * * Rn where Ri is the probability of survival for
1 element
Lusser’s studies resulted in Werner Von Braun’s redesign leading to the V-2 rocket.
The V-2 rocket used the principles of redundancy to enhance the rocket’s reliability.
As a result, the reliability of V2 rockets increased from 30 % from the first launch (8
september 1944) to 70 % (end of the war).
SUMMARY I:
• We are in 1944
• Reliability theory and first reliability principles emerge with rockets technology
What is the status of the Particle Accelerators at that time ?
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
7
A BRIEF HISTORY OF ACCELERATOR NON-RELIABILITY
1924: Ising: the
first Linac
model
1928: Wideröe: a
model based on
RF voltage
March 1936: the first
external cyclotron beam:
5.8 MeV deuterons
This is the race for accelerator physics principles…
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
8
A BRIEF HISTORY OF ACCELERATOR NON-RELIABILITY
1941: 184-inch cyclotron
(>100 MeV) for U235 /
U238 separation (Berkeley)
1947: proton Linac
built under supervision
of Alvarez
1959: CERN 24 GeV PS is
the highest energy
accelerator in the world
PS inauguration (1960)
The race to higher intensities, higher energies…
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
9
A BRIEF HISTORY OF ACCELERATOR NON-RELIABILITY
SUMMARY II:
• 1950’s : Particle accelerator technology is already well advanced
• Emergence of basic principles of reliability
• Until 50-60’s , reliability is not at all a concern for accelerator technology
THINGS WILL CHANGE IN THE 70’S
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
10
A BRIEF HISTORY OF ACCELERATOR RELIABILITY…
1968: First dedicated X-ray
source (bench test): Tantalus
(Wisconsin - USA)
1970: First beam line (Nina)
with Users on an X-ray
source: SRS Daresbury (UK)
( + PSI, TRIUMF)
1972: meson factories.
E.g.: Los Alamos
(LAMPF): 800-MeV beam
LAMP aerial view
One mention of ‘reliability’ in 17
pages (Particle Accelerators ©
Gordon and Breach,
1973, Vol. 4, pp. 211-227)
Rosen: « we need more particles per unit time
rather than more energy per particle ! »
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
11
A BRIEF HISTORY OF ACCELERATOR RELIABILITY…
MEDICAL APPLICATIONS
1956
 USERS NEED RELIABILITY AND AVAILABILITY !!
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
12
ACCELERATOR RELIABILITY NOWADAYS
With some examples, let’s get an idea of what we can reach today:
Institute
KEK storage Ring
2008
Scheduled
User time
[hours]
Delivered
time
[hours]
Storage Ring
availability
[%]
Fault/year
MTBF
[Hours]
Mean Time
to recover
[hours]
4344
4302
99.0 %
40
109
1.0
5000.1
4924.8
98.5 %
48
104
1.57
5606
5538
98.8 %
83
67.5
0.8
Australian
Light Source 2010
4859
4784
98.5 %
82
59.25
0.9
Swiss Light Source
2009
5007
4941.9
98.7 %
69
72.6
1
Advanced Photon
Source (APS) 2010
ESRF
(X-ray Light source)
2010
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
13
ACCELERATOR RELIABILITY NOWADAYS
From the previous graph, we can conclude that nowadays, with lot of efforts to
obtain high reliability, typical particle accelerators (running 208 days – 5000 hours /
year) have :
98 % < Availability < 99%
40 < Faults / year < 100
60 hours (2.5 days) < MTBF < 109 hours (4.5 days)
0.8 hour < Mean Time to Recover < 1.6 hours
i.e., on average, a typical X-ray source stops 1
hour every 3 days
Is it sufficient for the requirements of future accelerators?
DEFINITELY :
NO
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
14
Example: Accelerator Driven System (ADS) requirements
Reminder: What is an ADS ?
This is a sub-critical reactor driven by a proton accelerator.
The accelerator bombards
a target with high-energy
protons which produces a
very
intense
neutron
source
through
the
spallation process.
Basic accelerator
requirements: protons,
~ 1 GeV, ~ 10 mA
Cyclotron ? Linac ?
1 proton on the spallation target will release about 20
neutrons
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
15
Example: Accelerator Driven System (ADS) requirements
What is it used for ?
• Destroy heavy isotopes contained in the used fuel from a conventional nuclear
reactor, while at the same time producing electricity.
Why ? Because the long-lived transuranic elements in nuclear waste can
be fissioned, releasing energy in the process and leaving behind the
fission products which are shorter-lived. This would shorten
considerably the time for disposal of radioactive waste.
Why is this a promising technology ?
• Enhanced safety of ADS: once the accelerator is turned off, the system shuts down.
• If the margin to critical is sufficiently large, reactivity-induced transients can never
result in a super-critical accident with potentially severe consequences
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
16
Example: Accelerator Driven System (ADS) requirements
Why an ADS must be extremely reliable ?
A Nuclear Power Plant has a hard limit on the number of thermal cycles during its
lifetime, mainly due to thermal fatigue in the vessel and main instrumentation
 The beam trip requirements follow from thermomechanical
considerations of the spallation target and subcritical assembly and, for
power production applications, reliable electrical power delivery to the grid
 Thermal shocks (i.e., on / off cycles, i.e., unexpected trips) must be avoided
on critical parts (beam window, reactor vessel, inner barrel and turbine
system)
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
17
Example: Accelerator Driven System (ADS) requirements
Until now, the reliability goal of the accelerators was ‘we do the best we can’.
With ADS, the reliability is for the first time a CONSTRAINT (technical and
economical).
September 2010, following Monte Carlo simulations, there was a consensus
and Target Technology for Accelerator Driven Transmutation and Energy Production
about ADS reliability requirements H. AïtAccelerator
Abderrahimh, J. Galambosd, Y. Gohara, S. Hendersonc*, G. Lawrencee, T. McManamyd, A. C. Muellerg, S.
Nagaitsevc, J. Nolena, E. Pitchere*, R. Rimmerf, R. Sheffielde, M. Todosowb
Reminder: the best
statistics
(KEK)
are 40 faults / year
but … 1 hour to
recover, not 5
minutes !
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
18
Example: Accelerator Driven System (ADS) requirements
SUMMARY III:
• Nowadays accelerator reliability figures : 1-hour failure every 3 days (70/80
faults/year)
• First ADS prototypes could tolerate 50 failures / year, only stopping for a few
minutes!
• Industrial ADS can NOT tolerate more than 2/3 failures (> 5 mins) / year !
When preparing this talk, I read many papers about ADS and realised that :
• ADS community performs fascinating work to explore all ways to improve accelerator
reliability.
• Many references for ADS papers come from … Accelerator Reliability Workshops !
• ADS community is, like us …, dreaming of a centralised database about reliability of
accelerator equipment / components (topic for Friday !)
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
19
A CHAIN IS AS STRONG AS ITS WEAKEST LINK
Before the failure
FAILURE
After the failure: minimise time to repair
- Design optimization (margin, materials,
modelling, )
- Fault Diagnostics !
- Preventive Maintenance
- Experience from other Institutes
- Experts on standby 24 hours/day ready to
intervene
- Realistic Operation Schedule
- Operator training
- Redundance
- Fast interchangeability of components (<design …)
- Avoid human mistakes with automation
when necessary
- Rigorous Spare part Policy
- Repair procedures
- Avoid unnecessary interlocks (passive
sensors are sometimes sufficient)
The optimization of ALL the above points (and many more) is thoroughly considered
by the ADS community (as well as by others …).
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
20
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
Wed 16 Mar 08:00
Tue 15 Mar 08:00
Mon 14 Mar 08:00
Sun 13 Mar 08:00
Sat 12 Mar 08:00
Fri 11 Mar 08:00
Thu 10 Mar 08:00
Wed 09 Mar 08:00
Machine Dedicated Time
16 Bunch
Tue 08 Mar 08:00
Mon 07 Mar 08:00
Sun 06 Mar 08:00
Sat 05 Mar 08:00
Fri 04 Mar 08:00
Thu 03 Mar 08:00
Machine Dedicated Time & PSS Shift
7/8+1
Wed 02 Mar 08:00
Tue 01 Mar 08:00
Mon 28 Feb 08:00
Sun 27 Feb 08:00
Sat 26 Feb 08:00
Fri 25 Feb 08:00
Thu 24 Feb 08:00
107 refills !
Radiation Shift & Machine Dedicated Time
Uniform
Wed 23 Feb 08:00
Machine Dedicated Time
100
Tue 22 Feb 08:00
Mon 21 Feb 08:00
Sun 20 Feb 08:00
Sat 19 Feb 08:00
Fri 18 Feb 08:00
Thu 17 Feb 08:00
Wed 16 Feb 08:00
7/8+1
Tue 15 Feb 08:00
Mon 14 Feb 08:00
Sun 13 Feb 08:00
Sat 12 Feb 08:00
Fri 11 Feb 08:00
0
Thu 10 Feb 08:00
7/8+1
Machine Dedicated Time
50
Wed 09 Feb 08:00
Tue 08 Feb 08:00
Mon 07 Feb 08:00
Sun 06 Feb 08:00
Sat 05 Feb 08:00
Fri 04 Feb 08:00
ACCELERATOR RELIABILITY NOWADAYS : one example at the ESRF
250
795.5 hours (33.1 days) of delivery without a single failure
200
150
16 Bunch
21
CONCLUSIONS
• Accelerator reliability is no longer a wish but has become a constraint (ADS)
• Reliability is now considered at all stages of the accelerator’s life (from design to
maintenance in routine operation)
• A requirement of 2-3 trips > 5 mins per year is a goal for the next generation
• Exchanges and workshops are essential to explore all possibilities and take the best
from everyone: ARWs have an active role to play !
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
22
HOMEWORK FOR FRIDAY ! 
• Centralized information about accelerator reliability is missing and should be
discussed at this ARW (Friday)!
• Centralized
database
(what
should
it
contain
:https://sites.google.com/site/particleacceleratorreliability/Home
?)
• Accelerator reliability papers
• Statistics and records of present accelerators
• etc
http://reliability.forumotion.com/
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
23
I have some questions …
• In your lab (or company), was the rate of faults / year simulated and taken
into account for the design ?
• (For the Industrialists here: are you subject to penalties if you exceed a
certain number of failures / year ?)
• Homework for Friday  :
• Any ideas on how to build a centralized failure
database for accelerator sub-equipment /
components ?
• How would it be organised ?
• To which level of equipment should
it extend ?
• Where should it be hosted ?
•
Accelerator Reliability Workshop – Cape Town 2011
L. Hardy – ESRF Operation Group
24