Test the Solution – We carefully planned the FAT to verify secure microgrid power management system operation in normal operation for the design contingencies and under the variety of failure and equipment-outage scenarios identified earlier. Each individual device was power cycled under normal, non-fault conditions. Communication channels were interrupted and re-established. Online configuration changes were made (not recommended in normal practice).
During a power-cycle test, we learned that a particular protective relay power supply could continue to power the device processor and extend GOOSE message production until after the DC voltage wetting the breaker 52A input had decreased until the contact appeared open to the protective relay. The relay published a GOOSE message representing the apparent but erroneous breaker closed-to-open state-change just before shutting down, resulting in a system misoperation. We implemented and tested system design changes to prevent this form of misoperation.
Commission the Solution
Thorough acceptance testing of individual substation IEDs permits reduced on-site commissioning tests when those identical systems are installed in the field [5]. We took advantage of the level of detail contained in our system FAT to limit functional tests during the system installation outage to only those that could not be tested before installation. Commissioning tests emphasized validation of communication channels, input/output functionality, and end-to-end operation of operator controls and alarm points. Some limited testing overlap happens when using this approach, but that is better than leaving any area untested. Because the FAT environment was partial, we tested failure modes on every device during commissioning. The goal is to keep commissioning tests succinct, limiting expensive field testing time and reducing the length of the commissioning outage. These save costs all-around while still delivering a thoroughly tested system.
Prepare for Revisions
The RTDS-based FAT produced gigabytes of data of all sorts. System and device configuration files; oscillographic event records; data captures showing system I/O performance; wiring and connection diagrams; and photographs of systems under test are all carefully archived. When a system revision or plant addition becomes necessary, the test environment can be re-created for a small fraction of the original investment and new tests run. Regression testing to prove that modifications have not adversely impacted system performance is feasible. Test additions to validate new features or functions become practical extensions of the original test suite.
Conclusions
IEC 61850 GOOSE messaging permits a high degree of flexibility in implementing new functions using existing Ethernet-based control systems. In this case, because the plant Ethernet system existed and was originally designed for protection-grade performance, adding the equipment and signal paths for the power management system was substantially less expensive than it might have been otherwise.