.png){kind=logo}
Fail-safe operation (with Hybrid EMS)
Last modified:
To exercise adequate control, the blue'Log relies on several factors such as external setpoints, measured values, etc. In case of an error – for example, communication with the grid operator is interrupted – some values are no longer available, and the blue'Log will enter predefined, or fail-safe operation.
When does the blue'Log go into fail-safe operation?
The blue'Log will enter fail-safe operation when one of the following errors is detected:
Error on the interface for setpoint transmission or method switch command
Error on the interface for required measured values/error on the interface to the power analyzer/meter (only if the meter is configured and part of power control, e.g. closed loop, characteristic curve, etc.)
Error on the interface for correction value transmission/error on the interface to inverters (only if Inverter failure detection is activated)
The possible errors on the interfaces are depicted below:
Possible errors on interfaces
The error behavior can be defined separately for active and reactive power control.
Error behavior: active power control
What is the error behavior?
The behavior in the event of an error can be configured as follows:
Default setpoint: a fixed fallback value can be configured
Hold last setpoint
The last valid setpoint is maintained
If no valid setpoint is available the system fallback value is used (see What is the system fallback value?).
Automatic grid disconnection: the system will be disconnected from the grid and the setpoint is changed to 0 % and processed open-loop. This is only possible with the Automatic grid disconnection license.
Depending on the failing interface the behavior is as follows:
Error on interface | Battery | PV |
|---|---|---|
Setpoint interface | Setpoint control as defined in Behaviour in event of error | Setpoint control as defined in Behaviour in event of error |
Meter interface | Setpoint = 0% (open-loop) | Setpoint control as defined in Behaviour in event of error (open-loop)* |
Inverter interface | Setpoint = 0% (open-loop) | Setpoint control as defined in Behaviour in event of error (open-loop)* |
*If the selected mode does not have a setpoint value (e.g. PV-self consumption) the value to be controlled at is 0 %.
The blue'Log will only go into fail-safe operation if a predefined waiting time (default 60s) has elapsed since the fault occurred. During the waiting time, the blue'Log tries to use the previous valid measurements and the valid setpoint, if available. If no setpoint was initially transmitted, the blue'Log waits until the waiting time has elapsed, and uses the system fallback value (see What is the system fallback value). In this case, no correction values are calculated and transmitted until the waiting time has elapsed or a valid setpoint is received.
What is the system fallback value?
The system fallback value only applies if the controller enters an undefined state. This can only happen if Hold last setpoint is selected as the fallback value and no setpoint and/or method has been transmitted before the waiting time has elapsed. This will only happen if the blue’Log has rebooted or power control has been activated via the user interface.
The blue’Log uses a system fallback value if:
An external setpoint source has been selected as a method – for example P(modbus), P(DI), P(AI)) – and no valid setpoint has been received
The method switch is enabled but no valid signal has been sent to the data logger, and no default method is configured. Note: default methods are only an option with a method switch via digital input.
Automatic grid disconnection
The Automatic grid disconnection blue’Log XC license must be separately acquired for this feature. Once triggered, a digital output command is sent to e.g. a backup disconnection device. The digital output signal can be triggered in the following ways:
The signal is triggered because the system is in fail-safe operation
Activate Automatic grid disconnection
Configure Automatic grid disconnection in Behaviour in event of error
The signal is triggered once a certain power threshold is exceeded
Activate Automatic grid disconnection
Activate Grid disconnection dependent on power levels and configure the switching threshold and delay
User interface
Fail-safe operation
Error behavior: reactive power control
The error behavior for reactive power control is similar to the behavior of active power control. The same options as for active power control can be set. Exception: the Automatic grid disconnection feature.
Error behavior of blue'Log XM slave
In a master-slave setup (see https://help-center.meteocontrol.com/blue-log-xm-xc/latest/operating-data-without-hems#id-(v9)Operatingdata(withoutHEMS)-master-slave-modeMaster-slavemode ), the blue'Log XC master sends the configured fallback settings (Behaviour in event of error, waiting time) cyclically to the blue'Log XM slave. If a communication failure between the master and slave occurs, the slave adopts the fallback settings and acts accordingly.
Please note that the blue’Log XM Slave is not a controller and thus simply forwards the resulting fallback values to the inverters without having a feedback loop.
Example 1:
Behaviour in event of error: Hold last setpoint
Waiting time: 60 s
After a loss of communication occurs the blue'Log XM slave waits for 60 seconds and then continues to send the last value it received to the inverters.
Example 2:
Behaviour in event of error: Default setpoint = 50%
Waiting time: 60s
After a loss of communication occurs the blue'Log XM slave waits for 60 seconds and then switches to the configured default value of 50% that is being sent to the inverters.