Control your emergency power system

System designers and operators must have a good understanding of the emergency power capability and how it is designed and configured to work.

By Komson (Mak) Wagner, PE, Stanley Consultants, Muscatine, Iowa January 1, 2009

View the full story, including all images and figures, in our monthly digital edition

Emergency power systems are vital, particularly in facilities where an interruption in power is unacceptable. From health care facilities to data centers to power plants, many facilities cannot tolerate a power loss for either economic or life safety reasons.

Factors such as severe weather, grid disturbances and line switching, or even the influence of animals can disturb or disrupt the normal supply source. Regardless of the cause of the disturbance, the emergency power system must supply continuous electrical service to facility critical loads during a power outage.

When the emergency power system fails to perform, it affects the facility’s ability to perform its functions or missions, which may result in financial loss, compromised security, and/or life safety issues, even if the outage is for a short period of time. Too often, facility owners are caught in a situation where the emergency generator fails to start. The emergency loads fail to transfer to an alternate power supply source, causing unnecessary shutdown and restart of equipment, or a failed attempt to preserve critical loads.

These events can be minimized if the system designer and facility operator have a good understanding of facility emergency load requirements, emergency power system configuration and design intent, level of redundancy, and the control strategy for emergency response and load restoration.

Integrated and coordinated control is essential to a reliable emergency power system.

System configuration

In the simplest terms, a typical emergency power system consists of a normal power supply source, an alternate power source, and the means to transfer the emergency loads from a normal power source to an alternate power source in the event the normal power supply source fails. Various levels of redundancy can be accomplished by adding multiple power sources, spare power supply and distribution capacity, and multiple paths for emergency load to connect to the alternate power supply sources. The determination of an emergency power system configuration and built-in level of redundancy depends on:

  • The reliability of the normal power supply source.

  • The sensitivity of emergency loads to normal power supply disturbance or disruption. Sensitive electronic equipment may require a connection through power conditioning and energy storage and/or devices such as battery or UPS systems.

  • Economic impact of complete power outage and investment available to address the issues.

  • In-house capability to operate and maintain an emergency power supply system.

Figure 1 shows the emergency power system as a radial, single power supply source with an emergency generator as an alternate source. This is the simplest system to operate and is easy for O&M staff to understand. It can be fully automated with a minimum level of control. This configuration has a low initial investment but is vulnerable to outages for faults and maintenance. If the normal utility source is lost, the entire system is lost for approximately 10 seconds until generators can be brought online. If the generator unit fails to start during an outage, then the emergency loads will be lost.

–Figure 1–
This emergency power system has a radial, single power supply source with an emergency power generator as an alternative source. Source: Stanley Consultants.

The key to a reliable emergency power system is to minimize single point of failure by having multiple sources, multiple paths, and multiple components configured in the simplest way possible. A more elaborate emergency power system is illustrated in Figure 2.

Level of redundancy

In Figure 2, the system has multiple levels of redundancy. It consists of multiple power supply sources connected to a split bus, primary switchgear with bus tie capability. Each side of the switchgear bus serves a facility service transformer for added capacity redundancy. The secondary service switchgear also is arranged in a split bus configuration with bus tie capability.

The emergency power supply system has multiple generating units to emergency backup power if both the normal and the alternate power supply sources fail. Both the utility switchgear and the emergency generator switchgear have paralleling capability. The system has the ability to switch between two utility sources via a source transfer scheme implemented by the medium voltage relay for the main and the tie circuit breakers. If both utility sources are lost, the essential electrical loads are supplied by the backup emergency generator system via automatic transfer switches.

–Figure 2–
This more complex system has multiple levels of redundancy. Source: Stanley Consultants.

For facilities with critical loads, the transformers should be sized such that each transformer peak loading is no more than 50% of its maximum rating to provide backup for one another. This is important if one transformer fails or needs maintenance.

Using the parallel source redundant configuration in the design of an emergency power system has several advantages, including increased reliability, flexibility, and ease of uninterruptible maintenance. The emergency loads are supplied by multiple power supply sources, multiple emergency generating units, and two separate supply circuits, which are connected to a multi-sourced switchgear bus. When properly designed and implemented, the loss of any single power supply source does not impact the continuous operation of the emergency loads.

Multiple generating units provide an uninterruptible maintenance capability. A generator unit can fail to start or be out of service for maintenance or repair, while other generator units, synchronized on the same bus, provide the needed backup power should an outage occur. Main service switchgear and the emergency switchgear can be scheduled for routine maintenance without disruption to the entire facility loads, and maintaining operation of the critical emergency loads. For improved reliability, the automatic transfer switches serving critical low-voltage emergency loads should have a maintenance bypass.

Because of these advantages, the parallel source redundant configuration has become one of the best choices for meeting today’s need for a reliable emergency power system. However, the reliability of the emergency power system also depends on a clear understanding of control strategies for system emergency response and recovery, system sequence of operation, and a successful implementation of the control strategies.

The designer and the emergency power system operator need a clear understanding of how the emergency power system and the critical loads will respond during an emergency, upon return to normal conditions, and during maintenance and testing.

Questions designers and operators might ask include:

  • How should the system react upon the loss of the normal power supply source?

  • What actions are automatic and what actions are manual, requiring operator interaction?

  • What is the required emergency system response time? Momentary power interruption may be acceptable for some emergency loads, but not others.

  • What is the minimum emergency power capacity requirement to serve the emergency loads, including critical motor starting?

  • How are the emergency loads segmented and connected to the power system?

  • Are load shedding and sequencing of emergency load pickup required to maintain continuous system operation without overloading the emergency generators?

  • What actions can the operator take when the emergency power system does not function as expected?

Control of generator and switchgear

The emergency power system does not instantaneously become available upon the loss of the normal power supply source. It takes some time to get the emergency generator system started. Starting requirements will vary depending on the application. Emergency generator sets can typically start to accept loads when they reach approximately 90% to 95% of rated frequency, at which point the breaker closure is initiated.

Emergency backup generators will operate with the engine governor set for isochronous control for load frequency control, which maintains the engine-generator at a constant speed with no governor droop, while not synchronized to the electrical power system. Should the backup generator units be required to operate in parallel with the main electrical grid, either for changeover or periodic testing purposes, then the governor will have to be switched to speed droop regulation mode.

Droop is when the governor compensates for speed with an increasing load but relies on other generation for frequency control. Speed is lowest at full load and highest at no load. Droop is expressed as a percentage of rated speed. A 2% to 3% droop is typical. Most modern solid-state governors can readily operate in either mode.

Whenever a load is applied to or removed from a generator set, the engine speed, voltage, and frequency will experience a transient condition or a temporary change from its steady-state condition. When a significant load is applied, the engine speed temporarily reduces, causing a momentary frequency. There is also a voltage dip until the emergency power system exciter compensates for the increased reactive power (var) demand. The degree of this dip depends on the power capacity and dynamic characteristics of the emergency engine generator set. When the emergency loads are removed, the engine speed increases momentarily, causing system overshoot before returning to its steady-state condition. The time required for the generator set to return to its normal steady-state speed is called recovery time (see Figure 3).

–Figure 3–
The time required for the generator set to return to its normal steady-statye speed is calley recovery time. Source: Stanley Consultants.

Typically, depending on equipment manufacturers, the maximum allowable voltage dip for the generator control system may be as low as 30%, and the maximum frequency dip is about 25%. Modern equipment restricts the electrical system voltage and frequency to a much tighter margin. Thus, the acceptable percent and duration of voltage and frequency dip, and type of load to be connected, are also important criteria that need to be considered for the design and control of the emergency power system.

The control of load pickup and removal becomes an important factor in maintaining emergency power supply system stability and power quality. Starting of certain load feeders may be inhibited when the online generators have insufficient capability. When the online generators have sufficient capability, load feeders may be automatically reclosed in a controlled manner after load shedding.

Avoid addition and removal of large blocks of emergency loads. If response time and load priority permit, the largest emergency load should be added first, followed by smaller emergency load blocks. Allow sufficient time delay in the sequencing of emergency load pickup and load shedding. Sensitive electronic equipment must be on UPS or other power-conditioning devices. Design engineers and facility owners may choose to employ a sophisticated emergency power system control, designed to stabilize critical power systems by monitoring frequency and power sources from utility plus generator capacity versus total circuit load.

Load priority setting

Load priority is a decision that the facility operator must make based on its impact to the emergency load supporting functions, considering load characteristics and emergency power system limitations. The facility operator has to decide which loads are critical and have priority for emergency power system loading.

The order of emergency generator units’ startup and shutdown is also important. If the same generator unit is always started first, it will accumulate hours and maintenance expenses at a higher rate than the remaining units. To make the operating hours among the units more uniform, the first unit to start can be designated as the first unit to shut down as the emergency loads are restored to normal power supply source. The emergency generator control system can monitor the remaining emergency load and generator capacity and control the unloading of the generator units for a smooth shutdown sequence.

Source transfer scheme

For emergency load equipment vital to the protection of life and safety, the automatic restoration of electrical power within a prescribed period is required. For example, hospitals are required to have life safety and critical branch loads restored to operation in a maximum of 10 seconds. Noncritical emergency loads and essential equipment loads such as HVAC and elevators, which can withstand momentary power outages, typically are set up for either delayed automatic or manual connection to an alternate power source. An outage to this equipment can exceed 10 seconds.

An automatic transfer scheme reduces load restoration time and removes the human factor from a high-pressure situation; however, the emergency power system tends to be more complex and difficult to troubleshoot when it does not operate properly. Manual operation provides the most flexibility, and the system is less complex. For manual operation, the emergency response is totally dependant on the operator, which means it may not be as reliable or responsive for the facility function requirements.

Methods for transferring emergency loads between the normal power supply source and the emergency power supply sources include: in-phase transition, delayed (or opened) transition, and closed transition.

In-phase transition is when the automatic transfer switch, equipped with an in-phase monitor, determines when to transfer the load from one source to another. The switch contacts operate in a “break-before-make” sequence.

For delayed or opened transition, the programmed or set delayed transition transfer switch completely disconnects the load from both sources for an adjustable period of time to allow regenerative voltage to decay to a safe level prior to connections to the new source. By allowing motor fields to decay, nuisance tripping breakers and load damage are prevented. Delayed transition transfer is recommended by the National Electrical Manufacturers Assn. (NEMA) MG-1.

A closed transition transfer is required in applications where loads are sensitive to momentary power interruptions. The switch contacts operate in a “make-before-break” sequence. This allows the seamless transfer of critical loads from one source to another by paralleling the two sources momentarily. The “make-before-break” operation is useful during testing of the engine generator under load and where a predetermined transfer to the generator is desired. Source paralleling duration is typically limited to less than 100 milliseconds (6 cycles). The closed transition operating mode requires that both power sources be synchronized in voltage, frequency, and phase angle within prescribed limits. Protective relaying is required to prevent paralleling of power sources out of synchronization. Protective relaying typically is not supplied with the standard transfer switch. The generator used with a closed transition transfer switch must be equipped with an isochronous governor.

System paralleling

An emergency power system with paralleling capability has tremendous advantages. The parallel capability allows for closed transition transfer, provides the ability to load test the emergency generator system without using load banks, and provides electrical peak shaving or demand management capability. To operate in parallel, the system voltage, frequency, and phase angle must be within prescribed limits. In other words, the generator units must be at the same speed and frequency, operate with the same frequency directional rotation, and produce almost exact sine waves. When paralleling sources, fault current contributions from parallel sources and protective relay protection requirements should be considered in the system design.

Author Information
Wagner is an associate chief electrical engineer and project manager at

System sequence of operation

The following is an example of a sequence of operation for a typical emergency power system.

1. Normal utility power supply source fails.

2. The automatic transfer switch (ATS) or normal power supply switchgear relay (loss of voltage/frequency sensing) sends a start signal to the generator control system.

3. Generators start and parallel to bus. Normal operating voltage and frequency are achieved.

4. ATS senses the availability of an alternate power source or receives a permissive transfer signal from the emergency generator control system to transfer to the alternate source side. Emergency loads are picked up sequentially by the emergency generator’s bus in accordance with load priority setting.

5. The generator control system optimizes the control of the generators, shutting off and starting generators as needed.

6. The generator control system also should have the capability to control load shed operation, sending signals to load breakers and/or ATS devices removing loads from the emergency system in accordance with load priority setting to prevent generator overloading. This requires fast control processing as well as direct control of load serving breakers.

7. Normal utility power supply source returns.

8. ATS transfers back to normal power supply source. The transfer can be either an open transition (momentary power interruption) or a momentary closed transition (no power interruption), depending on the emergency load requirements and the function and feature of the ATS installed.

9. Generators cool down and shut down.