Protecting standby generators for mission critical facilities
The generator and standby power systems for mission critical facilities require a higher level of reliability and availability.
- Know the power requirements for a mission critical facility.
- Understand how to protect mission critical facilities from disaster or power failure.
- Know the codes and standards that govern standby power in mission critical facilities.
How important are generators in a standby power system for a mission critical facility? When the lights go out and you find yourself counting the seconds until they come back on, that generator is the most important piece of equipment in the facility. During utility power outages, mission critical facilities rely on generators to keep the facility operating (see Figure 1). If the generator fails to start or if there is a fault in the standby power distribution system, that facility will eventually stop operating.
This is not an option for mission critical facilities. Whether for public safety, national security, or business continuity reasons, mission critical facilities must remain operational. The reliability of the generator and the standby power system is crucial to the continued operation of the facility. Therefore, it is important for design engineers and facility owners/operators to know what it means for a facility to be considered mission critical, as well as the differences between mission critical and emergency/legally required standby power systems. It is also important that they understand the requirements for the design, installation, operation, and maintenance of standby power systems for mission critical facilities.
What is mission critical?
By definition, a mission critical facility is essential to the survival of a business or organization. Mission critical facility operations are significantly affected when the power system fails or is interrupted. Important aspects of a mission critical facility power system are availability, reliability, and security. Availability is important because the power system must function when required—24 x 7. Reliability is important because the power system must not fail. If a failure occurs, the system must respond and recover quickly. Security is important because the power system must provide protection against an attack—either human or naturally caused.
Mission critical facilities can be divided into two categories: private and public safety. The private mission critical facility contains systems that must remain operational for business continuity reasons. The public safety facility contains systems that must remain operational to protect the safety of the public.
Private mission critical facilities
Private mission critical facilities include enterprise data centers, Internet companies, financial data centers, and financial trading. In these types of facilities, the levels of availability and reliability are dictated by the business case. What level of risk can be tolerated? How much downtime for maintenance is acceptable? The answers to these questions will define the degree of redundancy and protection against failures that are built into the standby power system. Tier classifications have been established to address these issues (see Data center tier classifications).
Tier 1 and Tier 2 facilities have higher risk tolerance. They usually have certain windows of opportunity for a shutdown to allow for maintenance and repair. These types of facilities typically have single distribution paths and do not require redundant components.
Tier 3 and Tier 4 facilities have a very low risk tolerance and can’t allow for any downtime for performing maintenance or repairs. These types of facilities require a high level of reliability and contain standby power systems with redundant (N+1, N+2, or 2N) generators—more than required to carry the full load. The redundant generator allows for one of the generators to be taken offline for maintenance or due to a failure of one of the generators without affecting the operation of the facility. Tier 3 and Tier 4 facilities usually contain UPS systems. During a power outage, the UPS provides ride-through power to the critical load until the generator starts and comes up to speed. Tier 3 and Tier 4 facilities also contain multiple paths for distributing standby power to allow for maintenance of any part of the system and to avoid any single points of failure that can shut down part or all of the facility.
Examples of typical generator and standby power distribution system configurations used in Tier 3 and Tier 4 data centers include:
N+1 generators and paralleling switchgear: In this design, the N+1
generators are paralleled onto a common bus (see Figure 2). Standby power is then distributed from that common bus to the load in multiple paths. This system configuration is less complex than other systems and can be a cost-effective solution. However, it does create a potential single point of failure on the standby distribution system. Often, the common bus is divided into two sections to prevent a fault on one section from taking down the entire standby power system. This system also allows load sharing without requiring the purchase of additional generators.
N+1 isolated redundant generators: In this design, there is a dedicated generator assigned to each power module (load block). The plus-one additional generator is isolated and can be used to back up any one of the primary generators (see Figure 3). This configuration eliminates any common point of failure, but it does add a certain level of complexity to the standby power system.
2N dedicated redundant generators: In this design, there are two dedicated generators assigned to each power module (load block). Each one backs up its associated generator and is capable of serving the entire power module load (see Figure 4). This configuration eliminates any common point of failure and makes the standby power system less complex. However, it does have a higher cost.
Public safety mission critical facilities
Public safety mission critical facilities include police and fire stations, emergency management centers, emergency call centers, hospitals, government facilities involved with national security, and financial facilities involved with national economic security. In these types of facilities, the levels of availability and reliability are required to protect the public safety, public health, and national security.
Unlike the private facilities where the attributes of the system are defined by the business itself, the attributes of public safety facilities are defined by codes. In 2008, the National Electrical Code (NEC) added Article 708: Critical Operations Power System (COPS) to address security issues for mission critical facilities. The article provides requirements for the installation, operation, control, and maintenance of electrical equipment for designated critical operation areas that must remain operational during a natural- or human-caused disaster. The following requirements are included in NEC Article 708 to ensure the operation of the standby power system:
- Provide an alternate power supply.
- Alternate power supply shall have on-site fuel capacity to operate for 72 hr.
- The generator cannot depend on public utility gas for fuel.
- Redundant equipment or, at minimum, the means to connect roll-up equipment is required.
- Equipment must be located above the 100-yr flood plain.
- Commissioning must be documented.
- There must be a documented maintenance plan.
Unlike private facilities, these code requirements can’t be relaxed because they are vital to keeping standby power systems and facilities operational.
NEC generator classifications
Whether it is a standby power system for emergency life safety, legally required, or mission critical, the goal is for the standby power system to provide power when there is a loss of utility power. However, each classification has different requirements.
Emergency systems (NEC Article 700): Emergency systems are those required and designated to be “emergency systems” by any governmental agency having jurisdiction. They are intended to automatically supply illumination and power to designated areas and equipment essential to safety of human life. Emergency systems are generally installed in places where illumination is required for safe exiting and for panic control in large buildings. Emergency systems may also provide power to functions such as ventilation, fire detection and alarms, elevators, and fire pumps. Generators used to supply power for an emergency system are required to start automatically upon failure of the normal service and be available for load within 10 sec. A minimum of 2 hr of on-site fuel storage is also required.
Legally required standby systems (NEC Article 701): Legally required standby systems are those required and designated to be “legally required” by any governmental agency having jurisdiction. They are intended to automatically supply select loads (other than emergency systems) in the event of failure of the normal source. Legally required standby systems are generally installed to serve loads such as heating, refrigeration, ventilation, smoke removal, sewage disposal, and industrial processes that could create a hazard or hamper fire-fighting operations. Generators used to supply power for a legally required standby system are required to start automatically upon failure of the normal service and be available for load within 60 sec.
Legally required standby also requires a minimum of 2 hr of on-site fuel storage.
The NEC requires that generators used for emergency and legally required systems shall not depend solely on a public source (gas line) for their fuel supply. However, the exception states, “where acceptable to the authority having jurisdiction, the use of other than on-site fuels shall be permitted where there is low probability of a simultaneous failure of both the off-site fuel delivery system and power from the outside electrical utility company.”
Optional standby systems (NEC Article 702): Optional standby systems are those systems intended to supply select loads where life safety does not depend on the performance. Optional standby systems are generally installed to provide an alternate source of power for facilities such as industrial buildings, commercial buildings, and farms, and to serve loads such as heating and refrigeration systems that, when stopped during a power outage, could cause discomfort or damage to the product or process. Generators used to supply power for optional standby systems are not required to start automatically. However, they can be started manually. Optional standby systems have no time limitations and no on-site fuel storage requirements.
Emergency and legally required standby systems are generally designed to safely evacuate people and prevent hazards by keeping portions of the system operating for a period of time. Standby systems for a mission critical facility are designed to keep the entire facility operating for the extent of the outage.
Table 1 provides additional differences between generators used for emergency/legally required systems and those used for mission critical facilities. Please note that these are observations and not requirements. Heath care facilities are special and can fall into both categories depending on the type of care they provide. Generators used for heath care facilities do have additional requirements, which are stipulated in NEC Article 517.