Protecting standby generators for mission critical facilities
The generator and standby power systems for mission critical facilities require a higher level of reliability and availability.
- Know the power requirements for a mission critical facility.
- Understand how to protect mission critical facilities from disaster or power failure.
- Know the codes and standards that govern standby power in mission critical facilities.
How important are generators in a standby power system for a mission critical facility? When the lights go out and you find yourself counting the seconds until they come back on, that generator is the most important piece of equipment in the facility. During utility power outages, mission critical facilities rely on generators to keep the facility operating (see Figure 1). If the generator fails to start or if there is a fault in the standby power distribution system, that facility will eventually stop operating.
This is not an option for mission critical facilities. Whether for public safety, national security, or business continuity reasons, mission critical facilities must remain operational. The reliability of the generator and the standby power system is crucial to the continued operation of the facility. Therefore, it is important for design engineers and facility owners/operators to know what it means for a facility to be considered mission critical, as well as the differences between mission critical and emergency/legally required standby power systems. It is also important that they understand the requirements for the design, installation, operation, and maintenance of standby power systems for mission critical facilities.
What is mission critical?
By definition, a mission critical facility is essential to the survival of a business or organization. Mission critical facility operations are significantly affected when the power system fails or is interrupted. Important aspects of a mission critical facility power system are availability, reliability, and security. Availability is important because the power system must function when required—24 x 7. Reliability is important because the power system must not fail. If a failure occurs, the system must respond and recover quickly. Security is important because the power system must provide protection against an attack—either human or naturally caused.
Mission critical facilities can be divided into two categories: private and public safety. The private mission critical facility contains systems that must remain operational for business continuity reasons. The public safety facility contains systems that must remain operational to protect the safety of the public.
Private mission critical facilities
Private mission critical facilities include enterprise data centers, Internet companies, financial data centers, and financial trading. In these types of facilities, the levels of availability and reliability are dictated by the business case. What level of risk can be tolerated? How much downtime for maintenance is acceptable? The answers to these questions will define the degree of redundancy and protection against failures that are built into the standby power system. Tier classifications have been established to address these issues (see Data center tier classifications).
Tier 1 and Tier 2 facilities have higher risk tolerance. They usually have certain windows of opportunity for a shutdown to allow for maintenance and repair. These types of facilities typically have single distribution paths and do not require redundant components.
Tier 3 and Tier 4 facilities have a very low risk tolerance and can’t allow for any downtime for performing maintenance or repairs. These types of facilities require a high level of reliability and contain standby power systems with redundant (N+1, N+2, or 2N) generators—more than required to carry the full load. The redundant generator allows for one of the generators to be taken offline for maintenance or due to a failure of one of the generators without affecting the operation of the facility. Tier 3 and Tier 4 facilities usually contain UPS systems. During a power outage, the UPS provides ride-through power to the critical load until the generator starts and comes up to speed. Tier 3 and Tier 4 facilities also contain multiple paths for distributing standby power to allow for maintenance of any part of the system and to avoid any single points of failure that can shut down part or all of the facility.
Examples of typical generator and standby power distribution system configurations used in Tier 3 and Tier 4 data centers include:
N+1 generators and paralleling switchgear: In this design, the N+1
generators are paralleled onto a common bus (see Figure 2). Standby power is then distributed from that common bus to the load in multiple paths. This system configuration is less complex than other systems and can be a cost-effective solution. However, it does create a potential single point of failure on the standby distribution system. Often, the common bus is divided into two sections to prevent a fault on one section from taking down the entire standby power system. This system also allows load sharing without requiring the purchase of additional generators.
N+1 isolated redundant generators: In this design, there is a dedicated generator assigned to each power module (load block). The plus-one additional generator is isolated and can be used to back up any one of the primary generators (see Figure 3). This configuration eliminates any common point of failure, but it does add a certain level of complexity to the standby power system.
2N dedicated redundant generators: In this design, there are two dedicated generators assigned to each power module (load block). Each one backs up its associated generator and is capable of serving the entire power module load (see Figure 4). This configuration eliminates any common point of failure and makes the standby power system less complex. However, it does have a higher cost.
Public safety mission critical facilities
Public safety mission critical facilities include police and fire stations, emergency management centers, emergency call centers, hospitals, government facilities involved with national security, and financial facilities involved with national economic security. In these types of facilities, the levels of availability and reliability are required to protect the public safety, public health, and national security.
Unlike the private facilities where the attributes of the system are defined by the business itself, the attributes of public safety facilities are defined by codes. In 2008, the National Electrical Code (NEC) added Article 708: Critical Operations Power System (COPS) to address security issues for mission critical facilities. The article provides requirements for the installation, operation, control, and maintenance of electrical equipment for designated critical operation areas that must remain operational during a natural- or human-caused disaster. The following requirements are included in NEC Article 708 to ensure the operation of the standby power system:
- Provide an alternate power supply.
- Alternate power supply shall have on-site fuel capacity to operate for 72 hr.
- The generator cannot depend on public utility gas for fuel.
- Redundant equipment or, at minimum, the means to connect roll-up equipment is required.
- Equipment must be located above the 100-yr flood plain.
- Commissioning must be documented.
- There must be a documented maintenance plan.
Unlike private facilities, these code requirements can’t be relaxed because they are vital to keeping standby power systems and facilities operational.
NEC generator classifications
Whether it is a standby power system for emergency life safety, legally required, or mission critical, the goal is for the standby power system to provide power when there is a loss of utility power. However, each classification has different requirements.
Emergency systems (NEC Article 700): Emergency systems are those required and designated to be “emergency systems” by any governmental agency having jurisdiction. They are intended to automatically supply illumination and power to designated areas and equipment essential to safety of human life. Emergency systems are generally installed in places where illumination is required for safe exiting and for panic control in large buildings. Emergency systems may also provide power to functions such as ventilation, fire detection and alarms, elevators, and fire pumps. Generators used to supply power for an emergency system are required to start automatically upon failure of the normal service and be available for load within 10 sec. A minimum of 2 hr of on-site fuel storage is also required.
Legally required standby systems (NEC Article 701): Legally required standby systems are those required and designated to be “legally required” by any governmental agency having jurisdiction. They are intended to automatically supply select loads (other than emergency systems) in the event of failure of the normal source. Legally required standby systems are generally installed to serve loads such as heating, refrigeration, ventilation, smoke removal, sewage disposal, and industrial processes that could create a hazard or hamper fire-fighting operations. Generators used to supply power for a legally required standby system are required to start automatically upon failure of the normal service and be available for load within 60 sec.
Legally required standby also requires a minimum of 2 hr of on-site fuel storage.
The NEC requires that generators used for emergency and legally required systems shall not depend solely on a public source (gas line) for their fuel supply. However, the exception states, “where acceptable to the authority having jurisdiction, the use of other than on-site fuels shall be permitted where there is low probability of a simultaneous failure of both the off-site fuel delivery system and power from the outside electrical utility company.”
Optional standby systems (NEC Article 702): Optional standby systems are those systems intended to supply select loads where life safety does not depend on the performance. Optional standby systems are generally installed to provide an alternate source of power for facilities such as industrial buildings, commercial buildings, and farms, and to serve loads such as heating and refrigeration systems that, when stopped during a power outage, could cause discomfort or damage to the product or process. Generators used to supply power for optional standby systems are not required to start automatically. However, they can be started manually. Optional standby systems have no time limitations and no on-site fuel storage requirements.
Emergency and legally required standby systems are generally designed to safely evacuate people and prevent hazards by keeping portions of the system operating for a period of time. Standby systems for a mission critical facility are designed to keep the entire facility operating for the extent of the outage.
Table 1 provides additional differences between generators used for emergency/legally required systems and those used for mission critical facilities. Please note that these are observations and not requirements. Heath care facilities are special and can fall into both categories depending on the type of care they provide. Generators used for heath care facilities do have additional requirements, which are stipulated in NEC Article 517.
Standby, prime vs. continuous
Generator rating must also be considered when designing standby power systems for mission critical facilities. The International Organization for Standardization (ISO 8528-1 standard) generator ratings are:
Emergency/standby: Emergency/standby rating is the maximum power for which an engine-generator is capable of delivering for up to 200 hr/yr. The allowable average power output over a 24-hr period is limited to 70% of the nameplate rating.
Prime: Prime rating is the maximum power for which an engine-generator is capable of delivering continuously with a variable load for an unlimited number of hours. The allowable average power output over a 24-hr run period is limited to 70% of the prime rating.
Continuous: Continuous rating is the maximum power for which an engine-generator is capable of delivering continuously for a constant load for an unlimited number of hours. Typically, continuous rating is used for exporting power to a utility.
An additional key difference between standby and prime is that the prime rating does allow for a 10% overload and the standby rating has no overload allowance. Because of power output and run time limitations, emergency/standby-rated generators are not generally used for mission critical (Tier 3 and Tier 4) type applications. When sizing and specifying the generators for mission critical facilities, engineers must evaluate the expected load profile of the facility, the number of redundant units operating, and the expectancy of the system to operate for longer than 24 hr.
Many generator manufacturers have recently developed their own rating (mission critical standby or data center continuous), which basically falls between the ISO standby and prime ratings to correlate with the operation of data centers. Although the rating definitions vary among manufacturers, the result is an increased average power output and an increased limitation on the run hours. These ratings generally do not change the generator size or cost, but they may affect the system warranty.
The U.S. Environmental Protection Agency (EPA) regulates emissions from diesel powered equipment based on engine horsepower rating. The generator ratings range from Tier 1 to Tier 4 (different from the ANSI/TIA 942 Tier ratings). Since 2011, most nonemergency diesel generators have been required to comply with Tier 4 requirements, which include some type of aftertreatment, such as selective catalytic reduction and particulate filters.
The EPA does allow an exemption to the Tier 4 requirements if the diesel generators are used only for emergency applications such as during the loss of utility power. This exemption also allows the generator to be operated for up to 100 hr/yr for maintenance and exercise. The 100 hr/yr limit is an important number for mission critical facilities because those types of facilities tend to test and exercise the generators more often to ensure they will operate when called upon. In addition, if the engine generator is used to support the load when normal power is present (peak shaving, load curtailment, or storm avoidance), it is not exempt and must comply with the appropriate Tier requirements.
Testing and maintenance
Because facilities depend on generators and standby power systems to keep operating, all generator systems should be fully tested and commissioned before they are put into service. For mission critical facilities, testing and commissioning involves a five-step process:
- Level 1—design review: Design plans are evaluated to confirm they meet the intended operation
- Level 2—factory acceptance testing: Key pieces of equipment are powered up and tested at the factory to ensure that they perform according to specified parameters
- Level 3—installation inspection and verification: Equipment is inspected and verified on site
- Level 4—component testing: Individual components and systems are tested to verify operation
- Level 5—integrated systems testing: The complete system is tested with all components operating.
Some of the tests performed on generators during factory and component testing include load steps, transient response, and heat runs (see Figure 5).
Another important aspect of ensuring standby power system operation is implementing a preventive maintenance program. The National Electrical Testing Association recommends generator maintenance testing every 12 mo. Generator systems that require maintenance include lubrication, fuel, exhaust, cooling, and electrical/control systems. Additional standby power system maintenance recommendations include:
- Keep an inventory of spare parts
- Properly train all operators
- Exercise the generator regularly
- Load test the generator
- Analyze lube and fuel oil periodically
- Arrange for annual or semiannual manufacturer checks/service.
During Hurricane Sandy, many mission critical facilities in the Northeast relied on their standby power systems for multiple days to keep their facilities operating. Some of the lessons learned involve generator location, fuel supply, and, filter changes.
Generator location: Locate generators and other standby power distribution equipment above the flood plain. In general, standby systems can’t keep the facility operating if they are under water. Therefore, make sure the generators and any distribution equipment are located above the flood plain to ensure they will operate when required. During Hurricane Sandy, some areas did see flooding above the 100 yr flood level, so consider locating the standby power equipment above the 500 or even the 1,000-yr flood level.
Fuel supply: Maintain an adequate supply of on-site fuel storage. Although the water subsided in about a day, the debris and damage caused by the hurricane made it difficult to deliver fuel—even for those facilities that had contracted emergency deliveries. On average, it was about three days before facilities could get fuel deliveries. A minimum of 72 hr of fuel storage is required by NEC Article 708 for critical operation of power supply systems.
Changing filters: Provide means to change filters while operating. In addition to the difficulty of getting fuel delivered, the fuel that was delivered was often contaminated with water and debris. During the extended power outage caused by Hurricane Sandy, the demand for fuel was very high. Fuel delivery companies were delivering everything they had, which meant sometimes getting fuel that was less than desirable (bottom of the tank). Many facility operators said that they were replacing filters every couple of hours to keep the system from clogging. Recommend installing a dual-header fuel filter system with a transfer valve that allows filter replacement while the engine is running. In addition, consider adding a fuel polishing system to clean the fuel before it gets to the generator.
The goal of the generator and standby power system is to provide power when there is a loss of utility power. Mission critical facilities are required to remain operational under all conditions. The generator and standby power systems for mission critical facilities require a higher level of reliability and availability.
Kenneth Kutsmeda is an engineering design principal at Jacobs Engineering in Philadelphia. For more than 18 years, he has been responsible for engineering, designing, and commissioning power distribution systems for mission critical facilities. His project experience includes data centers, specialized research and development buildings, and large-scale technology facilities containing medium-voltage distribution.
Standby power system codes and standards references
- NFPA 110: Standard for Emergency and Standby Power Systems
- NFPA 101: Life Safety Code
- NFPA 70: National Electrical Code, Article 517: Health Care Facilities, Article 700: Emergency Systems, Article 701: Legally Required Standby Systems, Article 702: Optional Standby Systems, and Article 708: Critical Operations Power Systems
- IEEE Standard 446-1995: IEEE Recommended Practice for Emergency and Standby Power Systems for Industrial and Commercial Applications
- ANSI/NETA MTS-2011: NETA Standard for Maintenance Testing Specifications for Electrical Power Equipment and Systems.