Pressing On with Safety Networks
Similar discretely wired safety relays can finally be replaced by safety rated networks. Why did we abandon relay-based control but hold on so long to relay-based safety?
Posted: May 9, 2008
All metalforming process applications have one thing in common: cutting, milling, shearing, and bending are processes where tremendous forces and huge pressures are always present, resulting in potentially dangerous situations for operators. Consequently, a solid functional safety concept is an absolute must.
At the same time, the vibrations and shocks that are constantly present are challenging designers to engineer solutions that are not only safe (anything less than a CAT 4 is playing with fire in our litigious society) but offer the operational reliability and real-time diagnostics required to succeed in a brutally competitive business environment.
The solution that addresses these (on first sight) mutually exclusive requirements, has been available for a few years: safety networks. The fundamental idea behind networking safety devices is as simple as it is obvious: create a system where individual safe inputs (e-stops, light curtains, door interlock switches, or any other safety device) are not individually wired into a safety relay, but rather transmit their status over a network.
In hindsight this was an almost inevitable development. Relay controlled automation was superseded by PLC control and then enhanced by digital I/O network. Similar discretely wired safety relays can finally be replaced by safety rated networks. So why did we abandon relay based control but hold on to relay based safety?
One of the first questions experienced users of traditional safety solutions will ask is, "How can it be safe without redundant wiring?" Redundant wiring – we will only consider CAT 4 safety here – is necessary to address the information problem. Safe devices have only two operational states: released and safe. For example, an e-stop is in the released state when it is pulled out and in the safe state when pushed in.
In traditional hardwired safety installations the state of the safe device is transmitted over two sets of wires, giving the safety relay the ability to compare two pieces of information. A discrepancy between those pieces of information will cause the safety relay to drop out its safe contacts i.e., transitioning to the safe state. This path to redundant information does work, but it is highly inefficient, inflexible, and offers virtually no diagnostics.
Networked safety solutions address the information problem differently and result in efficient and decidedly more flexible solutions while offering detailed contact-level diagnostics. The data exchanged between the safe device and the safety controller – taking the place of the safety relay – is structured such that the recipient can reliably distinguish between correct and faulty messages; the redundancy is in the message!
How this is done depends on the implementation details of the particular safety network. Common methods include extended checksums, pre-negotiated message content and message duplication. The author is most familiar with AS-Interface and its safety implementation called Safety at Work (SaW).
With over 50,000 installed systems, it is the dominant technology. The idea behind SaW is as simple as it is ingenious. A safe input device is redundantly connected to a safe coupling module. The safe coupling module contains a unique code number called the safety sequence. As soon as the coupling module is connected to the network, it starts transmitting this code, four bits at a time, over the redundant contacts of the safe input and then couples them into the AS-Interface network (see Figure 1).
Two bits of each four-bit nibble are sent through one safe contact. This has the following effect:
? As long as both safe contacts are closed, each four-bit data packet is transmitted via the safe contacts to the net work, resulting in transmission of the full safety sequence after a number of data cycles.
? When the safe device is in the safe state (e-stop pushed, light curtain interrupted, door interlock switch opened) the safe contacts interrupt the transmission of the four-bit nibbles resulting in the safe coupling module sending a constant stream of 0000 packets.
? When one of the two safe contacts is in the released (closed) state and the other is in the safe (open) state, two of the four bits sent to the network are constantly zero. As a result, the safety sequence is violated.
The safety controller, called SafetyMonitor in an AS-Interface SaW system, listens to this data. This is also where the safe logic resides. Since all components are networked, defining a logical safe operation does not require moving wire but is quickly accomplished in software. An intuitive function-block based drag and drop interface allows users to create even complex safe logic. This reduction in wiring complexity makes zoned safety not just possible but simple. Where in the past it was common to shut down an entire machine, a more intelligent approach is possible using a SaW system.
Because the data sent by a safe coupling node includes information about the state of the individual safe contacts, the PLC logic can use this data to immediately determine the state of a safe input and annunciate it via HMI screens and pilot lights. When errors such as welded or sticky contacts occur, engineers finally have the ability to guide maintenance personnel directly to the problem.
Similarly, intermittent connections are easily found. It merely requires looking at the data from the safe module. In the past, this type of error was nearly undetectable and the best one could hope for was that the intermittent contact failed for good so that ohmmeters could be used.
Because an AS-Interface SaW system addresses the complexity and inflexibility of previously hardwired solutions, it gives engineers the ability to work smarter and solve the reliability problems caused by the harsh environment found on metal-working machines. At the same time, accountants like this sort of system for its ability to keep expensive capital equipment running longer, thus increasing productivity: an important component in keeping more work in the U.S. rather than sending it to low-wage countries.
North American manufacturing may not always be the cheapest, but it can strive to be the best. And when technologies like AS-Interface help in closing the price gape, the outlook can be much brighter.
Helge Hornis, PhD, is the manager of Intelligent Systems for Pepperl+Fuchs, Inc., 1600 Enterprise Parkway, Twinsburg, OH 44087, 330-486-0001, Fax: 330-425-4607,
[email protected], www.am.pepperl-fuchs.com.