MOVIAXIS® Multi-Axis Servo Inverter – Functional Safety ... · MOVIAXIS® Multi-Axis Servo...

Drive Technology \ Drive Automation \ System Integration \ Services

Manual

MOVIAXIS® Multi-Axis Servo InverterFunctional Safety

Edition 06/2009 16747216 / EN

SEW-EURODRIVE—Driving the world

Manual – Functional Safety for MOVIAXIS® MX 3

1 General Notes......................................................................................................... 41.1 About this manual .......................................................................................... 41.2 Structure of the safety notes .......................................................................... 41.3 Right to claim under warranty ........................................................................ 51.4 Exclusion of liability ........................................................................................ 51.5 Copyright notice ............................................................................................. 51.6 Content of this publication.............................................................................. 51.7 Other applicable documentation .................................................................... 5

2 Integrated Safety Technology............................................................................... 62.1 Safe condition ................................................................................................ 62.2 Safety concept ............................................................................................... 6

2.2.1 Safety inputs ....................................................................................... 72.3 Safety functions ............................................................................................. 82.4 Limitations...................................................................................................... 9

3 Safety Conditions................................................................................................. 103.1 General information ..................................................................................... 103.2 Approved devices ........................................................................................ 113.3 Installation requirements ............................................................................ 133.4 Requirements for an external safety controller ............................................ 163.5 Startup requirements ................................................................................... 173.6 Operation requirements ............................................................................... 17

4 Connection Variants ............................................................................................ 184.1 General information ..................................................................................... 184.2 Requirements............................................................................................... 204.3 Disconnection of single drives...................................................................... 21

4.3.1 STO according to PL d (EN ISO 13849-1) ........................................ 214.3.2 SS1 according to PL d (EN ISO 13849-1) ........................................ 234.3.3 STO according to PL e (EN ISO 13849-1) ........................................ 254.3.4 SS1 according to PL e (EN ISO 13849-1) ........................................ 27

4.4 Group disconnection .................................................................................... 294.4.1 Requirements ................................................................................... 294.4.2 Group disconnection with safety relay .............................................. 304.4.3 STO according to PL d (EN ISO 13849-1) ........................................ 314.4.4 STO according to PL e (EN ISO 13849-1) ........................................ 33

5 Technical Data...................................................................................................... 35

4 Manual – Functional Safety for MOVIAXIS® MX

1 About this manualGeneral Notes

1 General Notes1.1 About this manual

The manual is part of the product and contains important information about installation,startup, operation and service. The manual is written for everyone installing, starting upor servicing this product.The manual must be accessible and legible. Make sure that persons responsible for thesystem and its operation, as well as persons who work independently on the unit, haveread through the manual carefully and understood it. If you are unclear about any of theinformation in this documentation, or if you require further information, contact SEW-EURODRIVE.

1.2 Structure of the safety notesThe safety notes in these operating instructions are designed as follows:

Pictogram SIGNAL WORDType and source of danger.Possible consequence(s) if disregarded.• Measure(s) to prevent the danger.

Pictogram Signal word Meaning Consequences if disregarded

Example:

General danger

Specific danger,e.g. electric shock

DANGER Imminent danger Severe or fatal injuries

WARNING Possible dangerous situation Severe or fatal injuries

CAUTION Possible dangerous situation Minor injuries

STOP Possible damage to property Damage to the drive system or its environ-ment

INFORMA-TION

Useful information or tip.Simplifies the handling of the drive system.


1Right to claim under warrantyGeneral Notes

1.3 Right to claim under warrantyA requirement of fault-free operation and fulfillment of any rights to claim under limitedwarranty is that you adhere to the information in the MOVIAXIS® documentation. There-fore, read the operating instructions before you start working with the unit.Make sure that the documentation is available to persons responsible for the system andits operation as well as to persons who work independently on the unit. You must alsoensure that the documentation is legible.

1.4 Exclusion of liabilityYou must comply with the information contained in the MOVIAXIS® documentation toensure safe operation of MOVIAXIS® and to achieve the specified product characteris-tics and performance requirements. SEW-EURODRIVE assumes no liability for injury topersons or damage to equipment or property resulting from non-observance of theseoperating instructions. In such cases, any liability for defects is excluded.

1.5 Copyright notice© 2009 - SEW-EURODRIVE. All rights reserved.Unauthorized reproduction, copying, distribution or any other use of the whole or anypart of this documentation is strictly prohibited.

1.6 Content of this publicationThis publication contains conditions and amendments related to safety-oriented appli-cations.

1.7 Other applicable documentationThis document supplements the MOVIAXIS® operating instructions and limits the appli-cation notes according to the following information. The present publication may only be used in conjunction with the MOVIAXIS® operat-ing instructions.

INFORMATIONCompare the data in the status line of the nameplate with the information in section "Ap-proved devices". page 11.


2 Safe conditionIntegrated Safety Technology

2 Integrated Safety TechnologyThe MOVIAXIS® safety technology described below has been developed and tested inaccordance with the following safety requirements:• Category 3 or 4 according to EN 954-1,• Performance level d or e according to EN ISO 13849-1,• SIL3 according to IEC 61800-5-2,• Use in type III safety devices for injection molding machines according to EN 201,• Fail-safe protection against restart according to EN 1037.This was certified by TÜV Nord. Copies of the TÜV certificate and the corresponding re-port are available from SEW-EURODRIVE on request.

2.1 Safe conditionFor safety-relevant operation of MOVIAXIS®, Safe Torque Off is defined as safe condi-tion (see STO safety function). This is the basis for the underlying safety concept.

2.2 Safety concept• MOVIAXIS® is characterized by the connection options via a 24 V control voltage

(X7, X8) to a higher-level safety control system, a safety relay. Internal relays and anelectronic logic disconnect all active elements that generate the pulse trains to thepower output stage (IGBT) when the DC 24 V control voltage is disconnected.

• Concept for category 3 according to EN 954-1 and performance level d accord-ing to EN ISO 13849-1: One internal relay (tested according to EN 50205 with pos-itively-driven contact set) and an electronic logic ensure that the supply voltages re-quired for operating the servo inverter and consequently for generating a rotatingfield or pulse patterns (which allow the generation of a torque) are safely interrupted,preventing automatic restart.

• Concept for protection type III according to EN 201, category 4 according toEN 954-1, performance level e according to EN ISO 13849-1 and SIL3 accord-ing to IEC 61800-5-2: Two internal relays (tested according to EN 50205 with posi-tively-driven contact set) ensure that the supply voltages required for operating theservo inverter and consequently for generating a rotating field or pulse patterns(which allow the generation of a torque) are safely interrupted, preventing automaticrestart.

• The circuit state has to be transmitted by the respective relay via an NC contact to ahigher-level control system for evaluation.

• Instead of separating the drive galvanically from the power supply using contactorsor switches, the disconnection procedure described here prevents the power semi-conductors in the servo inverter from being activated, thus ensuring safe disconnec-tion. This process disconnects the torque for the respective motor. The individual mo-tor cannot develop any torque in this state even though the line voltage is still pres-ent.


2Safety conceptIntegrated Safety Technology

2.2.1 Safety inputsThe following figure shows the internal connection of the safety inputs for compliancewith• Category 3 according to EN 954-1 or• Performance level d according to EN ISO 13849-1.

The following figure shows the internal connection of the safety inputs for compliancewith• Category 4 according to EN 954-1,• Performance level e according to EN ISO 13849-1,• SIL3 according to IEC 61800-5-2,• Protection type III according to EN 201.

60139aenFigure 1: Schematic representation of the safety input

Safety relay 1

Interface

higher-level controller

1

2

3

4

X7

MXA axis module

Computer

60140aenFigure 2: Schematic representation of the safety inputs

Interfacehigher-level controller

Safety relay 2

Safety relay 1

Interfacehigher-level controller

1

2

3

4

1

2

3

4

X8

X7

MXA axis module


2 Safety functionsIntegrated Safety Technology

2.3 Safety functionsThe following drive-related safety functions can be used:

• Safe Torque Off (STO) = Safe Torque Off according to IEC 61800-5-2 via disconnection of the safety-relat-ed 24 V supplyIf the STO function is activated, the frequency inverter no longer supplies power tothe motor for generating torque. This safety function corresponds to an uncontrolledstop according to EN 60204-1, stop category 0.The safety-related 24 V power supply must be switched off by a suitable externalsafety controller or a suitable external safety relay.The following figures applies to the safe torque off STO:

V Velocity

t Time

t1 Point of time at which STO is triggered

Normal operation

Switch-off range


2LimitationsIntegrated Safety Technology

• Safe Stop 1 (SS1(c))= Safe Stop 1, function variant c according to IEC 61800-5-2 via suitable externalcontrol (e.g. safety relay with delayed disconnection)The following procedure must be observed for this safety function:– Deceleration of the drive via an appropriate brake ramp specified via setpoints– Disconnect the safety-related 24 V power supply (= triggering the STO function)

after a specified safety-relevant time delay.The following figure illustrates the disconnection according to SSI:

This safety function corresponds to the controlled stop according to EN 60204-1, stopcategory 1.

2.4 Limitations• Caution: When using the SS1(c) function as described above, the brake ramp of the

drive is not monitored with respect to safety. In case of a fault, the drive might not bedecelerated after the delay time, or it might be accelerated in the worst case. In thiscase, the STO function (see above) is only activated after the set time delay haspassed. You have to take the resulting danger into account when you perform therisk analysis for the plant/machine, and you have to provide for suitable precaution-ary measures if required.

• Caution: A system/machine-specific risk analysis must be carried out through thesystem/machine manufacturer and taken into account for the use of the drive systemwith MOVIAXIS®.

• Important: The safety concept is only suitable for performing mechanical workon system/machine components.

• Danger of fatal injury: If the 24 V supply voltage is disconnected, the mains supplyvoltage is still present at the frequency inverter DC link.

• Important: If work is carried out on the electrical section of the drive system,the supply voltage must be disconnected using an external maintenanceswitch.

V Velocity

t Time

t1 Point of time when the motor deceleration is triggered

t2 Point of time when STO is triggered

∆t Application-specific delay

Normal operation

Range of the safety function

Range of the disconnection


3 General informationSafety Conditions

3 Safety Conditions3.1 General information

The safety functions of MOVIAXIS® can only be used for safe operation of the sys-tem/machine if they are integrated correctly in an application-specific, higher-level safe-ty function or safety system. It is essential that the system/machine manufacturer con-ducts a system/machine-specific risk analysis according to EN ISO 14121 and validatesthe required safety conditions and functions prior to startup. The system/machine man-ufacturer and the operator are responsible for compliance of the system/machine withapplicable safety regulations.The following requirements are mandatory when installing and operating MOVIAXIS® insafety-relevant applications.The conditions are divided into the following sections:• Permitted unit combinations and connection variants,• Installation requirements,• Requirements regarding external safety controllers/safety relays,• Startup requirements,• Operation requirements.


3Approved devicesSafety Conditions

3.2 Approved devicesThe following MOVIAXIS® axis modules are permitted for safety-relevant applications:

Devices with a safety relayThe following axis modules meet category 3 to EN 954-1 or performance level d toEN ISO 13849-1 if the safety guidelines (conditions) are observed:

Devices with a safety relayObserving the safety regulations (conditions), the following axis modules comply withprotection type III according to EN 201, category 4 according to EN 954-1, performancelevel d according to EN ISO 13849-1 or SIL3 according to IEC 61800-5-2:

Unit designation Nominal current [A] Size

MXA81A-002-503-00 MXA81A-004-503-00MXA81A-008-503-00

248

1

MXA81A-012-503-00MXA81A-016-503-00

1216 2

MXA81A-024-503-00MXA81A-032-503-00

2432 3

MXA81A-048-503-00 48 4

MXA81A-064-503-00 64 5

MXA81A-100-503-00 100 6

Unit designation Nominal current [A] Size

MXA82A-012-503-00MXA82A-016-503-00

1216 2

MXA82A-024-503-00MXA82A-032-503-00

2432 3

MXA82A-048-503-00 48 4

MXA82A-064-503-00 64 5

MXA82A-100-503-00 100 6


3 Approved devicesSafety Conditions

Status line on the nameplateThe following data must be entered in the status line on the nameplate of theMOVIAXIS® axis modules:

MXA81A.. with a safety relay

• Firmware status: 2X and higher [2],• "Safe technology" option: 11 and higher [3],• Board Support Package: 12 and higher [4],The following figure explains the status line of the nameplate.

MXA82A.. with two safety relays

• Firmware status: 2X and higher [2],• "Safe technology" option: 10 and higher [3],• Programmed control electronics: 10 and higher [4],The following figure explains the status line of the nameplate.

64706axxFigure 3: Status line of the nameplate

[1] Status line [3] "Safe technology" option: 11 and higher

[2] Firmware status: 2X and higher [4] Board Support Package: 12 and higher,

[1]

[1]

[2] [3]

[2] [3]

21

21

[4]

12

12

[4]

64707axxFigure 4: Status line of the nameplate

[1] Status line [3] "Safe technology" option: 10 and higher

[2] Firmware status: 2X and higher, [4] Programmed control electronics: 10 and higher

[1]

[1]

[2] [3]

[2] [3]

21

21

[4]

MXA82A

12

[4]

12


3Installation requirementsSafety Conditions

3.3 Installation requirements • Safety-related control cables are all cables between safety control system (or safety-

related tripping devices) and MOVIAXIS® terminals X7/X8.• Power lines and safety-related control lines have to be installed in separate cables.• The line length between the safety control system and MOVIAXIS® may not exceed

25 m.Wire technology must comply with EN 60204-1.

• The safety-relevant control lines must be routed according to EMC guidelines and asfollows:– Outside an electrical installation space, shielded cables must be routed perma-

nently (fixed) and protected against external damage or other equivalent mea-sures.

– Individual conductors can be routed inside an electrical installation space.Observe the respective regulations governing the application.

• Make sure that parasitic voltages cannot be generated in the safety-oriented controllines.

• Observe the values specified for safety components when designing the safety cir-cuits.

• Observe the notes in the MOVIAXIS® operating instructions on EMC compliant ca-bling.

• Only use voltage sources with safe disconnection (SELV/PELV) in accordance withVDE 0100. In case of a single fault, the voltage between the outputs or between anyoutput and grounded parts may not exceed DC 60 V.

• Observe the technical data of MOVIAXIS®.


3 Installation requirementsSafety Conditions

Wiring instructions for category 3 according to EN 954-1, performance level d according to EN ISO 13849-1

The following figure shows the connection of the safety-related control cables for• Category 3 according to EN 954-1 • Performance level d according to EN ISO 13849-1.

• If the safety-related control voltage is disconnected at the positive pole only, youhave to route the wires for the control voltage and the wires for the feedback in sep-arate cables.

• If the safety-related control voltage is disconnected at both poles, you may route thewires for the control voltage and the wires for the feedback in one cable if both polesare able to detect a cross fault and disconnect accordingly.

In both cases it is important that the safety-oriented control voltage must be shieldedoutside the installation space.

60141aenFigure 5: Safety-related control cables

[1] Free-wheeling diode (optional), refer to section 'Technical Data' on page 35

1

2

3

4

X7

MOVIAXIS®

Relay1, safety-related control voltage + 24V

Relay1, safety-related feedback

Relay1, safety-related feedback

Relay1, safety-related control voltage GND

Saf

ety-

rela

ted

disc

onne

ctin

g de

vice

24V

Feedbackevaluation

[1]


3Installation requirementsSafety Conditions

Wiring instructions for protection type III according to EN 201, category 4 according to EN 954-1, per-formance level e according to EN ISO 13849-1, SIL3 according to IEC 61800-5-2

The following figure shows the connection of the safety-related control cables for• Protection type III according to EN 201. • Category 4 according to EN 954-1,• Performance level e according to EN ISO 13849-1, • SIL3 according to IEC 61800-5-2,

The wires for the safety-related control voltage and the wires for the safety-related feed-back may be routed in the same cable.The safety-related control voltage must be shielded outside the installation space.

60142aenFigure 6: Safety-related control cables

[1] Free-wheeling diode (optional), refer to section 'Technical Data' on page 35

1

2

3

4

X7

MOVIAXIS®

Relay 1, safety-related control voltage + 24V

Relay 1, safety-related feedback


Relay 1, safety-related control voltage GND

Safe

ty-re

late

d di

scon

nect

ing

devi

ce

24V

Feedbackevaluation

1

2

3

4

X8

Relay 2, safety-related control voltage + 24V



Relay 2, safety-related control voltage GND24V

Feedbackevaluation

[1]

[1]


3 Requirements for an external safety controllerSafety Conditions

3.4 Requirements for an external safety controllerA safety switching device can be used as an alternative to a safety controller. The fol-lowing requirements apply analogously.• In order meet the requirements for a certain safety level, there must be at least one

approval for the controller according to the following table. The disconnection of thesafety-related control voltage must be designed for the same safety level.

• The feedback on the switching condition of the relays for fault detection must be eval-uated according to the requirements.

• For option 1 safety relay and disconnection at positive pole only there must be notest pulses in disconnected state.

• For option 2 safety relay and disconnection at positive pole only there must be notest pulses on both channels simultaneously in disconnected state.

• The values specified for the controller must be adhered to when designing the circuit.• The switching capacity of the control must correspond at least to the maximum per-

mitted limited output current of the DC 24 V voltage supply. Observe the controllermanufacturer’s instructions concerning the permitted contact rating and re-quired fusing for safety relays. Unless specified otherwise, the contacts mustbe protected with 0.6 times the nominal value of the maximum contact ratingspecified by the manufacturer.

• To ensure protection against unintended restart according to EN 1037, the safetycontrollers must be designed and connected in such a way that resetting the controldevice alone does not lead to a restart. A restart may only be carried out after an ad-ditional reset of the controller.

• If a fault cannot be acknowledged, you have to de-energize the device.• The wiring of the safety controller must be suitable for the required safety class, see

manufacturer documentation.

Application Demands on the controller

Category 3 according to EN 954-1• Category 3 according to EN 954-1• Performance level d according to EN ISO 13849-1.• SIL2 according to IEC 61508

Category 4 according to EN 954-1• Category 4 according to EN 954-1• Performance level e according to EN ISO 13849-1.• SIL3 according to IEC 61508

Performance level d according to EN ISO 13849-1.

• Performance level d according to EN ISO 13849-1 or• SIL2 according to EN 61508

Performance level e according to EN ISO 13849-1.

• Performance level e according to EN ISO 13849-1 or • SIL3 according to IEC 61508

SIL3 according to IEC 62061 • Performance level e according to EN ISO 13849-1 or • SIL3 according to IEC 61508

Protection type III according to EN 201.

• Protection type III according to EN 201.


3Startup requirementsSafety Conditions

3.5 Startup requirements• Startup must be documented and the functionality of the safety functions must be

demonstrated. Observe the limitations for the safety functions of MOVIAXIS® in sec-tion 'Limitations' for the verification of the safety functions (page 9). Non-safety-rele-vant parts and components that affect the result of the verification test (e.g. motorbrake) must be deactivated, if necessary.

• For the implementation of MOVIAXIS® in safety-relevant applications, you must per-form and record startup checks for the disconnecting device and correct wiring.

• During the startup procedure/function test, perform a measurement in order to checkthe correct assignment of the respective voltage supply (X7,X8).

• The function test must be carried out in succession for all potentials, i.e. separately.

3.6 Operation requirements• Operation is only allowed within the limits specified in the data sheets. This principle

applies to the external safety controller as well as MOVIAXIS®.• The safety functions must be checked at regular intervals to ensure that they work

properly. The the test intervals should be specified in accordance with the risk anal-ysis.


4 General informationConnection Variants

4 Connection Variants4.1 General information

Generally, all the connection variants listed in this documentation are permitted for safe-ty-relevant applications as long as the basic safety concept is fulfilled. This means youhave to make sure that the DC 24 V safety inputs are operated by an external safetyrelay or a safety controller, thus preventing an automatic restart.All safety-relevant conditions mentioned in section 2, 3 and 4 of the present documen-tation must be met for the basic selection, installation, and application of the safety com-ponents, such as safety relay, emergency off switch, etc., and the approved connectionvariants.

MOVIAXIS® axis systemThe following figures show an example of a MOVIAXIS® axis system (Figure 7) as wellas the positioning of the safety relays at the bottom of a size 3 axis module (Figure 8).

59145bxxFigure 7: Example of a MOVIAXIS® axis system

[1] Supply module

[2] Axis modules

[3] Safety relays at the bottom refer to the figure on page 19

[2]

[1]

[3]


4General informationConnection Variants

Connections of the safety relays

62644axxFigure 8: Connections of the safety relays at the bottom of an axis module size 3

A View from front B View from bottom

[1] X10 binary inputs [2] Connections of the safety relay X7

[3] Connections of the safety relay X8

[2] [3]

[1]

A

B

X7 X8


4 RequirementsConnection Variants

4.2 RequirementsUse of safety relays

The requirements of the manufacturers of safety relays (such as protecting the outputcontacts against welding) or other safety components must be strictly observed. For thecable routing, observe the basic requirements listed in section 2, 3 and 4 of the presentdocumentation.For the connection of MOVIAXIS® and the safety relays, observe the installation require-ments in section 'Installation requirements' on page 13 in the present documentation.Other instructions by the manufacturer on the use of safety relays for specific applica-tions must also be observed.

Use of PLC-FDOsYou must observe the ZVEI specifications for safety sensors if you use a safety PLC(SPLC).The starting and stopping impulse of the digital outputs (F-DO) must be ≤ 1 ms. Forthese impulses, the internal relay of the axis module is too inert, thus it does neitherswitch nor drop out.

<1ms >1s

High

Low

t


4Disconnection of single drivesConnection Variants

4.3 Disconnection of single drives4.3.1 STO according to PL d (EN ISO 13849-1)

The procedure is as follows:• Recommendation: X10:1 and X10:x are disconnected at the same time, e.g. in case

of an emergency stop.• The 24 V safety input X7 is disconnected.• The motor coasts to a halt, if no brake is activated.

STO - Safe Torque Off (IEC 61800-5-2)

[1]: In this example, X10:x requests an FCB.

59285axxt

n

X7:1

[1] X10:x

X10:1

INFORMATIONThe illustrated STO disconnections can be used up to PL d according toEN ISO 13849-1 or category 3 according to EN 954-1.


4 Disconnection of single drivesConnection Variants

Binary control with safety relay

Binary control with safety PLC

64791aen

+24 V

FeedbackEmergency stop

Reset

Higher-levelcontroller

PLC

IN OUT

Safetyrelay

Emer-gency stop StartStop

GND

Mains

Relaycontrol

MXA82A-...

2

X101 DIØØ

DIØ13 DIØ24 DIØ35 DIØ46 DIØ57 DIØ68 DIØ79 DIØ810 DCOM11 DGND

X7+ 24 VRGND Coil and NC

Safety relay I

1 2 3

PE U V W

1234

CNC

Output stage enable

Motor

64792aen

+24 V Higher-levelcontroller

Standard Safe

IN OUT


GND

Mains

IN OUT

MXA82A-...

2

X101 DIØØ


X7

Coil and NCSafety relay I

1 2 3

PE U V W

+ 24 VRGND

1234

CNC

Output stage enable

Motor



4.3.2 SS1 according to PL d (EN ISO 13849-1)The procedure is as follows:• X10:1 must not be disconnected.• X10:x is disconnected, e.g. in case of an emergency stop.• During the safety time interval t1, the motor decelerates to a complete stop along the

ramp.• After t1 has elapsed, the safety inputs X7 is disconnected. The safety time interval t1

must be sufficient for the motor to reach a complete stop.

SS1 - Safe Stop 1 (IEC 61800-5-2)


59279axx

t

n

X7:1

[1] X10:x

t 1

X10:1

INFORMATIONThe illustrated SS1 disconnections can be used up to PL d according to EN ISO 13849-1 or category 3 according to EN 954-1.





64793aen

+24 V

Feedbackemergency stop

Reset


PLC

IN OUT

Safetyrelay


GND

Mains

Relaycontrol

MXA82A-...

2

X101 DIØØ



Safety relay I

1 2 3

PE U V W

1234

CNC

Output stage enable

Motor

Enable

64794aen


Standard Safe

IN OUT


GND

Mains

IN OUT

MXA82A-...

2

X101 DIØØ


X7


1 2 3

PE U V W

+ 24 VRGND

1234

CNC

Output stage enable

Enable

Motor



4.3.3 STO according to PL e (EN ISO 13849-1)The procedure is as follows:• Recommendation: X10:1 and X10:x are disconnected at the same time, e.g. in case

of an emergency stop.• The 24 V safety inputs X7 and X8 are disconnected.• The motor coasts to a halt, if no brake is activated.



59284axxt

n

X8:1

X7:1

[1] X10:x

X10:1

INFORMATIONThe illustrated STO disconnections can be used up to PL e according toEN ISO 13849-1, category 4 according to EN 954-1, protection type III according to EN201, or SIL3 according to IEC 61800-5-2





64795aen

+24 V

FeedbackEmergency stop

Reset


PLC

IN OUT

Safetyrelay


GND

Mains

Relaycontrol

MXA82A-...

2

X101 DIØØ


X7

X8

+ 24 VRGND Coil and NC

Safety relay I

Coil and NCSafety relay II

1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Output stage enable

Motor

64796aen


Standard Safe

IN OUT


GND

Mains

IN OUT

MXA82A-...

2

X101 DIØØ


X7

X8


Safety relay I

Coil and NC Safety relay II

1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Output stage enable

Motor



4.3.4 SS1 according to PL e (EN ISO 13849-1)The procedure is as follows:• X10:1 must not be disconnected.• X10:x is disconnected, e.g. in case of an emergency stop.• During the safety time interval t1, the motor decelerates to a complete stop along the

ramp.• After t1 has elapsed, the safety inputs X7 and X8 are disconnected. The safety time

interval t1 must be sufficient for the motor to reach a complete stop.

SS1 - Safe Stop 1 (IEC 61800-5-2)


59277axxt

n

X8:1

X7:1

[1] X10:x

t 1

X10:1

INFORMATIONThe illustrated SS1 disconnections can be used up to PL e according to EN ISO 13849-1, category 4 according to EN 954-1, protection type III according to EN 201, or SIL3according to IEC 61800-5-2.





64797aen

+24 V


Reset


PLC

IN OUT

Safetyrelay


GND

Mains

Relaycontrol

MXA82A-...

2

X101 DIØØ


X7

X8


Safety relay I

Coil and NC Safety relay II

1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Output stage enable

Enable

Motor

64798aen


Standard Safe

IN OUT


GND

Mains

IN OUT

MXA82A-...

2

X101 DIØØ


X7

X8


Safety relay I


1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Output stage enable

Enabe

Motor


4Group disconnectionConnection Variants

4.4 Group disconnectionThis chapter describes how several axis modules are brought to a safe stop.

4.4.1 RequirementsFor group drives, the 24 V safety inputs of several MOVIAXIS® axis modules can bemade available by a single safety relay. The maximum number of axis modules resultsfrom the maximum permitted contact load of the safety relay or the safety control.Other requirements of the manufacturers of safety relays (such as protecting the outputcontacts against welding) or other safety components must be strictly observed. For thecable routing, observe the basic requirements stated in section 'Installation require-ments' on page 13 in the present documentation.For the connection of MOVIAXIS® and the safety relays, observe the installation require-ments in section 'Installation requirements' on page 13 in the present documentation.Other instructions by the manufacturer on the use of safety relays for specific applica-tions must also be observed.

Determining the maximum number of MOVIAXIS® axis modules for group disconnection

The number (n units) of MOVIAXIS® axis modules that can be connected to a groupdrive with safe disconnection is limited by the following points:

1. Switching capacity of the safety relay.A fuse must be connected in front of the safety contacts according to the specifica-tions of the safety relay manufacturer to prevent contact welding.The project planner is responsible for ensuring that the specifications for the switch-ing capacity to EN 60947-4-1, 02/1 and EN 60947-5-1, 11/97 as well as on contactfuse protection given in the operating instructions of the safety relay manufacturerare strictly observed.

2. Maximum permitted voltage drop in the 24 V power supply cable.Values concerning cable lengths and permitted voltage drops must be observed dur-ing project planning for axis systems.

3. Maximum cable cross section of 1 x 1.5 mm2 or 2 x 0.75 mm2.4. Power consumption of the relay coil: 700 mW, see technical data page 35.

INFORMATIONSEW-EURODRIVE does not recommend a group disconnection via an SPLC.


4 Group disconnectionConnection Variants

4.4.2 Group disconnection with safety relayThe axes can be equipped with one or two safety relays.

Group disconnection with one safety relayWith one safety relay, the safety inputs of all axis modules of the axis system can becontrolled and monitored.

Group disconnection with two safety relaysWith several safety relays, the safety inputs of the respective axis modules can be con-trolled and monitored. In the following example, the axis modules 1 - 4 and 5 - 6 aregrouped together and monitored by one safety relay per group.

59148ben

MXP MXA81A

1

MXA81A

2

MXA81A

3

MXA81A

4

MXA81A

5

MXA81A

6

emergency

stop relay MOVIAXIS axis system®

control cabinet

X7 X7 X7 X7

X7 X7

BG1BG1

SG1

59150ben

MXP MXA81A

1

MXA81A

2

MXA81A

3

MXA81A

4

MXA81A

5

MXA81A

6

emergency

stop relays MOVIAXIS axis system®

control cabinet

X7 X7 X7 X7

X7 X7

BG1

SG2 SG1

BG1



4.4.3 STO according to PL d (EN ISO 13849-1)The procedure is as follows:• Recommendation: X10:1 and X10:x are disconnected at the same time, e.g. in case

of an emergency stop.• The 24 V safety input X7 is disconnected.• The motor coasts to a halt, if no brake is activated.



59285axxt

n

X7:1

[1] X10:x

X10:1

INFORMATIONThe illustrated STO disconnections can be used up to PL d according toEN ISO 13849-1 or category 3 according to EN 954-1.



Example: Group disconnection with 3 axis modules

64801aen

MXA81A-...

2

X101 DIØØ



Safety relay I

1 2 3

PE U V W

1234

CNC

Output stage enalbe

Enable

+24 V


Reset


PLC

IN OUT

Safety relay


GND

Mains

Motor

Relaycontrol

MXA81A-...

2

X101 DIØØ



Safety relay I

1 2 3

PE U V W

1234

CNC

Output stage enable

Enable

Motor

MXA81A-...

2

X101 DIØØ


X7


1 2 3

PE U V W

+ 24 VRGND

1234

CNC

Output stage enable

Enable

Motor



4.4.4 STO according to PL e (EN ISO 13849-1)The procedure is as follows:• Recommendation: X10:1 and X10:x are disconnected at the same time, e.g. in case

of an emergency stop.• The 24 V safety inputs X7 and X8 are disconnected.• The motor coasts to a halt, if no brake is activated.



59284axxt

n

X8:1

X7:1

[1] X10:x

X10:1

INFORMATIONThe illustrated STO disconnections can be used up to PL e according toEN ISO 13849-1, category 4 according to EN 954-1, or SIL3 according to IEC 61800-5-2



Example: Group disconnection with 3 axis modules

64802aen

MXA82A-...

2

X101 DIØØ


X7

X8


Safety relay I


1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Output stage enable

Enable

+24 V


Reset


PLC

IN OUT

Safety relay


GND

Mains

Motor

Relaycontrol

MXA82A-...

2

X101 DIØØ


X7

X8


Safety relay I


1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Ouptut stage enable

Enable

Motor

MXA82A-...

2

X101 DIØØ


X7

X8


Safety relay I


1 2 3

PE U V W

1234

CNC

+ 24 VRGND

1234

CNC

Output stage enable

Enable

Motor


5Group disconnectionTechnical Data

5 Technical DataThe axis modules of the MOVIAXIS® servo inverter can be equipped with optional safetyfunctions. With these options MOVIAXIS® can realize 'Safe stop'. For size 1 you can use1 safety relay as an option. For sizes 2 - 6 you can use 1 or 2 safety relays.The safety relays (X7, X8) will be queried and evaluated separately when you use 2safety relays.

WARNINGNote:The manufacturer recommends a minimum load for the switching contacts so that thesafety relays function properly.

MOVIAXIS® with safety technology MXA81.. MXA82..

Equipped with 1 safety relay 2 safety relays

Necessary minimum load at the contacts of the safety relays (X7, X8)

DC 12 V / 10 mA

Type of relay Normally closed contact (at the signaling contacts X7, X8)

Control voltage V24V at the relay coilTerminal X7; 1, 2Terminal X8; 1, 2

DC +19.2 V to +30 V (> 15 mA) => relay coil energizedDC -2 V to +2 V (> 2 mA) => relay coil dropped out safely

Only use voltage sources with safe disconnection (SELV/PELV) in accordance with VDE 0100 for the control input at terminals 1 and 2.

Supply power of the relay coil Power consumption typically 700 mW (500 - 950 mW)

Energy of the relay coil Over the entire voltage range DC 30 V (19.2 V - 30 V), max. 6.5 mJ

Feedback contact (monitoring) Switching voltage DC 30 V (DC 19.2 - 30 V)Fusing provided by customer I = 3 A

Cable cross section at safety input 0.75 - 1.5 mm2 (AWG 18 - 16)

Time interval until feedback to external safety controller

Without free-wheeling diode: Max. 20 msWith free-wheeling diode 1N4148 parallel to relay max 140 ms at < 2 m connecting lead

Time interval until the output stage is switched off

Without free-wheeling diode: Max. 5 msWith free-wheeling diode 1N4148 parallel to relay max 115 ms at < 2 m connecting lead

Minimum break time until output stage is released again after the cur-rent supply has been provided to relay coil via X7, X8

100 ms

Safety characteristics

Approved safety classes

1 safety relays 2 safety relays

• Category 3 according to EN 954-1:1996

• Performance level d according to EN ISO 13849-1:2006

• Category 4 according to EN 954-1:1996• Performance level e according to

EN ISO 13849-1:2006• SIL3 according to IEC 61800-5-2:2007• Protection type III according to EN 201:1997

Probability of a dangerous failure per hour (= PFH value) 1.7 × 10-9 1/h 8.6 × 10-10 1/h

Service life/proof test interval according to IEC 61508

20 years or 500000 switching cycles, after which the component must be replaced

with a new one.

20 years or 500000 switching cycles, after which the component must be replaced with a new

one.

Safe condition Safe torque off (STO)

Pi

fkVA

Hz

n


Index

AAbout this manual .................................................4Approved devices ...............................................11

Devices with a safety relay ...........................11Status line on the nameplate ........................12

CChecking disconnecting devices .........................17Conditions, safety ...............................................10Connection variants ............................................18Content of this publication .....................................5Copyright ...............................................................5

DDevices with a safety relay .................................11Devices, approved ..............................................11Disconnection of single drives ............................21

Requirements ...............................................20SS1 according to PL d (EN 13849-1) ...........23SS1 according to PL e (EN 13849-1) ...........27STO according to PL d (EN 13849-1) ...........21STO according to PL e (EN 13849-1) ...........25

EExclusion of liability ...............................................5External safety controller, requirements .............16

GGroup disconnection ...........................................29

Max. number of modules ..............................29Requirements ...............................................29STO according to PL d (EN 13849-1) ...........31STO according to PL e (EN 13849-1) ...........33With safety relay ...........................................30

IImportant notes .....................................................4Inputs ....................................................................7Installation requirements .....................................13

LLimitations .............................................................9

MMOVIAXIS® axis system ....................................18

NNameplate, status line ........................................12Notes, important ....................................................4Number of MOVIAXIS® axis modules for group dis-connection ...........................................................29

OOperation, requirements .....................................17Other applicable documentation ...........................5

PPLC-FDO, requirements .....................................20

RRequirements

Installation .................................................... 13Operation ..................................................... 17

Right to claim under warranty .............................. 5

SSafe Stop 1 (SS1) ................................................ 9Safe Torque Off (STO) ......................................... 8Safety concept ................................................. 6, 8Safety conditions ................................................ 10Safety controller, requirements .......................... 16Safety inputs ........................................................ 7Safety relays, requirements ............................... 20SS1 (Safe Stop 1) ................................................ 9SS1 according to PL d (EN 13849-1) ................. 23SS1 according to PL e (EN 13849-1) ................. 27Status line on the nameplate .............................. 12STO (Safe Torque Off) ......................................... 8STO according to PL d (EN 13849-1) .......... 21, 31STO according to PL e (EN 13849-1) .......... 25, 33

TTechnical data .................................................... 35

VVerification of safety functions ........................... 17

WWiring instructions

Category 4 according to EN 954-1 .............. 15PL "d" according to EN ISO 13849-1 ........... 14Protection type III according to EN 201 ....... 15Safety category 3 according to EN 954-1 .... 14SIL3 according to IEC 61800-5-2 ................ 15

SEW-EURODRIVE—Driving the world

SEW-EURODRIVEDriving the world

www.sew-eurodrive.com

SEW-EURODRIVE GmbH & Co KGP.O. Box 302376642 Bruchsal/GermanyPhone +49 7251 75-0Fax +49 7251 [email protected]

MOVIAXIS® Multi-Axis Servo Inverter – Functional Safety ... · MOVIAXIS® Multi-Axis Servo...

Documents

Transcript of MOVIAXIS® Multi-Axis Servo Inverter – Functional Safety ... · MOVIAXIS® Multi-Axis Servo...