pcs7_v71_en_2010

8/3/2019 pcs7_v71_en_2010

http://slidepdf.com/reader/full/pcs7v71en2010 1/4

Automation systems

Safety-related automation systems

6/27Siemens ST PCS 7 · February 2010

IOverview

Safety-related automation systems are used for critical applica-tions where a fault could endanger life or result in damage to theplant or the environment. These F/FH systems also referred to as"fail-safe automation systems" detect both faults in the processand their own internal faults in association with the safety-related

F modules of the ET 200 distributed I/O systems or fail-safetransmitters connected directly via the fieldbus. They automati-cally transfer the plant to a safe state in the event of a fault.

IDesign

Design variants

In general, two design versions are differentiated across all ar-chitectural levels of a system based on Safety Integrated forProcess Automation:

• Single-channel, non-redundant design

• Redundant, fault-tolerant design

These two design versions are highly variable and offer a widescope for design with regard to different customer requirements.Standard automation (basic process control) and safety-related

functions can be combined flexibly, not only in the area of distrib-uted I/O. Even at the controller level, they can be combined inone system or separated. In addition, there are numerous possi-bilities arising from the use of flexible modular redundancy.

At the individual architectural levels (controller, fieldbus, distrib-uted I/O) the configuration alternatives shown in the figure areavailable depending on the distributed I/O used (ET 200M andET 200S remote I/O stations or PROFIBUS PA devices accord-ing to Profile 3.0).

Design versions for safety-related systems

ET 200MET 200M

ET 200M

ET 200M

ET 200M

ET 200M

PROFIBUS PA

PROFIBUS PA

PROFIBUS PA

PROFIBUS PA

ET 200S

ET 200S

ET 200M

AS 412F/ AS 414F/

AS 417F

AS 412FH/

AS 414FH/ AS 417FH

AS 412FH/

AS 414FH/ AS 417FH

PROFIBUS DP

F-modulesF-modules

Active field

splitter

Active field distributors

F- and standard modules


Flexible Modular Redundancy

at module or device level


F- andstandard

modules

Standard modules

Standard modules

Module or channel

redundancy over

several separatestations

DP/PA Link

DP/PA Linkwith redundant

DP/PA couplers

DP/PA Linkwith redundantDP/PA couplersDP/PA Link

Y-Link

Distributed I/O and

direct fieldbus interfacing

Direct fieldbus interfacingDistributed I/O

Redundant, high-availability

and fault-tolerant configuration

Single-channel,

non-redundant configuration

© Siemens AG 2010

8/3/2019 pcs7_v71_en_2010


Automation systems


6/28 Siemens ST PCS 7 · February 2010

6

The safety-related SIMATIC PCS 7 automation systems at thecontroller level (F/FH systems) are based on the hardware of thefault-tolerant AS 412H, AS 414H or AS 417H automation sys-tems which have been expanded by safety functions by meansof S7 F Systems.

In accordance with the design variant, they are categorized as:

• Single stations AS 412F, AS 414F and AS 417F with only one CPU (safety-related)

• Redundant stations AS 412FH, AS 414FH and AS 417FH with two redundantCPUs (safety-related and fault-tolerant)

As with the fault-tolerant automation systems, the availability canalso be flexibly increased for these through redundant design ofthe power supply or the Industrial Ethernet communicationsmodule (for details, see "Flexible and scalable availability" inthe Chapter "Fault-tolerant automation systems", page 6/17).

All F/FH systems are TÜV-certified and comply with the safetyrequirements up to SIL 3 according to IEC 61508.

In these systems with multitasking capability, several programscan be executed simultaneously in one CPU – basic process

control (BPCS) applications or also safety-related applications.The programs are reaction-free, i.e. faults in BPCS applicationshave no effect on safety-related applications, and vice versa.Special tasks with very short response times can also be imple-mented.

The redundant FH systems operating according to the 1-out-of-2 principle consist of two subsystems of identical design. Theseare electrically isolated from each other to achieve optimumEMC, and are synchronized with each other via fiber-optic ca-bles. A bumpless switchover is made from the active subsystemto the standby subsystem in the event of a fault. The two sub-systems can be present in the same rack or separated by up to10 km. The spatial separation provides additional security in thecase of extreme influences in the environment of the active sub-system, e.g. resulting from a fire.

The redundancy of the FH systems is only used to increase the

availability. It is not relevant to processing of the safety functionsand the associated fault detection.

Depending on the type of automation system, the RAM varies asfollows:

The firmware can be updated in two different ways:

• Per Flash-EPROM memory card (8 MB)

• From the central engineering system via the Industrial Ether-net plant bus

Connection of process I/Os

Several PROFIBUS DP lines with distributed process I/Os canbe operated on an F/FH system. A table in the Chapter "Automa-tion systems, introduction" provides an overview of the numberand type of configurable PROFIBUS interfaces.

Connection of the process I/Os to two redundant PROFIBUS DP

lines of an FH system (redundant station) is carried out as de-scribed in the Chapter "Fault-tolerant automation systems".

Communication over the plant bus

The safety-related automation systems are connected as stan-dard to the plant bus using one communications processor perAS (F-systems) or AS subsystem (FH-systems).

The plant bus can be implemented in the form of a ring structure,which can also be configured with redundant architecture if theavailability requirements are high. When there are two redundantrings it makes sense to use two communications processors perAS (F-systems) or AS subsystem (FH-systems) and to distributetheir connections between the two rings(4-way connection).Double faults such as failure of the OSM/SCALANCE switch onring 1 with simultaneous interruption in the bus cable on ring 2can thus be tolerated.

Runtime licenses

Each safety-related automation system is already provided asstandard with the SIMATIC PCS 7 AS Runtime license for100 process objects (PO) and the S7 F Systems RT license.The 100 POs of the SIMATIC PCS 7 AS Runtime license canbe expanded by additional Runtime licenses for 100, 1 000 or10 000 POs. The process objects of additional Runtime licensescan be added to process objects which already exist. The num-ber and type (e.g. 100 or 1000) of additional Runtime licensesare irrelevant. The AS Runtime licenses are administered on aSIMATIC PCS 7 engineering system or in the SIMATIC PCS 7BOX.

AS type RAM

AS 412F/FH 768 KB (512 KB for program and 256 KB for data)

AS 414F/FH 2.8 MB (1.4 MB each for program and data)

AS 417F/FH 30 MB (15 MB each for program and data)

© Siemens AG 2010

8/3/2019 pcs7_v71_en_2010


Automation systems


6/29Siemens ST PCS 7 · February 2010

Individual configuration of AS bundles

Safety-related automation systems for SIMATIC PCS 7 are avail-able as AS bundles as follows:

• Individual components, combined per station in one consign-ment

• Preassembled and tested complete systems (no extra charge

compared to delivery of individual components)The equipment of the safety-related automation systems as wellas their Order Nos. can be individually compiled by selectingpreconfigured ordering units.

Combinations typical for the respective system can be selectedusing the system-specific ordering configurations in the Chapter"Selection and ordering data".

These ordering configurations are divided into:

• Single stations: AS 412F, AS 414F and AS 417F with only oneCPU

• Redundant stations: AS 412FH, AS 414FH and AS 417FH withtwo redundant CPUs, mounted on one common rack (UR2-H)or two separate racks (UR2)

The complete range for selection is available using two appro-

priately organized configurators in the catalog & online orderingsystem (www.siemens.com/automation/mall):

• SIMATIC PCS 7 AS Single Station configurator

• SIMATIC PCS 7 AS Redundant Station configurator

To grant you fast access to the ordering data of frequently usedpreferred configurations, these are listed following the system-specific ordering configurations in the Section "Selection and or-dering data" with their complete Order No.in addition.

Ordering information

The AS 412F/FH automation systems currently only supportsync modules with a range up to 10 m. Fiber-optic sync cableslonger than 1 m must always be ordered separately (2 of eachrequired).

The components required for engineering the safety-related ap-

plications can be ordered in the Chapter "Safety Integrated forProcess Automation":

• S7 F SystemsF programming tool with F block library for programmingsafety-related user programs on the engineering system

• SIMATIC Safety MatrixThe convenient safety lifecycle tool for configuration, opera-tion and servicing

I Function

Safety functions

The safety functions of an application are implemented by thesafety-related program executed in the CPU of the F/FH systemstogether with the safety-related F-modules of the ET 200 distrib-

uted I/O systems or directly by failsafe transmitters connectedvia the fieldbus.

The PROFIsafe profile is used for the safe PROFIBUS DP com-munication between CPU and process I/O. With PROFIsafe, themessage frames are extended by additional information. Usingthis information, the PROFIsafe communication partners can de-tect and compensate transmission errors such as:

• Delay

• Incorrect sequence

• Repetition

• Loss

• Faulty addressing

• Data falsification

Standard modules can be used in F/FH systems in addition to

safety-related F-modules - mixed in a remote I/O station or inseparate stations, in a common PROFIBUS segment or in sepa-rate PROFIBUS segments. Basic process control (BPCS) appli-cations and safety applications can be automated in such mixedconfigurations with one and the same system and configuredwith uniform standard tools.

One CPU processes BPCS and safety functions in parallel. Mu-tual interference during processing is prevented by ensuringthat the BPCS programs and the safety-related programs arekept strictly separate and that the data exchange is by means ofspecial conversion function blocks. The safety functions are pro-cessed twice in different sections of a CPU by means of redun-dant, diverse instruction processing. Potential errors are de-tected by the system during the subsequent comparison ofresults.

Safety programs being executed on different F/FH systems of a

plant can also carry out safety-related communication with eachother over the Industrial Ethernet plant bus.

The S7 F Systems engineering tool as a component of theSIMATIC Manager allows parameterization of the F/FH systemsand the safety-related F-modules from the ET 200 series. It sup-ports configuration by means of functions for:

• Comparison of safety-related F-programs

• Detection of changes in the F-program using the checksum

• Separation of safety-related and standard functions.

Access to the F-functions can be password-protected.

The F-block library integrated in S7 F Systems contains pre-defined function blocks for generation of safety-related applica-tions with the CFC or the SIMATIC Safety Matrix based on it. Thecertified F-blocks are extremely robust and intercept program-

ming errors such as division by zero or out-of-range values. Theyavoid the need for diverse programming tasks for detecting andreacting to errors.

© Siemens AG 2010

8/3/2019 pcs7_v71_en_2010


Automation systems


6/30 Siemens ST PCS 7 · February 2010

6

ISelection and ordering Data

1) Up to 5 CPs can be plugged into the UR2 rack with a single powersupply, or up to 3 with a redundant power supply.

1) Up to 5 CPs can be plugged into the UR2 rack with a single powersupply, or up to 3 with a redundant power supply.

Order No.

AS 412F (Single Station)with SIMATIC PCS 7 AS Runtime l icense for100 POs

CPU with 1 interface (MPI/DP master)

768 KB RAM (512 KB for program and 256 KBfor data)

6ES7 654-

7 7 7 7 7 - 7 7 B 7

Type of delivery

• Individual components, not preassembled 7

• Preassembled and tested 8

Memory card

• Memory card 1 MB RAM (up to approx.50 POs)

A


B

CPU type

• CPU 412-3H with S7 F Systems RT license(up to approx. 50 POs)

B

Additive interface modules

• Without additive interface module 0

Interface module toIndustrial Ethernet plant bus1)

• 1 x CP 443-1EX201) 3

• 2 x CP 443-1EX20 for redundant interfacemodule1)

4

Module rack

• UR2 (9 slots), aluminum 3

• UR2 (9 slots), steel 4



Power supply (without backup batteries)

• 1 x PS 407, 10 A for 120/230 V AC B

• 1 x PS 407, 10 A for 120/230 V AC, redundan-cy possible

C

• 1 x PS 407, 20 A for 120/230 V AC D


E

• 1 x PS 405, 10 A for 24 V DC G

• 1 x PS 405, 10 A for 24 V DC, redundancypossible

H

• 1 x PS 405, 20 A for 24 V DC J


K

Additive PROFIBUS DP interface modules1)

• Without CP 443-5 Extended 0

• 1 x CP 443-5 Extended 1

• 2 x CP 443-5 Extended1) 2



Order No.

AS 414F (Single Station)with SIMATIC PCS 7 AS Runtime license for100 POs

CPU with 2 interfaces (MPI/DP master and DPmaster)2.8 MB RAM (1.4 MB each for program anddata)

6ES7 654-

7 7 7 7 7 - 7 7 B 7

Type of delivery

• Individual components, not preassembled 7

• Preassembled and tested 8

Memory card


B


C

CPU type

• CPU 414-4H with S7 F Systems RT license(up to approx. 250 POs)

F

Additive interface modules

• Without additive interface module 0

Interface module toIndustrial Ethernet plant bus1)

• 1 x CP 443-1EX201) 3

• 2 x CP 443-1EX20 for redundant interfacemodule1)

4

Module rack





Power supply (without backup batteries)

• 1 x PS 407, 10 A for 120/230 V AC B


C

• 1 x PS 407, 20 A for 120/230 V AC D


E

• 1 x PS 405, 10 A for 24 V DC G


H

• 1 x PS 405, 20 A for 24 V DC J


K

Additive PROFIBUS DP interface modules1)

• Without CP 443-5 Extended 0

• 1 x CP 443-5 Extended 1




© Siemens AG 2010

pcs7_v71_en_2010

Documents

Transcript of pcs7_v71_en_2010