TwinSAFE – Scalable Safety Solutions · OSSD signals (two channel) asynchronous pulses OSSD...
Transcript of TwinSAFE – Scalable Safety Solutions · OSSD signals (two channel) asynchronous pulses OSSD...
TwinSAFE –
Scalable Safety Solutions
Dr. Guido Beckmann
Technology Marketing
TwinSAFE – Integration of Functional Safety
From Safety Relais Logic…
From Safety Relais Logic… to Modern Safety Concepts
Fast reaction
applicable for high dynamic drive architecture
Simplified System
better clarity
simple cabling
simple extension of the system
better diagnosis
and therefore: higher safety
Pre-tested safety functions within the devices according to the
legal standards
Lower costs
Advantages of Safetybus systems
Safe data exchange
Communication must be finished
within the watchdog time
Copying data in
TwinCAT
Safe Logic
Safe input Safe Output
Safe Drive
Safety-over-EtherCAT protocol / FSoE - Frame
TwinSAFE
CMDSafe
DataCRC_0
Safe
DataCRC_1 Conn ID
Ethernet
Header
EtherCAT
Header
1. Data-
gram
2. Data-
gramFSC
FSoE Frame
Safety-over-EtherCAT Frame is integrated in standard communication
Communication between machines with TwinSAFE
Machine A Machine B Machine C
Safety over
EtherCAT
Safety over
EtherCAT
Safety over EtherCAT – Open Technology
Safety
Input
Safety
Logic
Safety
Output Sensor(s) Actuator(s)
TwinSAFE
TwinSAFE PLC
Drives
Compact Controller
TwinSAFE In TwinSAFE Out
TwinCAT Safety PLC
Safety Function
TwinSAFE System
TwinSAFE I/O
TwinSAFE I/O
TwinSAFE
EL1904 Configuration
Operational Modes:
Digital
Logic of Channels:
Single logic
OSSD signals (dual-channel)
asynchronous pulses, inactive
sensor testing
OSSD signals (dual-channel) any
pulse repetition, inactive sensor
testing
Short circuit detection does not
cause a module error
EL1904 operation modes
EP1908 Configuration
Logic of Channels:
Single logic
OSSD signals (two channel)
asynchronous pulses
OSSD signals (two channel) any
pulse repitition
Cross-circuit detection
cause no module fault
Standstill monitoring/
Overspeed detection (1-channel, 2-
channel, Encoder, synchron,
asynchron)
Frequency limit 2 – 500 Hz
EP1908 operation modes
EL2904 Configuration
Standard outputs active:
- Standard outputs are logically AND
connected with the safety outputs
Current measurement active:
- Setting allows the user to use a
common ground for the safety
outputs
Testing of outputs active:
- Test pulses of the safety outputs can
be deactivated
EL2904: Safety output terminal
0,5 A, 24 V DC
EK1914 Configuration
Inputs:
Single logic
OSSD
(async./sync.)
Short circuit does
not cause a module
fault
Outputs:
- Standard outputs active
- Testpulses active
EK1914: TwinSAFE bus coupler
TwinSAFE I/O
TwinSAFE PLC
TwinSAFE
EL6900: TwinSAFE logic terminal
Logic terminal (no local outputs)
Developed
and certified
according to
EN 61508 SIL3
DIN EN ISO 13849-1 PL e
NRTL, UL508, UL1998, UL991
EN 81 (as applicable)
EN 13243 (as applicable)
2006/42/EC Machinery Directive
TwinSAFE
configura-
tion
255 Function blocks
128 Connections
14 FB types
Min. WD Time 1ms
Complete diagnosis in EtherCAT process-
image (configurable)
High Performance
Short reaction times
High
diagnostic
coverage
Communication error
Terminal error
Processor error
Under-/Overvoltage
Temperature monitoring
EL6910: TwinSAFE logic terminal
Logic terminal (no local outputs)
Developed
and certified
according to
IEC 61508:2010 SIL3
EN13849-1 (Cat.4 / PL e)
2006/42/EC Machinery Directive
TwinSAFE
configura-
tion
512 function blocks
212 connections
14 FB types Bool + 14 FB types analog
Min. WD Time 1ms
Complete diagnosis in EtherCAT process
image (configurable)
High performance
Short reaction times
Support of TwinSAFE SC
Support of analog processing
High
diagnosis
coverage
Communication error
Controller error
Processor Error
Temperature monitoring
Upgrade
21.06.2016 24
TwinSAFE – TwinSAFE Logic terminal EL6910
TwinSAFE
TwinSAFE
TwinSAFE SC
analogStandard
analog / digitalDrives
3rd party encoder
3rd party drive
3rd party drive
XCAD Interface Safety
Customization
TwinSAFE Loader
EtherCAT Box
Boolean Function Blocks
EL6900
Integer Function Blocks
with EL6910
Function Blocks for TwinSAFE PLC
TwinSAFE
New
Example: Function Block Compare
Comparison of integer values
• Up to 5 integer values can be
connected
• Evaluation 1oo2, 2oo3, 3oo5
• Maximum tolerance configurable
• tolerance-time configurable. In case of
deviation, the error reaction is delayed
by the tolerance time.
• CompOut contains the „voted“ value
TwinSAFE Customization of projects
TwinSAFE
Group 1
Group 2
Group 3
Group 4
Group 5
EK1960: TwinSAFE Compact Controller
NEW
EK1960: TwinSAFE Compact Controller
TwinSAFE Compact Controller
Developed
and certified
according
to
EN 61508 SIL3
DIN EN ISO 13849-1 PL e
2006/42/EC Machinery
Directive
TwinSAFE
configura-
tion
512 function blocks
127 connections
20 safe inputs
24 safe outputs 2A
(simultaneity factor 50%)
Complete diagnosis in
EtherCAT process image
(configurable)
Short reaction times
Support of TwinSAFE SC
Support of analog values
Use cases Stand alone
(Logic and I/O only local)
Decentral safe I/O
(additional I/Os)
Decentral Logic and safe I/O
(additional I/Os)
TwinSAFE I/O
TwinSAFE Motion
TwinSAFE
AX5805 Integrated Safety in the Drive
AX5805 Safety Option Card for AX5xxx-0000-0200
Certified to PL e
(ISO13849-1) for all
safety functions!
Stopping Functions:
STO – Safe torque off
SS1 – Safe Stop 1 -> STO
Limiting Functions:
SS2 – Safe Stop 2 -> SOS
SOS – Safe Operating Stop
SSM – Safe Speed Monitor
SLx – Safe Limited …
SLS – speed
SLP – position
SxR – Safe … Range
SAR – acceleration
SSR – speed
SMx – Safe maximum …
SMA – acceleration
SMS – speed
SDI – Safe Direction
No additional contactors required!
TwinSAFE
AX8xxx-0100: TwinSAFE axes modules
Safety-Integration
Pre-configured safety digital inputs (STO – default)
Safety over EtherCAT according to IEC 71684-3-12
Safety functions with PLe according to EN ISO 13849-1:2008
Safety Drive Functions according to EN IEC 61800-5-2: 2008
Support of ETG.6100 Safety Drive Profile
Safe Brake Control (SBC)
Safely-limited Torque (SLT)
TwinSAFE
NEW
Servo terminal with STO
NEWUltra-compact Servo Terminal
• EL7201-9014: 50V DC, 2,8A
EL7211-9014: 50V DC, 4,5 A
• Safe Torque Off (STO) via digital input
according to DIN EN ISO 13849 Cat 3, PL d
Servo terminal with STO –
drastically simplifies installation
STO with
standard
Servo Terminal
STO integrated
in Servo Terminal
TwinSAFE SC
TwinSAFE SC
Single Channel components
TwinSAFE
TwinSAFE SC – making use of standard signals
TwinSAFE SC (Single Channel) approach
Using standard input terminals
+ data validation/monitoring with TwinSAFE SC protocol
+ multi-channel processing in Safety Logic
---------------------------------------------------------------------------
= Safety processing
up to PL d / Cat.3 acc. EN ISO 13849-1
or SIL 2 acc. EN62061
Upgrade of standard terminals with TwinSAFE SC
functionality
For safety reasons at least one TwinSAFE SC component
is required
Full flexibility: standard sensors can be used
TwinSAFE
Motor
Encoder EL5021 PCBlackChannelEncodersignal
AktorEL2904EL6910
Antrieb
Motorwelle
MotorleitungStandard Feldbus
Ist-Geschwindigkeit
TwinSAFE SC – Example Safely-limited Speed SLS
position signal of a
TwinSAFE SC terminal
speed signal of a drive
Safely-limited Speed
SLS
safeSpeed
safeScaling
safeCompare safeLimit
Safely-limited Speed
SLS
TwinSAFE SC terminals
EL5021-0090 sin/cos
EL6224-0090 IO-Link
EL3314-0090 Thermocouple
EL3124-0090 4-20mA diff.
EL3214-0090 PT100
EL5101-0090 Incremental encoder RS422
EP3174-0092 ±10 V or 0/4…20 mA
TwinSAFE SC
TwinSAFE
Safety Editor – integrated in TwinCAT/VisualStudio
TwinSAFE –
Scalable Safety Solutions
Dr. Guido Beckmann
Technology Marketing