Safety and the
fieldbus
Terry Hayward
of Schmersal UK argues that the safety of people and machinery has
long been the single focus of specialist machinery safety manufacturers
such as Schmersal, just as fast and reliable control systems have
been the focus for automation manufacturers, and it should stay
that way!
According to
some, there is a widespread reluctance to accept that, as far as
safety is concerned, a network-based system can be as reliable as
a dedicated hard-wired installation. And when lives are at risk,
users are unwilling to put their faith in software and networking
protocols.
To overcome
this reluctance, the extension of these networks to integrate people
and machine safety should remain the focus of specialist safety
experts and not the automation experts that pioneered the control
systems.
Most safety
specialists have no allegiance to a particular network but are working
with all bus systems. Schmersal, for example, is actively working
to enable safety devices to be bus-connected, both through its own
proprietary fieldbus systems and through AS-i Safe, Profibus and
DeviceNet.
Networked advantage
The advantages
of having a networked or Fieldbus solution are generally well known.
Savings on cabling and installation time are significant, and owing
to their diagnostic capabilities, such systems can reduce downtime
and therefore maximise the efficiencies of a machine.
The adoption
of any safety network or fieldbus heralds the demise of the safety
relay, which is currently matched to the safety switch and forms
part of a hard-wire system - a system may, for example, have two
safety switches, or an E-Stop reporting to one safety relay whose
output contacts are then controlling safety interlocks.
When a fieldbus
approach is adopted, one master safety controller acts as a safety
relay across the network, taking inputs from 12 or 15 safety devices.
Safety relays become redundant and the safety controller takes over!
Fieldbus is
more often applied to major automation projects, where the network
installation is now almost the chosen route. Many engineers working
on smaller projects are still using discrete I/O and PLC structures
with spider cluster wiring to control devices, and are only just
beginning to implement network solutions.
Against this
background, it is important to consider safety aspects. Since the
earliest days of fieldbus, manufacturers and engineers have pondered
the safety issues: how should safety components be incorporated
into production lines? How is existing machinery best accommodated?
Is it easier to design-in safety on new machinery? Should one go
for a proprietary or open system?
At this stage,
discussion is academic, as new and emerging Euronorms and IEC documents
do not yet allow networked and fieldbus safety technologies to be
deployed. Discussions are taking place, but there is a considerable
and on-going debate to determine how machine safety standards should
be modified to accommodate networks and fieldbuses.
Making
choices
A number of
interested parties are working to resolve the questions and, ultimately,
a suitable standard will emerge. When that happens, an engineer
wanting to take advantage of the savings that using safety networks
bring will, not surprisingly, be faced with choices.
There is the
discrete approach - using a network of safety devices, perhaps with
its own safety PLC, but separate from the main automation system.
This approach is available from a number of manufacturers. Schmersal
has the Esalan system, which is both proprietary and open, and operates
independently of the operational control. All commercially available
safety switching devices can be connected to it and connections
are made to the input and output stations of the system.
There are of
course arguments against such systems. They are product-specific
and not open. They are standalone, separate from the machine's systems.
They are not covered by any Euronorm standards. And you don't necessarily
gain all the benefits from the installed wiring costs and diagnostics
because you still have to run a completely separate wiring system
for the safety components.
The automation
sector, on the other hand, has long promoted the advantages of a
true open system that would allow safety products from any manufacturer
to fit into an existing automation system to create a unified network
or fieldbus. Safety is added as an overlay to the wiring already
installed and does not have to be increased. Such an installation
would ideally be covered by Euronorm standards and, whilst not certified,
would be considered compliant with the agreed philosophy or protocol.
Within the
open network option the engineer is still faced with choices, this
time from the various schemes already nominated. Examples include
the high-volume, bit-based Actuator Sensor Interface (AS-i) system,
Profibus P, which is endemic in Europe, and DeviceNet, which is
endemic in the USA. The latter two are both byte-based systems.
Schmersal does not support any one fieldbus system, preferring instead
to integrate with all approaches.
Reduced
wiring
AS-i is the
most widely used of the automation fieldbuses, because it is at
the 'actuator/sensor interface' where there are more actuators and
sensors than drives or motor control sensors - and therefore more
kilometres of wiring.
This system
now also features an additional element - AS-i Safety; a master/slave
system created by a consortium of open manufacturers, including
Schmersal, who have pooled their technology and designed a low-level
safety interface.
The principle
of AS-i Safety is to put the basic safety devices onto a network
and connect them, using an AS-i ribbon cable, via a safety monitor
and the main motor controller. The system delivers the typical fieldbus
benefits - reduced wiring, increased diagnostic capability, easier
programming and reduced down-time.
AS-i Safety,
which does not require a Safety-PLC, allows the integration of safety
components such as emergency stops, safety switches, solenoid interlocks
and magnetic safety sensors. It also permits mixed operation of
standard and safety devices and diagnostics with standard-master/PLC.
It offers a
maximum response time of 35ms, accommodates a maximum of 31 safety
slave units, uses and is fully compatible with the standard AS-i
protocol and achieves Control Category 4 under EN 954-1.
No
new wiring
AS-i also achieves
Stop Category 4 and compatibility with existing AS Interfaces, which
means no new wiring has to be added to a scheme. At present, the
AS-i Safety concept is also approved by the TUV and BIA, although
there is work still to be done in standards committees to ensure
that it is covered completely by Euronorms.
The safety
monitor - the device that is expected by many to supersede the safety
relay - can have one or two pairs of enabling paths, and multiple
monitors can be incorporated in one AS-i system. Diagnostics capabilities
are available via the AS-interface and configuration software, which
also controls all monitor functions. Parameters can be set for contactor
monitoring, Stop Category 0 and 1, re-start inhibit, local re-start
function and hold-to-run control.
Schmersal has
accelerated the integration of AS-i technology into its range of
E-stops, safety switches, solenoid interlocks and magnetic safety
sensors and actually displayed a working system at the Hanover Fair
earlier this year.
Where is the
future? DeviceNet and Profibus are both expected to be strong players,
DeviceNet particularly in the North American markets. As byte networks,
they can of course, carry more traffic and more data. This makes
them more suitable for complex process controls - featuring speed
controllers, drives, mixers, peer to peer, etc - and less suited
to simple master/slave arrangements.
Schmersal is
already developing its range of safety products with the necessary
CAN chips and protocols to suit DeviceNet and Profibus. And Schmersal
has already produced devices that offer yet another possibility
- electronic technology integrated into the device itself, to make
it more intelligent yet still able to be hard wired.
Safety devices
with a bus interface offer a number of advantages including reduced
parallel wiring, easy and low-cost installation, easy replacement
in case of failure, embedded technology, Control Category 4, a combination
of safe and non-safe signals, improved diagnostics, conformance
testing and increased machine availability. An example is the Schmersal
BZ16 key-operated safety switch, which has coded safety relay technology
built in and also features non-mechanical contact.
For many engineers,
the ideal will be an open interface that allows them to plug in
components from any manufacturer and know that they have an absolutely
safe system - one that has been reviewed by experts and can be described,
in the context of the Euronorm, as setting the required levels of
integrity and safety.
Vested
interest
With so many
vested interests there is the potential for fieldbus to become a
battle for the safety industry, otherwise safety might become an
add-on for the automation manufacturer and not the focus of a safety
specialist.
Hopefully,
the final choices will lie with the wider engineering community
and manufacturers must be careful not to believe that there is one
panacea or simple solution.
There is certain
to be considerable debate before a fieldbus leader emerges and engineers
finally define which products meet the specification, which systems
give them confidence and what the important advantages and disadvantages
really are.
Which is why
safety component manufacturers need to listen to engineers. INOC
|
