Wiring E-stops on a fieldbus network can substantially reduce costs without compromising safety.
What is in this article?:
|The Pearson R235 Case Erector/Bottom Sealer is for food, beverage, and other packaging applications designed for lines running 20 to 35 corrugated-box cases/min. Adding an AS-I-Safe network significantly reduced wiring and commissioning time.|
In the U.S., most machines are typically built with two independent control systems. One is for standard machine control, the other specifically designed to protect workers from injury. This second system is based on hardwired technology that has not significantly changed since the 1940s when mechanical relays were used to control machines.
Shortly after PLCs began to replace relays for machine control, a clause was added to NFPA 79 that required all devices used for emergency-stop functions be hardwired. (NFPA 79 is the base electrical standard for industrial machinery in the U.S. and is referenced by packaging-machine, robot, conveyor, and many other application-specific standards.)
This clause has been in effect since the early 1970s, but the latest version of the standard will, for the first time, permit safety systems to be part of the machine control network. European regulations already permit such systems. This revision may greatly impact machine builders and OEMs because it has the potential to significantly reduce both labor and material costs while maintaining the highest levels of operator safety.
OEMs normally install safety circuits in conduit and often provide redundant wiring that interconnects sections or, perhaps, the entire machine with E-stop buttons, door interlocks, light curtains, and other safety devices. This is a labor-intensive practice.
Machine control systems often have a PLC with rack I/O that lets a computer monitor and control each machine function. However, since the advent of networks such as Profibus, AS-I, ModBus, DeviceNet, and Remote I/O, distributed I/O architecture has been widely adopted for machine control. It replaces the large wire bundles rack I/O requires with, usually, a single wire pair and clusters of I/O remotely mounted around the machine.
Distributed I/O was a major technological innovation that significantly reduced manufacturing costs and enhanced performance. The next revolution in machine design will be the migration from hardwired safety systems to electronic-based distributed safety I/O.
Until now, safety devices were wired separately, or connected to programmable controllers over additional special buses, for good reason: If they were not wired and powered separately, there was potential for error and operator injury.
Data transferred over standard fieldbuses, for example, can be lost, repeated, appear in the wrong order, or even corrupted. In addition, there is always the risk of addressing errors that result, for example, in standard data being output as safety-relevant data. New safety networks now address these concerns.
Two such systems are ProfiSafe and AS-I-Safe. ProfiSafe enables both control and safety communications over a single Profibus network. It relies on standard communication components such as cables, ASICs, and software. And performance is basically the same as standard Profibus in terms of baud rate, number of bus subscribers, and the transmission method.
However, ProfiSafe incorporates "safe" drivers on the sender and receiver that incorporate additional safety communication measures between the two, including:
- Consecutive numbering of every safety message.
- Watchdog-timer monitoring with acknowledgment for incoming messages.
- A password code between sender and receiver.
- Additional data-transfer protection through Cyclic Redundancy Check (CRC).
These and other data security and checking procedures produce residual error rates of <10-9/hr, minimizing the residual risk.
Response time is a significant factor in safety-related applications. For instance, personnel protection requires a maximum response time of 150 msec for manually operated emergency-off equipment and 35 msec for light curtains --- system wide. Only then, for example, can breaking a light curtain stop the hazardous movement of a press in sufficient time to prevent harm.
One can calculate overall response from the maximum bus response time and internal processing times of the sender, logic unit, and actuator. If too slow, restrict the number of nodes or increase the data transfer rate to increase the speed of response.
AS-I-Safe, an enhancement to the AS-Interface network, also transfers safety-related and standard data along the same bus cable. The AS-I components --- master, slaves, power section, and repeater --- are now complemented by safety monitor and safety slave hardware. Additional signals between the safety slaves and monitor ensure a high degree of safety. Each cycle, the safety monitor expects a specific message from each slave, which continually changes according to a defined algorithm. If a fault or alarm prevents delivery, the safety monitor switches off in a worst-case maximum of 35 msec.
Users can configure safety-related applications with a PC and the safety monitor. E-stops, position switches, light curtains, and other safety devices connect directly to the AS-I network. Using several monitors in a network makes it possible to form safety-related groups, to control whether all or part of the machine shuts down. The safety network retrofits into existing systems and safety data can be integrated into plant diagnostics.
A case study of one packaging-equipment manufacturer that migrated from hardwired rack I/O to distributed safety I/O showcases the benefits of this approach. (See "Packaging system demonstrates AS-I-Safe.")
The application used a Profibus network for communications on the drives, operator interface stations, and a few analog points. It ran at 6 Mbits/sec, a speed far exceeding that of any other system the company had used in the past. Digital I/O was networked on AS-Interface using IP 67 digital I/O blocks in a cabinetless architecture.
The manufacturer used separate networks for several reasons. Profibus provides a level of sophistication and performance well suited for applications that require high volumes of data. However, as much as 80% of the nodes on this machine are limit switches and sensors where the only real information the PLC needs is the device on/off status. For this simple application, an AS-I network is sufficient for the application, and it cuts hardware costs and installation time.
While there is no question Profibus could handle the entire application, the cost savings and simplicity AS-I provided was significant enough to warrant two networks. The combination provided the best mix of technology and functionality.
The end result was a nearly 75% reduction in wiring time. And this does not consider other areas where distributed I/O contributed measurable returns, such as quicker debug and startup of the machine, and fewer components that require less panel space.
In addition to component and assembly cost savings, safety networks provide additional benefits. For instance, this particular application was upgraded from an EN 954-1 Category 1 safety system to Category 3 for the same price. This improvement can significantly reduce liability insurance costs.
Another factor is downtime. Especially when it is unexpected, downtime can be a significant expense in terms of lost production. In most manufacturing operations even a small machine can cost $10,000/hr when out of commission, and some large transfer lines can cost over $1 million/hr in lost production.
In the event of downtime, diagnostics used to localize and identify the problem are critical. Because many safety systems are hardwired in series, the operator can only identify the problem circuit, not the precise fault location. Unfortunately, each circuit can have an unlimited number of I/O points or safety sensors, making it difficult to identify the specific cause of the shutdown. Pinpointing the exact cause often requires a physical inspection which is time consuming, expensive, and not very effective if a mechanical problem --- such as a partially open gate --- causes the safety system to stop the machine.
In high-value production machines, builders sometimes interconnect the safety and machine-control systems. This is generally impractical because it requires two parallel control systems that are completely interconnected and significantly increase the cost of the machine.
With an I/O safety network, on the other hand, every point on the safety system provides information to the controller. Safety problems instantly show up on the operator interface, including what device tripped, the failure mode, and location. It can also record statistical data, such as failure history.
Safety networks combined with the control system also provide unprecedented control over how a machine shuts down, to protect the equipment as well as the operators. This simplifies the restart process so a machine can quickly resume production once a problem has been corrected. n
Packaging system demonstrates AS-I-Safe
Pearson Packaging Systems, Spokane, Wash. (www.pearsonpkg.com), gave the U.S. a glimpse of the future of machine safety at Pack Expo 2000 in Chicago. The company displayed its R235 case erector/bottom sealer equipped with Siemens AS-I-Safe technology.
Although not yet available in the U.S., Pearson's Jon Donovan anticipates AS-I-Safe will soon be compliant to U.S. standards. Used in a variety of corrugated-box loading packaging applications, the R235 case erector with AS-I-Safe technology is designed with Siemens distributed I/O, distributed safety I/O, Simatic S7-200 controller, and touchscreen display.
According to Siemens, the majority of machines built in the U.S. are designed with two independent control systems --- one for machine control and another to protect the operators from injury. A machine that combines distributed I/O and safety I/O makes significant cost savings possible without compromising operator safety.
In its previous version, the discretely wired R235 required six electricians more than 368 hr to wire and commission, according to Don Parker, Pearson electrical project engineer. On the new version, ASI-Safe reduced complexity and simplified manufacturing, permitting the same machine to be operational in just 96 hr with only two electricians, he said.
For example, the original machine's Category 1 safety system required 32 hr to install and test. The devices used for this application were limited to a few E-stop buttons and gate guards. Using AS-I-Safe, these devices were easily added to the existing AS-I network with only a few hours of connection and setup. Most of the remaining labor is associated with physically installing devices on the machine.
According to Siemens, every safety I/O device can now provide status information to the controller. When an input detects a problem the information is instantly displayed at the operator station, including which device tripped and the kind of device (gate guard, pressure switch, and emergency stop, for example). Failure-history information is also available to the operator.