A new standard for networked safety

The openSAFETY standard eliminates the "Fieldbus wars" of years past and creates a singular standard that provides both safety and versatility for industrial network users.


In the mid-1990s, the automation world faced a situation it called “fieldbus wars.” In the absence of a single, internationally recognized industrial network standard, various automation suppliers filled the void with their own digital networks, which we live with today: EtherNet/IP, DeviceNet, Modbus, Profibus, Profinet, Ethernet Powerlink, and there are more. Then, there appeared to be hope for standardization with the rise of industrial Ethernet around the turn of this century. Unfortunately, all that happened was the migration of the surviving fieldbus application layer protocols to Ethernet cables. 

Today’s major network development is safety. Even now, safety circuits on packaging machines are still largely hardwired devices, which are complex to install and troubleshoot and have limited functionality. Then came the safety PLC, but cost largely kept builders of individual, isolated machines from adopting this programmable technology. 

Figure 2: EPSG introduced an open, bus-independent safety standard for Ethernet-based industrial automation networks. According to EPSG, the safety standard offers universal compatibility regardless of the control system manufacturer or its native fieldbuNow, the same network that controls the machine—or even the entire line—can provide communications for safety processors, safety devices, safety I/O modules, and safe drives. So this time around, there’s no need for “fieldbus wars.” There is a single IEC-approved standard in the public domain that can run as an open protocol on the application layer of your network of choice. The advantages are huge and benefit the entire manufacturing community—users of machinery, device manufacturers, and machine builders—all of whom must otherwise learn and support multiple safety networks (Figure 2). 

The standard, which is called openSAFETY (www.open-safety.org), is available from the Ethernet Powerlink Standardization Group (EPSG) (www.ethernet-powerlink.org). In addition to Ethernet Powerlink, EPSG has implemented fully functional openSAFETY solutions based on (and compatible with) Modbus TCP, EtherNet/IP, Profinet, and SERCOS III, which will likely lead to rapid growth of this SIL3-certified safety protocol. 

Benefits of specifying modern safety technology

In the past, an e-stop meant dropping out the power, which generates wear and tear on both the electrical and mechanical systems. It also meant the machine stopped at whatever point in the cycle it was in when the power went out.

With integrated safety systems now available, drives can come to a stop under control without a full machine shutdown. Integrated safety allows various kinds of stops to be made, ranging from completion of the last cycle to a fast but gentle idle. In short, the machine is placed into a safe state. The machine or production line does not need to be re-homed, thereby avoiding jams and sequencing errors. 

With intelligent, decentralized, and integrated safety technology, it is also possible to respond more quickly to unexpected situations and to provide safety without necessarily stopping the production process. Various safety processors may also perform safe configuration management, safe parameter management, and safe application processing functions, all of which are central to the range of machine safety concepts. 

What should specifiers do?

Early adopters who want to integrate an openSAFETY-based safety solution with their existing data communication system should incorporate a request for conformance language in their electrical specification. The request for conformance states that priority consideration will be given to accepted suppliers that:

  • Integrate the openSAFETY protocol on the application layer of their bus system
  • Direct their device supply divisions and third-party suppliers to develop compliant networked safety devices. 


When these requests start coming from a growing number of automation specifiers, the commercial equation becomes simple. 

It’s also advisable to join EPSG and publicly support openSAFETY as a number of European companies—including Airbus parent EADS and the French National Railway System—have already done. Typically, the faster, louder, and more prevalent the support for standards, the faster they are realized. 

How openSAFETY works

Generally, openSAFETY provides data transfer definitions, high-level configuration services, and encapsulation of safety-relevant data in an extremely flexible telegram format. 

To communicate, openSAFETY uses a frame with a uniform format for payload data transfer, configuration, and time synchronization. Frame length is simply contingent on the amount of data to be transferred. The safety nodes on the network automatically recognize the content, so frame types and lengths do not have to be configured. 

Automatic safe parameter distribution: One highlight of openSAFETY is the automatic safe distribution of parameters. The protocol enables storing of all configuration details for safety applications, such as light curtains, in the safety controller. If a device is exchanged, the safety controller automatically and safely loads the stored configuration onto the swapped application. Users do not need to manually configure the new node when they replace a safety device. 

Fault detection: For fault detection, openSAFETY uses checksum procedures to perpetually examine whether transferred data content is incomplete. It constantly monitors the data transfer rate. Due to extremely short cycle times, failures are detected almost immediately. 

Structure of an openSAFETY frame: Essentially, openSAFETY duplicates the frame to be transferred and conjoins the two identical frames into one openSAFETY frame. Hence, the openSAFETY frame consists of two subframes with identical content. 

Each subframe is provided with an individual checksum as a safeguard. The receiver compares the identical content of the two subframes. The probability that the same data are changed or destroyed in two such subframes is extremely low, and even lower as the frame length increases.

Even in such an extremely unlikely case, the checksums still serve as a corrective action. The special format of openSAFETY frames, with their two subframes and their own individual checksums, also makes “masquerades” extremely unlikely to occur, and precludes any erroneous processing of a masked standard message. 

The openSAFETY network: An openSAFETY network may contain up to 1,023 safety domains, with up to 1,023 nodes or devices permitted within each domain. Safety domains can extend over different and non-homogeneous networks, and can integrate safety nodes that are scattered throughout these into one domain. Safe and unsafe devices can be operated within one domain. 

Gateways allow communication among different safety domains. Also, openSAFETY enables users to enforce hierarchical separations as well as to establish separate safety zones on a network. Therefore, service can be performed in one zone while production in other zones continues uninterrupted. In every domain, a safety configuration manager is responsible for continuous monitoring of all safety nodes.

Stefan Schoenegger is the managing director of EPSG and open automation business unit manager for B&R Industrial Automation.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
2015 Top Plant: Phoenix Contact, Middletown, Pa.; 2015 Best Practices: Automation, Electrical Safety, Electrical Systems, Pneumatics, Material Handling, Mechanical Systems
A cool solution: Collaboration, chemistry leads to foundry coat product development; See the 2015 Product of the Year Finalists
Raising the standard: What's new with NFPA 70E; A global view of manufacturing; Maintenance data; Fit bearings properly
Special report: U.S. natural gas; LNG transport technologies evolve to meet market demand; Understanding new methane regulations; Predictive maintenance for gas pipeline compressors
Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Migrating industrial networks; Tracking HMI advances; Making the right automation changes
Understanding transfer switch operation; Coordinating protective devices; Analyzing NEC 2014 changes; Cooling data centers
Upgrading secondary control systems; Keeping enclosures conditioned; Diagnostics increase equipment uptime; Mechatronics simplifies machine design

Annual Salary Survey

After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.

The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.

Read more: 2014 Salary Survey: Confidence rises amid the challenges

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
This article collection contains several articles on the vital role that compressed air plays in manufacturing plants.