PROFIsafe: Networked Functional Safety

Implementing functional safety over a network reduces the number of components, wire, and cabinets; speeds installation and commissioning; and increases uptime. With PROFIsafe, PI’s functional safety application profile, messages are exchanged transparently between Profibus (a serial fieldbus) and Profinet (an industrial Ethernet).

07/24/2012


If you are not implementing functional safety over a network you might as well be creating relay ladder logic on D-size vellum with a universal arm drafting machine—and realizing the design with actual relays and lots of wire.

Actually, for decades after the introduction of the PLC and fieldbuses, relays and hardwiring were still required for safety. Then in 2002 machine wiring standards were revised in the U.S. to permit implementing safety in logic controllers and transmitting safety messages over a network. Finally the benefits of PLCs and fieldbuses could be realized for safety. And now 10 years into the networked functional safety era, it’s time for you to realize these benefits in your own facilities.

Networked functional safety architecture showing PROFIsafe-enabled devices in yellow: controller, IO, drive, and process instrument. Courtesy: PI North AmericaTo get you started: What do we mean by networked functional safety, how does it work, and why would you use it?

Safety via communication protocol

The overarching safety standard IEC 61508 defines safety as “the freedom from unacceptable risk of physical injury or of damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment.” This makes functional safety “part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.” With the safety messages transmitted over a fieldbus or Industrial Ethernet we have networked functional safety.

Functional safety is more than moving and reacting to safety messages. Functional safety begins with risk assessment. Having been assessed, risk can be mitigated in many ways from signage to guarding to safety circuitry. In implementing safety circuitry, networked functional safety is bookended by safety IO and a safety controller. Networked functional safety is more than the network—the network needs safety-rated IO on one side and a safety-rated controller on the other.

Networked functional safety can apply in the factory where discrete logic predominates or in the process plant where process instruments containing multiple variables and diagnostic data predominate. Motion control also is subject to networked functional safety. Once the only safety options available for motion were removing power and applying external brakes, but now additional safety options are available—options like “go to safe position.”

Secure messaging

Networked safety relies on a concept called “the black channel,” which tunnels through the fieldbus or Industrial Ethernet protocol to provide secure messaging. By doing so, other aspects of the network are not safety-relevant. So you don’t need safety-rated cable, connectors, gateways, or Ethernet switches. You can compare the black channel to a VPN connection in the Ethernet world. Virtual Private Networks (VPNs) create an encrypted tunnel through Ethernet infrastructure. This prevents other devices or activity on the network from interfering with the VPN traffic. 

PI (Profibus and Profinet International) pioneered the creation of the black channel through academic and practical activities over 12 years ago. To meet safety-certifying agencies requirements, PI came up with the following remedies to the listed potential failures:

 

PI PROFIsafe: Failure types and remedies

 Failure type

 

Remedy

 

 

 

Consecutive number

 

Time out with receipt

 

Codename for sender and receiver

 

Data consistency check

 

Repetition

 

X

 

 

 

 

 

 

 

Deletion

 

X

 

X

 

 

 

 

 

Insertion

 

X

 

X

 

X

 

 

 

Re-sequencing

 

X

 

 

 

 

 

 

 

Data corruption

 

 

 

 

 

 

 

X

 

Delay

 

 

 

X

 

 

 

 

 

Masquerade (standard message mimics failsafe)

 

 

 

X

 

X

 

X

 

FIFO failure within router

 

 

 

X

 

 

 

 

 

Courtesy: PI North America

 

The remedies are embedded in the data packets. If one of the remedies shows a failure (which must be detected in the receiving logic controller), the system will treat it as a safety event which returns all values to a predescribed safe state.

Because the black channel isolates the safety information in the fieldbus’ or industrial Ethernet’s data stream, connecting cables, connectors, and devices are not safety-relevant. Their failure would be detected by one of the remedies in place and a safety reaction would be generated.

In the case of PROFIsafe, PI’s functional safety application profile, the messages are exchanged transparently between Profibus (a serial fieldbus) and Profinet (an industrial Ethernet). Any type of media can be used: copper, fiber, or wireless. Devices in the discrete, process, or motion control application spaces can communicate to the same safety controller, allowing comprehensive safety scenarios.

Less cost, more uptime

There are technical and business benefits in using networked functional safety. The technical benefits of using a fieldbus transfer include a reduced number of components, less wire, fewer cabinets, faster installation, and faster commissioning.  Some business benefits derive from these, but the big addition is uptime. Just as a fieldbus and Industrial Ethernet can convey diagnostic information, networked functional safety does. In addition, manual maintenance in verifying switch and other safety functions is minimized since the system continually verifies this functionality.

A manufacturer of automotive body lines converted from hardwiring of safety circuitry to PROFIsafe and reduced the number of safety components by 85%. The amount of wire needed was also greatly reduced. The line needed less floor space since there were fewer enclosures. And the factory start-up time was reduced from several weeks to an afternoon.

Networked functional safety is a proven technology, widely used. Using it is a competitive advantage.  As an ARC white paper puts it: “Safety has evolved from being a cost burden to a strategy for improving productivity and reducing downtime.”

- Carl Henning is deputy director, PI North America (Profibus and Profinet in North America, formerly PTO); Edited by Mark T. Hoske, content manager CFE Media, Control Engineering and Plant Engineering, mhoske(at)cfemedia.com.



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Leaders Under 40 program features outstanding young people who are making a difference in manufacturing. View the 2013 Leaders here.
The new control room: It's got all the bells and whistles - and alarms, too; Remote maintenance; Specifying VFDs
2014 forecast issue: To serve and to manufacture - Veterans will bring skill and discipline to the plant floor if we can find a way to get them there.
2013 Top Plant: Lincoln Electric Company, Cleveland, Ohio
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Bring focus to PLC programming: 5 things to avoid in putting your system together; Managing the DCS upgrade; PLM upgrade: a step-by-step approach
Balancing the bagging triangle; PID tuning improves process efficiency; Standardizing control room HMIs
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.