Professional Documents
Culture Documents
Dont let price stand in the way of making a machine or process as safe as possible
It could cost you a lot more in the long run. But you dont need to overpay to get reliable, high-performance safety devices that conform to all the latest standards. Our prices on safety relays, switches and light curtains mean you can do even more to protect whats important. Safety relays protect people and machines.
Single and dual channel safety relays for E-stop and safety gate applications Two-hand Control units for positive protection Light curtain controller modules are used in conjunction with light curtains for monitoring/control
AutomationDirect
Price/Part Number
Safety switches with key or hinge interlocks, limit switches and cable pull switches give precise, quick action.
Visible operation Immunity to electromagnetic disturbances Electrically separated contacts with positive opening operation on N.C. contacts Actuation speeds of 0.5 m/s (max) to 0.01 m/s (minimum) IEC 947-5-1, EN 60947-5-1, UL 508, CSA C22.2 No 14 approvals
Safety limit switch, pull-reset action, plunger actuator, 30mm plastic body, 1/2 NPT Safety relay module, single channel, for E-stop circuits, 24 VDC, 2 N.O. contacts
LG5924-02-61-24
$88.00
AutomationDirect prices are U.S. published prices as of March 2011. Prices subject to change without notice.
www.automationdirect.com/safety
Double PNP outputs M12 quick-disconnect models (order cable separately) IP65 rated; Type 4 and Category 4 PL e
www.automationdirect.com Go online or call to get complete information, request your free catalog, or place an order.
1-800-633-0405
Contents
A5 Upgrading legacy I/O systems
When its time to modernize, choosing the best I/O strategy and supplier is critical for both new and upgrade projects.
A5
A8
C OMME N T
Doing a job when lives depend on it
Peter Welander
E di to r
here is much about our modern environment that is or can be dangerous. Traffic accidents, plane crashes, building fires, and all sorts of other things can threaten life and limb. Much of the time we depend on rational humans to behave in safe ways, like stopping at red lights and not driving a car on the sidewalk. Obviously, there are conspicuous failures of these assumptions and people suffer. We also rely on more mechanical protections. When I step on an elevator, I assume the control system will not allow the car to plunge into the basement. My automobile, even though it is a Toyota, restrains itself from random acceleration, at least heretofore. Keeping a manufacturing environment safe, particularly a process plant like a refinery with explosive and flammable products (the technical description is a boomable plant), requires a comprehensive program of equipment design, sound construction, proper hardware selection, consistent maintenance, effective control strategy and implementation, security, good work practices, and personnel training. In an earlier life, your correspondent was visiting a plant that produced cyanide in mind-
boggling quantities. Before entering the plant to see the specific application, my colleague and I had to undergo training on what we should do in an emergency. It gave us pause to consider how close we were to very deadly products, yet the operators were willing to work there every day, and they did not seem particularly preoccupied with the situation. Thats faith.
Safe sensing
This month we have a major discussion on safety sensors, and exactly what that qualification connotes. Safety is not a process variable in and of itself (Well, maybe it could be, but thats a topic for another article.), but it has to do with measuring the same normal variables (e.g., pressure, temperature, flow, and level) and using that data in a special way. Safety systems are not built on the assumption that devices and systems do not fail. On the contrary, safety system designers assume that anything can fail. They examine every component of a larger system, whether its a component on a transmitter circuit board, or a node in a network, and ask, What happens if this stops working? Can we still secure the process?
Applied Automation
February 2012 A3
COMME NT
Thats a particularly valid question for a safety sensor because it may sit in place for years on a well-regulated process without having to trigger an alarm. Then one day something goes haywire, and its showtime. Will it tell the process to shut down, or has the mechanism rusted solid? Is there adequate provision in its design to prevent that? The article discusses what goes into the design and testing of a safety sensor, including all the different types of failure analysis. While this is a critical process, it is important to recognize the fact that the best sensor cant do its job in a poorly performing network. If the safety sensor measuring pressure on a vessel cant tell the relief valve to open because a faulty network cant deliver the message, the system will cascade to the next layer of protection, or the vessel may rupture. In many respects, safety system designers make no assumptions about a networks ability to deliver messages. The logic solver, which is the device that receives the message from a safety sensor, is normally programmed to look for a status update at a regular interval. If that update doesnt come, the logic solver should trip the system. If the network is unreliable, the greater problem will likely be false alarms. This is one reason that safety-related networks are traditionally hardwired. Lost production due to false trips is really annoying, and tends to make operators bypass the system, which is very dangerous.
i n dustrial networks
Once an OEM or end user committed to a particular I/O network standard, it was often bound to a certain group of ompanies that vendors for the foreseeable design and build future. If the application required machines and communication with a device on robots often face a different network, a gateway the problem of device was the normal solution. upgrading the These devices were expensive I/O on one or more of their and hard to program, making machines. Even end users it very difficult for users to intefind that legacy I/O, which grate machines or robots manumay have been used successfully for years, may need to be Figure 1: A modern I/O solution, such as this inline module, factured by different companies into an operating whole such as replaced because the vendor has the flexibility to communicate via wired or wireless a packaging line. has gone out of business or no data links. Photos courtesy Phoenix Contact While PLC manufacturers longer supports the hardware. were fighting for market share, In other cases, an OEM or user Ethernet was becoming the standard in office networks, may want to change control systems, I/O networks, or and Ethernet soon migrated to the factory floor. PLC vendors for cost, safety, customer preference, quality, or manufacturers adapted their serial networks to run on performance reasons. Ethernet, opening up the ability to run multiple protocols Modern I/O modules (Figure 1) often support Ethernet on a single Ethernet network. Today, Ethernet-based I/O connections, wireless communications, advanced diagnosnetworks (Figure 2) are replacing older proprietary nettics, remote diagnostics over the Internet, on-board intelworks. PLC vendors still maintain individual protocols, but ligence, multiple inputs and outputs, and a host of other most concentrate their effort on Ethernet-based communifeatures that cant be found in older systems. Whatever cation and can thus share the same Ethernet network. the driving reasons, upgrading I/O on a machine or manuThis allows manufacturers to use standard Ethernet facturing line is not a simple task, as many factors have to functions for overall control of industrial networks. Precise be considered before selecting an I/O system. delivery of data to and from multiple I/O devices can be From hardwiring to Ethernet controlled with transmission protocols like Multicast, and general network segmentation can be controlled through The first PLCs transmitted all remote I/O signals to the use of a VLAN (virtual local area network). Other and from the main processor via hardwiring, as no digital Ethernet standards, such as rapid spanning tree protocol, networks existed at the time. Serial networksbased on can be used to create redundancy within the network, RS-232, RS-422, and RS-485came along and transwhile not affecting the PLC manufacturers I/O communiformed the plant floor, because they drastically reduced cations. These types of protocols are employed on the netwiring requirements. With a serial network, multiple devicwork through the use of a managed Ethernet switch. es could be plugged into a single twisted pair. Today, a machine builder is faced with myriad choices Soon, most PLC manufacturers came out with their own of networks including Modbus TCP, EtherNet/IP, Profinet, versions of serial networks such as Modbus, which is still DeviceNet, Profibus DP, InterBus, Mechatrolink, CANopen, widely used. EtherCAT, CC-Link, and more. And wireless options are Some of these serial networks became de facto stanavailable for almost all these networks. dards, including Profibus DP, InterBus, and DeviceNet. When upgrading I/O, a machine builder or user has to These networks and others usually started out as propriask: etary protocols backed by one or more vendors, and were 1. What I/O network do I want, or does my controller dicthen were opened up to allow any manufacturer to create tate the choice? compatible devices. Most of these networks worked well, 2. How many vendors make products for that network? but they werent compatible with each other.
Jason Haldeman
Applied Automation
February 2012 A5
i n dustrial networks
PLCs software, as opposed to the I/O hardware. For OEMs with a choice, modular I/O is an excellent way to upgrade a machine or robot, or to build a new one. With modular I/Oavailable from several suppliersanalog and digital input and output devices, signal conditioners, network interfaces, power supplies, terminal strips, and all the other components needed for a machine are network-independent. If, for example, an OEM sells to a company in Germany, modular I/O will work with Profibus DP, the preferred network for many European firms. If the same machine or robot is being sold to a company that wants a Rockwell Automation PLC, then the I/O will work with DeviceNet. The machine uses the same I/O devices, but each is connected to the I/O network with bus couplers, so only the couplers need to be changed on the I/O station.
Figure 2: Ethernet-based I/O connects to a PLC or industrial PC over a standard Ethernet cable, providing high-speed access to sensors and control devices.
PC vs. PLC
The next factor to be considered in an upgrade is the control system. Although PLCs continue to dominate machine control, industrial PCs are making inroads. If youre keeping the same PLC during the I/O upgrade on a machine, then you probably wont have to reprogram the control logic, but you may have to reconfigure it for the newer I/O. Do you have access to the code that changes the I/O configuration? Without that code, or a readily available patch from the PLC vendor, you may not be able to connect newer I/O to the older PLC, and older model PLCs may not support newer I/O networks even from the same vendor. One solution may be to upgrade the PLC to a newer model in the same familyone that supports both your control logic program and the new upgraded I/O. The upgraded PLC should support its own newer I/O, but it may not support all of the options that you need. Fortunately, several I/O suppliers offer modules that work with many networks. Unfortunately, not every supplier covers every network, so an OEM may have to mix and match products from multiple suppliers. For example, if a machine or robot needs a strain gage/load cell converter, the OEM must make sure one is available from the preferred supplier.
A6 February 2012
Applied Automation
Going wireless
Wireless I/O is gaining momentum in machine and robot control. While serial and Ethernet networks took decades to develop, wireless has made giant strides in just a few years. Many OEMs are still wary of wireless, just as they werent too sure about Ethernet when it was initially introduced for real-time control applications. Wireless I/O can be used for applications that traditionally required slip rings and drag chains that are difficult to wire; to replace highly-flexible cables that are prone to breaking; and in temporary installations, such as components that are being integrated into a permanent system. For robots in particular, wireless I/O can be very advantageous. The most obvious advantages of wireless I/O are the elimination of costs for running wires from the machine to the controller, and the simplicity of the installation overallwhich could result in lower maintenance and diagnostic costs. Were a long way from the completely wireless machine, but as industry gains more confidence with wireless, applications will continue to grow. Wireless I/O devices are generally available in both IP20 and IP67 versions.
Figure 4: IP67 devices are protected against dirt and water, and can be mounted directly on a machine or robot.
Diagnostics
One of the primary advantages of modern I/O devices is built-in diagnostics. I/O devices can transmit information such as short circuits, overloads, temperature extremes, status, and other diagnostic data, making it possible to pinpoint problems quickly and reduce machine downtime. For example, in DeviceNet systems, faults are transmitted as diagnostic alarms with associated parameters classifying them as major or minor. The parameters can contain either I/O-specific error codes or network-specific error codes. If the fault is generated in the remote I/O station, additional information can be supplied by the vender through diagnostics in the process data channel. Wear indicators or similar information for diagnostics can be signaled via two maintenance request priority levels. Standard Microsoft Windows software, such as Internet Explorer, can be used to diagnose network problems. For example, Phoenix Contacts Ethernet I/O has a built-in Web interface, allowing a user to view device status and
configuration information through Web pages. Another major development in machine control is remote access, where the OEM can diagnose problems from a PC, laptop, or even a cell phone thousands of miles away. An engineer simply gets on the cloud and connects to the remote machine or robot to view and change data in the controller and I/O. Using built-in diagnostics makes this task even easier, because a remote engineer can quickly identify problems such as short circuits or overloads in the I/O. For all of these reasons, machine builders and users are updating their legacy I/O systems, getting away from proprietary networks, and moving into the modern world of Ethernet-based communications. In an ideal world, all the sensors, control devices, and controllers would be interchangeable to meet various customer requirementsand so would the I/O hardware and networks. Ideally, an OEM or integrator should be able to install Profibus-based I/O on a machine when the customer wants a Siemens PLC, and the next day build the same machine with an Allen-Bradley PLC and DeviceNet. In practice, this is possible only if you select your I/O strategy and supplier carefully, making sure that all needed capabilities are supported in a cost-effective manner. Jason Haldeman is a product marketing lead specialist for Phoenix Contact. For more information, visit www.phoenixcontact.com
Applied Automation
February 2012 A7
safe ty systems
A8 February 2012
Applied Automation
Figure 2. Tool for designing safety instrumented functions (including SIL verification) based on FMEDA data.
requirements for a SIL 3 certification are much tougher than for SIL 2 certification, and those for SIL 2 certification are tougher than those for SIL 1. When an instrumentation sensor has been assessed by a competent, third-party agency and meets the requirements of IEC 61508, it is common to label it as a safety sensor or safety-certified instrument. The 2010 version of IEC 61508 introduced the term systematic capability, which indicates the best-case safety performance that the device can provide when it is applied per its safety manual. Certified devices can have a systematic capability rating from one to four that matches the SIL level of a SIF in which it may be used.
Complex electronics in a field-device transmitter makes for a lengthy analysis process requiring lots of hand work.
Applied Automation
February 2012 A9
safe ty systems
concept was in its developing stages. While several PLC products were IEC 61508 safety certified, there were fewer sensor devices at that time. The E+H Liquiphant Fail-Safe, a tuning-fork level switch, was safety certified per the German VDE0801/A1 standard in 1996. The first safety-certified sensor per IEC 61508 was the 345 pressure transmitter from Moore Products in 1998. Over time, additional sensor devices passed the tough requirements with strong growth, which began in 2006. Today there are a number of safety-certified sensor devices for almost any process variable from every major instrumentation manufacturer. Figure 3 shows a cumulative count of the number of safety-sensor devices. A list of safety-certified devices, including sensors, is maintained on the Safety Automation Equipment List (www.sael-online.com). This list is updated regularly as new certifications are added from a variety of competent certification agencies, while obsolete products are removed.
Applied Automation
microprocessors and larger memories. The sensor devices take full advantage of this processing power to provide high-speed statistical analysis of the process variable, much better automatic self-diagnostics, and more features. Given that the complexity of the new 2010-era designs is even greater than the safety PLC of 1999, the importance of software engineering quality is greater than ever.
Failure analysis starts with single components but also looks at various combinations as well as diagnostic capabilities.
mental or quasi-governmental. In the U.S., for example, accreditation is done by the American National Standards Institute (ANSI).
Path forward
It is not hard to imagine functional safety certification becoming a standard part of sensor devices. Hazardous area approval was an option in the early days of electrical safety standards. Today it is difficult to buy any field device without a hazardous area rating. As more and more devices are achieving functional safety certification, more manufacturers are making functional safety a standard part of the product development process. Functional safety will likely be a standard attribute of sensor devices in the future. This is indicated by one advertising campaign for a pressure transmitter product recently that said, Safety is not an option. Every device produced has the rating. This should provide a good return on investment as design quality improves and fewer mysterious field failures occur. William Goble, PhD, is principal engineer and director of the functional safety certification group at exida, an accredited certification body. His doctorate is in quantitative reliability and safety analysis of automation systems.
Online:
Find more information about safety sensors at: www.exida.com/certification See a list of safety-certified sensors, logic solvers, final control elements, and more at: www.sael-online.com
Applied Automation
ne twork ing
Jim McConahay
the current, it also has the ability to send multiple digital pieces of information via the HART data stream. Both process variable data and digital data can be transmitted by ne particular challenge for legacy plants is the HART slave or transmitter. This data can be used to to find an inexpensive and convenient way monitor the health of instruments or used by the process to take advantage of installed HART (highcontrol system or asset management system to optimize way addressable remote transducer) smart processes, assist in providing tighter control, or prevent devices. HART is a digital protocol that was unexpected process hiccups. In some cases, existing designed to allow transmitters to transmit plants may have hundreds of HART-enabled instruments. digital data and an analog signal simultaneously over traUnfortunately, for one reason or another, many plants have ditional plant-installed copper twisted pair, and many if not never exploited the capabilities of HART. most 4-20 mA field devices available include it. Users can In todays world of asset management, remote diagconfigure, interrogate, and diagnose transmitters locally or nostics, and advanced control, many plants would like to remotely via any point along the twisted pair. HART slaves extract that digital information, but their control system and can be wired in a point-to-point or multi-drop configuraexisting wiring cant accommodate it. The control system tion. In the more common point-to-point configuration, the may not be set up or have the capability to extract HART HART transmitter varies the current on the analog loop to data from the analog loop. A HART instrument can send represent the desired process variable. While it is possible up to four process variables via the HART signal: PV to monitor the digital HART data only, in a point-to-point (primary variable), SV (secondary variable), TV (tertiary configuration, it is rarely done. As the transmitter controls variable), and FV (fourth variable). Additionally, there are various bits and bytes of status data that can also be transmitted. However, if the control system cannot read the (MASTER) WLM Wireless Link NCS NET Concentrator additional process variable data Module System or any of the other diagnostic and status information from the digital HART signal, then that data goes to waste. Customers have a range of options to get this HART data, even Control or MODBUS in legacy and mature plants. Some Readout System DCS companies offer new upgraded analog I/O cards that have the (REMOTE) ability to pick off this HART data.
Module Number
Module Number
MODBUS
Modbus via wireless uses the same concepts as a wired network with the radio signal replacing the twisted-pair cable. There are possible complications due to encrypting practices, but these are critical for effective cyber security.
Applied Automation
However, these cards usually cost three to five times as much as the traditional analog I/O cards. Additionally, there are HART mux (multiplexer) bricks that can be installed on existing analog loops that have RS422 and RS485 outputs to asset management systems or DCSs. Again, these I/O mux bricks can be cost prohibitive. An optional route, using a HART to Modbus converter, can be cost effective and allows the flexibility of monitoring just a few or many loops at reasonable costs. With a HART interface module that supports Modbus RTU, all the HART data can be brought to the control system simply and cost effectively. An interface module is a smart device that acts like HART master on the front end and Modbus RTU slave on the back end. It can extract all of the digital HART data from the 4-20 mA signal without placing a burden on the loop. It then provides a display, and various possible other outputs. When a Modbus output option is selected, the HART data is digitally mapped to an internal Modbus memory map where it can then be polled by a PLC or DCS that is acting as the Modbus RTU Master. By multi-dropping various interface modules devices via RS485, this essentially becomes a scaled-down asset management system for a fraction of the cost.
Are you looking for an online tool to save time, reduce errors, and increase prots?
Wireless Modbus
A Modbus network can be set up fairly easily to work over a wireless link. Essentially, all the wireless link does is replace the twisted-pair cables with a transmitter/receiver at each end of the network. Many wireless radio manufacturers support the Modbus protocol. However, due to some encryption schemes and time delays that radios and modems use, it is important to consult with your wireless vendor before making the assumption that it is supported. Obviously the major advantage of wireless Modbus is the cost savings in wiring infrastructure. Signals that are needed from tank farms, well heads, and various other remote locations have historically been cost prohibitive to monitor and control. Fortunately, Modbus via wireless is transparent to the control system or host, and the slave. Like the systems described previously for legacy plants, the host system doesnt even know that a wireless Modbus network exists, because it doesnt have to deal with it. When a master makes a request to a slave and the packets arrive at the transmitting radio, that radio will usually re-order the packets and encrypt them before transmission. Once the RF (radio frequency) packets are received by the slave radio, it de-encrypts them and puts them back in order to represent a valid Modbus packet. Assuming that the packet has not been damaged or corrupted, it will then be sent to the destined slave. The slave will respond back to the master and the process starts again. Sometimes it is important to pay special attention to a Modbus communication parameter called timeout. Timeout is the amount of time that the master will wait for
Steam DesignPro from Spirax Sarco, Inc is your solution. Steam DesignPro has been created as a visual design tool for engineering and modeling HVAC steam systems. Youll nd everything at your ngertips to do your job better including:
Automated engineering calculations and design tasks on-the-y Easy functionality using a drag-and-drop method Eliminate common mistakes Decrease design time reuse work from job to job Minimal training required
Download Steam DesignPro now at www.spiraxsarco.com/us and/ or capture this QR code with a QR scan app on your smart phone for more information.
1-800-883-4411
spiraxsarco.com/us
Applied Automation
ne twork ing
companies that offer chassis-style slide-in communication cards and stand-alone gateways. Unlike Modbus RTU and Modbus ASCII, Modbus TCP allows multiple masters to poll the same slave device simultaneously. This is allowed because multiple messages can be sent, buffered, and delivered without the requirement of token passing or total bus control, which is often the case with many RS485 and RS422 protocols.
Modbus can support deployment of distributed controllers, which can improve determinism and reduce central processing loads.
a response from a slave before attempting a re-transmission. Depending on how well the radio is communicating, packets can be delayed, causing an unnecessary amount of retries and re-transmits. With todays FHSS (frequencyhopping spread spectrum) radios, most of these parameters can be massaged for efficient transfer of packets. However, proper radio site surveys that include signal strength and spectrum noise analysis can often prevent many communication hiccups.
A universal interface
While the modern control world continues to grapple with advanced concepts such as fieldbus and mesh networks, the simplicity of Modbus and its ease of implementation over so many communication media allow it to remain the most widely supported and implemented industrial protocol in the world. When users of existing legacy control systems discover the need to expand field instrumentation or add remote controllers, they very often turn to Modbus as a simple solution to complex problems. Moreover, when there is a need to connect an exotic device to a control system, using the devices Modbus interface often proves to be easiest method. Although it is one of the oldest communication methods, it is also the most popularfor very good reasons. Its easy to use, reliable, inexpensive, and connects to almost every sensing and control device in the control industry. Jim McConahay is a senior field applications engineer for Moore Industries-International. www.miinet.com
Applied Automation
We have the perfect package to fight contamination in washdown applications: 304 stainless steel bevel or inline gear reducer: 95.5%97% efficiency C-face or IEC input PTFE seals on output shaft smooth body minimizes particle/bacteria collection highly resistant to most acids, alkalis and corrosion 304 stainless steel C-face motor: ncapsulated stator + epoxy rotor e potted wire entrance inside conduit box patented oil/water resistant breather vent Movitrac LTE-B inverter: P66/NEMA 4X enclosure I SBus (CAN based) communicates with PLC single or three-phase input
seweurodrive.com
SIMATIC ET 200SP
www.usa.siemens.com/et200sp