|
At the Hannover Fair 15
years ago, AS-Interface first demonstrated its functionality with a
single-network Master for up to 31 slaves and a network length of 100 m by
showing research samples. Next was the AS-i dual network Master, and after that
they increased the number of slaves to 62 per Network. Later, the Safety
Monitor for Safety at Work, now available as a second-generation
device1 with integrated Master, safe remote outputs, and online
diagnostics (see sidebar), was introduced. Additionally, Bihl+Wiedemann now
offers a Safety Monitor evaluating two networks at the same time, also
presenting the ability to safely combine up to 31 AS-i networks without
additional hardware. Furthermore, this Safety Monitor supports up to 16 release
circuits and up to 16 safe outputs and can process a significantly larger
programs without an increase in reaction time. But that is not all! This
document describes the principle of operation of this monitor and its
advantages for the user.
The
principle of operation:
 |
| Fig. 1: The new monitor is able to evaluate and operate the safe
inputs and safe outputs on two separate Safety at Work networks using only one
configuration. |
The
development of Safety at Work was based on the observation that for most
applications it is sufficient to safely stop a potentially dangerous system if
a critical event occurs, or more precisely: to get the system into a "safe
state". When using AS-Interface there is no need for complex, redundant
operating systems or safety PLCs. The safety related procedures are transferred
to the lowest level, the AS-i level.
While the PLC and Master control the
application during normal operation, a Safety Monitor will take over control in
case a "critical event" occurs, doing what must be done from the safety point
of view. A "critical event" is for instance the activation of an E-stop,
opening a protective gate, accessing a Safety at Work sensor, a peripheral
voltage drop, a reoccurring communication error, or outright failure of a
slave. If any of these events occur the Safety Monitor takes over control of
the system and brings it into the safe state. This is achieved by either
removing power from sections of the system or by switching off safe outputs.
What exactly happens, which indicators are relevant, and which parts of the
system are involved is defined by the Safety Monitor's configuration, designed
specifically to fit each application and system. For larger systems the
configuration defines release circuits that can be switched off independently
while other system parts can continue to function without interruption. To
understand the functionality it is important to know that during regular
operation – i.e., without the occurrence of a "critical event" – the
network functions as a standard AS-i network: The PLC exchanges data with each
slave through the network Master and thus controls the system just like in any
other AS-Interface application.
The new Safety Monitor from Bihl+Wiedemann
is used to safely connect multiple AS-i networks. It can always be connected to
two AS-i networks and by offering the option of configuring 16 release circuits
enables the possibility to design large networks with a high degree of
flexibly. There are two different optional configurations:
Two Safety at Work
Networks
2nd Generation
Safety Monitors
Basic
characteristics:
- For safety applications according to Sil3/Cat.4
- System status and detailed diagnostics in clear text on the monitor
display
- Transmission of all diagnostics values to Master and application
software as AS-i 3.0 slave
- Software replacement through memory cards
- Switching at great distances through safe Safety at Work
outputs
Monitor allows safe connection
of several partial networks
Additionally:
- Connects two separate Safety at Work networks without additional
hardware
- Connects up to 31 Safety at Work networks by using a coupling
network
- Permits 16 release circuits per monitor with the ability to switch 4
of them integrated in the monitor within 40 ms (two as relays, two as fast
electronic outputs)
- Operates up to 16 independent safe outputs per monitor
- Additional safe outputs using the same address are
possible
- Configurations with up to 256 devices are possible without prolonging
the reaction time; almost any number of configuration blocks is possible with
prolonged reaction time
- Separate inputs directly into the coupling network
- New configuration and diagnostics software ASIMON 3
BW
|
In this
basic configuration both networks are treated equally but are galvanically
separated and controlled by two Masters (or one Dual-Network Master, see figure
1). The monitor listens to both networks, using two independent receivers
circuits. However, it processes the information jointly and thus creates a
higher-level structure for all safety functions concerning the release or
deactivation of individual components or release circuits. In other words, the
Safety Monitor is truly one device (as opposed to being two Safety Monitors in
one housing). Consequently, the Safety Monitor utilizes one program to process
all safe inputs and outputs of the two AS-i networks and thus is always in full
control. The monitor transmits its diagnostic data to the Master and the PLC
using one of the two networks. Special connections or hardware are no longer
necessary.
What if more than two Safety at
Work networks are involved?
In this
case the Monitor operates two hierarchically different networks. One is a
"local network" as described above. The second one is a "coupling network" that
connects the Safety Monitors of several Safety at Work networks and therefore
constructs a network of the local networks (see figure 2). As such, each of the
connected monitors is configured as a safe input slave on the coupling network,
transmitting a "global variable" to the coupling network describing for
instance the release status of their "local" Safety at Work networks. All other
monitors are monitoring this data exchange in the coupling network. Therefore,
each monitor in a coupling network is a sender and a receiver at the same time.
And since every monitor – like in two networks with equal rights –
processes the data of both networks concurrently, all global variables can also
be used in the monitor’s own local network. For example, the current value
of release circuit 4 in local network 5 is able to directly influence local
network 17.
Three important considerations:
 |
| Fig. 2: Up to 31 Safety at Work networks can be connected safely
using a coupling network |
- The network
connections are safe since the sender as well as the receiver work
assafety-related devices. To achieve this, a safety PLC is not
needed.
- Each
individual Safety Monitor is able to send more than one global variable into
the coupling network as each monitor can be configured many times as a slave
with different slave addresses and different code tables. The limit for this
concept is mostly of theoretical nature: The capacity of the coupling network
is defined by the maximum number of permitted safe inputs which is 31. This
means: When coupling 31 local networks each can send one global variable, and
when coupling three local networks each can exchange 10 variables through the
coupling network. This is more than enough for any real
application!
- Additional
safe inputs, e.g., one or more E-stops, can be connected directly to the
coupling network and then affect each of the local networks. It is not
necessary to read their data through one of the Safety Monitors.
Extended configuration
capacity
In order to
work with this considerably extended monitor concept and not run into
limitations, the remaining device technology was enhanced as well:
- Each Safety
Monitor can now operate up to 16 release circuits.
Of these 16 release
circuits four can be switched in less than 40 ms by using OSSDs local to the
monitor. Two switches are implemented as relays and two as fast electronic
outputs.
- The Monitor
is able to operate up to 16 independent safe output groups2. (As
with any other safe output several safe outputs can be controlled via the same
address. This further increases the number of safe outputs.)
- The allowed
size of the configuration is by default limited to 256 devices, i.e. up to 256
safe functions can be processed by one configuration without prolonging the
reaction time of the Monitor.
- In special
cases where 256 devices are not sufficient, the allowed number of devices can
be increase by the manufacturer. Theoretically, this enables the use of an
unlimited number of devices but results in longer reaction times.
- The
programming and diagnostics software ASIMON 3 BW now permits configuration
using function block flow charting, offering a simple graphical display during
diagnostic operation and configuration.
The
Advantages:
The
concepts of operating two Safety at Work networks with one single Safety
Monitor or safely connecting up to 31 networks through one single coupling
network, offers numerous advantages for the user:
- The number
of hardware components for a system decreases, thus reducing cost, installation
time, and space requirements. This is especially true when the integrated
Safety Monitor with dual Master and PROFIBUS connection is used.
- For two
Safety at Work networks the new Monitor operates with a single configuration
for all safe inputs and safe outputs on both AS-i networks: The Monitor
processes the signals of all safe inputs and switches the safe outputs in both
networks to "safe" or "released", and, thus, safely operates up to 16 release
circuits. This is easier and clearer than the conventional solution with one
configuration per AS-Interface network. Additional software or interconnections
are unnecessary.
- When using
more than two Safety at Work networks, up to 31 networks can be connected
safely and up to 31 global variables can be transmitted into the network. The
coupling network does not require a separate configuration. The global
variables are simply defined and then included into the configurations of the
local networks.
- Additional
safe inputs can be used directly on the coupling network.
- For every
monitor 16 release circuits are available. Relays or fast electronic outputs
operate four of these release circuits directly inside the unit. The others are
connected to the network via safe outputs. Thus, the flexibility is increased
and the installation is simplified.
- The number
of possible independent safe outputs per monitor is now 16. Multiple actuators
can share an address.
- By default
the number of devices in the configuration is limited to 256. This ensures that
the reaction time of the system is not increased. Consequently, the user can
under all conditions assume that the reaction time remains
unchanged.
- The
manufacturer can remove this limit so that an arbitrary number of devices can
be used. This allows the implementation of very large
configurations.
- The new
configuration software ASIMON3 BW enables the user to design the monitor
configuration by using function block flow-charting and to graphically display
the diagnostic results.
- The system
is cost efficient as it refrains from the usage of higher-level safety
solutions. Therefore, it is optimal for most situations and does not make use
of complex hardware.
- The Safety
Monitor is universally usable since it permits operation with any PLC and any
Master, and is also not limited to be used with products from a particular
manufacturer. The interoperability of AS-Interface, one reason for its success,
remains unchanged.
Exaggerated?? Is such a super
monitor really what we need?
The answer
to this question is clear when one considers the basic principle of Safety at
Work: Standard and safe I/O are part of the same network. Since the number of
standard components in typical installation considerably exceeds the number of
safe components and since complex networks are frequently segmented by the sub
functions of an application, large networks with multiple sub-networks are the
rule. This, however, allows standard and safe functions to be in one system.
The Safety Monitor as described here operates without safety PLC or
safety-related Master, and offers the necessary safe connections for extended
networks by combining many partial networks.
Now it is possible to safely
combine up to 31 Safety at Work networks with several hundred inputs and
outputs and a total network extending over several 100 m. What advancements in
just 15 years!
| |
Product |
No. |
Primary usage |
 |
Standard monitor |
BW2044 |
for single networks with existing
Master |
 |
Standard monitor |
BW2027
BW2109 |
for single networks with
Bihl+Wiedemann Master with integrated Master |
 |
AS-i network monitor |
BWU2000 |
for the connection of two or more
Safety at Work networks with existing Master |
 |
AS-i network monitor with
integrated Double Master |
BWU2001 |
for the connection of more than
two Safety at Work networks with Bihl+Wiedemann Masters |
 |
AS-i network monitor with
integrated Master |
BWU2003 |
for the connection of more than
two Safety at Work networks with Bihl+Wiedemann Masters |
Fig. 3: Available Products
|
