PROFIsafe: Networked Functional Safety

Implementing functional safety over a network reduces the number of components, wire, and cabinets; speeds installation and commissioning; and increases uptime. With PROFIsafe, PI’s functional safety application profile, messages are exchanged transparently between Profibus (a serial fieldbus) and Profinet (an industrial Ethernet).

07/24/2012


If you are not implementing functional safety over a network you might as well be creating relay ladder logic on D-size vellum with a universal arm drafting machine—and realizing the design with actual relays and lots of wire.

Actually, for decades after the introduction of the PLC and fieldbuses, relays and hardwiring were still required for safety. Then in 2002 machine wiring standards were revised in the U.S. to permit implementing safety in logic controllers and transmitting safety messages over a network. Finally the benefits of PLCs and fieldbuses could be realized for safety. And now 10 years into the networked functional safety era, it’s time for you to realize these benefits in your own facilities.

Networked functional safety architecture showing PROFIsafe-enabled devices in yellow: controller, IO, drive, and process instrument. Courtesy: PI North AmericaTo get you started: What do we mean by networked functional safety, how does it work, and why would you use it?

Safety via communication protocol

The overarching safety standard IEC 61508 defines safety as “the freedom from unacceptable risk of physical injury or of damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment.” This makes functional safety “part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.” With the safety messages transmitted over a fieldbus or Industrial Ethernet we have networked functional safety.

Functional safety is more than moving and reacting to safety messages. Functional safety begins with risk assessment. Having been assessed, risk can be mitigated in many ways from signage to guarding to safety circuitry. In implementing safety circuitry, networked functional safety is bookended by safety IO and a safety controller. Networked functional safety is more than the network—the network needs safety-rated IO on one side and a safety-rated controller on the other.

Networked functional safety can apply in the factory where discrete logic predominates or in the process plant where process instruments containing multiple variables and diagnostic data predominate. Motion control also is subject to networked functional safety. Once the only safety options available for motion were removing power and applying external brakes, but now additional safety options are available—options like “go to safe position.”

Secure messaging

Networked safety relies on a concept called “the black channel,” which tunnels through the fieldbus or Industrial Ethernet protocol to provide secure messaging. By doing so, other aspects of the network are not safety-relevant. So you don’t need safety-rated cable, connectors, gateways, or Ethernet switches. You can compare the black channel to a VPN connection in the Ethernet world. Virtual Private Networks (VPNs) create an encrypted tunnel through Ethernet infrastructure. This prevents other devices or activity on the network from interfering with the VPN traffic. 

PI (Profibus and Profinet International) pioneered the creation of the black channel through academic and practical activities over 12 years ago. To meet safety-certifying agencies requirements, PI came up with the following remedies to the listed potential failures:

 

PI PROFIsafe: Failure types and remedies

 Failure type

 

Remedy

 

 

 

Consecutive number

 

Time out with receipt

 

Codename for sender and receiver

 

Data consistency check

 

Repetition

 

X

 

 

 

 

 

 

 

Deletion

 

X

 

X

 

 

 

 

 

Insertion

 

X

 

X

 

X

 

 

 

Re-sequencing

 

X

 

 

 

 

 

 

 

Data corruption

 

 

 

 

 

 

 

X

 

Delay

 

 

 

X

 

 

 

 

 

Masquerade (standard message mimics failsafe)

 

 

 

X

 

X

 

X

 

FIFO failure within router

 

 

 

X

 

 

 

 

 

Courtesy: PI North America

 

The remedies are embedded in the data packets. If one of the remedies shows a failure (which must be detected in the receiving logic controller), the system will treat it as a safety event which returns all values to a predescribed safe state.

Because the black channel isolates the safety information in the fieldbus’ or industrial Ethernet’s data stream, connecting cables, connectors, and devices are not safety-relevant. Their failure would be detected by one of the remedies in place and a safety reaction would be generated.

In the case of PROFIsafe, PI’s functional safety application profile, the messages are exchanged transparently between Profibus (a serial fieldbus) and Profinet (an industrial Ethernet). Any type of media can be used: copper, fiber, or wireless. Devices in the discrete, process, or motion control application spaces can communicate to the same safety controller, allowing comprehensive safety scenarios.

Less cost, more uptime

There are technical and business benefits in using networked functional safety. The technical benefits of using a fieldbus transfer include a reduced number of components, less wire, fewer cabinets, faster installation, and faster commissioning.  Some business benefits derive from these, but the big addition is uptime. Just as a fieldbus and Industrial Ethernet can convey diagnostic information, networked functional safety does. In addition, manual maintenance in verifying switch and other safety functions is minimized since the system continually verifies this functionality.

A manufacturer of automotive body lines converted from hardwiring of safety circuitry to PROFIsafe and reduced the number of safety components by 85%. The amount of wire needed was also greatly reduced. The line needed less floor space since there were fewer enclosures. And the factory start-up time was reduced from several weeks to an afternoon.

Networked functional safety is a proven technology, widely used. Using it is a competitive advantage.  As an ARC white paper puts it: “Safety has evolved from being a cost burden to a strategy for improving productivity and reducing downtime.”

- Carl Henning is deputy director, PI North America (Profibus and Profinet in North America, formerly PTO); Edited by Mark T. Hoske, content manager CFE Media, Control Engineering and Plant Engineering, mhoske(at)cfemedia.com.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Learn how to create value with re-use; gain productivity with lean automation and connectivity, and optimize panel design and construction.
Go deep: Automation tackles offshore oil challenges; Ethernet advice; Wireless robotics; Product exclusives; Digital edition exclusives
Lost in the gray scale? How to get effective HMIs; Best practices: Integrate old and new wireless systems; Smart software, networks; Service provider certifications
Fixing PID: Part 2: Tweaking controller strategy; Machine safety networks; Salary survey and career advice; Smart I/O architecture; Product exclusives
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Look at the basics of industrial wireless technologies, wireless concepts, wireless standards, and wireless best practices with Daniel E. Capano of Diversified Technical Services Inc.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.