Simplify industrial networks and machine safety

Machine safety networking, simplified: Combine safety and standard networking into one solution. The answer is a little like moving away from an out-of-control Facebook account.

By Tina Hull May 2, 2014

How can machine safety and industrial networks be similar to an out-of-control Facebook account?

There’s something I have a difficult time admitting. At first I created it only so it would be easy to coordinate training and running events with a few friends at work. Then I found some wonderful friends from high school I haven’t seen in a long time. Later, people were sending requests. I got carried away and started to accept them all. I tried setting conditions to see everything from my closest friends and only important updates from the others. As the software outpaced me with changes, I finally gave up and just let it happen as the software decided it would happen on any given day. Yes, it’s true. I have a Facebook account that reminds me a little of many machine safety and industrial networking applications.

So you might be thinking I should just cancel the Facebook account, forget about the hassle, and go back to the old-fashioned way of staying updated with people by talking on the phone. Besides, who even talks on the phone anymore? But this is where the real dilemma occurs. I actually enjoy being able to read the latest posts, especially when waiting at the airport or even in line at the grocery store. I just need a better way to manage my network of friends.

You may have experienced the same problem, if not on Facebook, then with your safety system. I can appreciate a really well-designed safety system, one that has all the emergency stop buttons positioned in locations easy enough for anyone to press, or the guard locking switch that is smart enough to allow the mold injection machine to finish its part before it allows the maintenance person in to make a conveyor repair. The safety control system is easy enough to manage with just a few devices and when it is focused only on safety.

Then management starts to go crazy and add a vision system to inspect the parts and delta robots to load good parts into trays. Oh yeah, they forgot to tell you that they want to see the status of everything from a human machine interface (HMI). Before you know it, the demands have you looking at managing a whole host of different systems. It’s nerve-racking just thinking about it. As you’re driving home contemplating how to handle this, you get a brilliant idea. All you need is an easy way to network everything into one system.

But wait? Are you even allowed to network vision, motion, logic, and the database on the same platform and your current safety control system?

Quite simply, yes! But hold on. Nothing is ever that simple. So what’s the catch? (Seriously, do you think I would have carried on this far?)

First, find a system that can already do it. Hey, quit laughing! They really do exist. Better yet, they are even allowed, and the safety side is still approved for safety applications.

Did you catch that? I said "safety side." Ensure the network system you select has a separate CPU dedicated to and approved for safety applications. The safety CPU is very strong-willed and protective by design. It won’t allow any other part of the network to override its function. Figure 1 is a sample. 

One network for standard and safety CPUs

You may have noticed that Figure 1 shows red and black I/O modules intermixed. Red ones are the safety rated I/O modules and black are for motion and vision. So you’re thinking either I like to waste a lot of money using safety rated modules for standard I/O, or I must be violating a whole host of safety standards. Guess what? It’s neither. Networking systems now have the capability to be intermixed at each coupler. It’s just so much easier. But how’s it accomplished? Simple: the "brain" of each part of the system resides in its respective CPU.

Can I tell you a little secret? You have to promise not to tell my boss. See, I explained that if anything ever went down, my estimated time to replace these units was only 5 minutes. He thought I was nuts, and said it should be at least an hour. There was no way I could even boot up the computer to reload the program in 5 minutes. Little does he know that replacing an I/O module is a simple click, slide out, replace, and click. No program loading is required for the unit I have. It’s all stored in the CPU. Many years from now, I may get an extra 55-minute break! 

Easy-to-replace modules

Where’s the cable for the safety? No, nothing is missing. In fact, this system uses EtherCAT, an industrial Ethernet protocol. The information is transferred as needed and the speed is race car fast, so it can all be transferred on the same line. Communication technology has improved so much in the last 10 years that this is now possible. However, it may drive certain fork =lift drivers crazy, with fewer targets to hit and destroy.

And the software for the vision and motion is integrated with the safety software. Isn’t this great? I had to learn only one PLCOpen-based program to manage everything. I still have my safety approved function blocks. 

One software for standard and safety programming

Now you might be wondering how I can manage to remember when I’m working on a safety application. After all, it would be pretty bad to intermix them. The safety side uses safety approved function blocks. All of the inputs and outputs requiring a variable on the safety I/O modules are highlighted in yellow. If you are color blind, no problem. The variable name also starts with a capital S. Other systems may differ. But I haven’t messed mine up yet, so I think you’ll do just fine.

This is all sounding way too good to be true, I’m sure, so now comes the more delicate question. What happens when there’s a need to receive or send a variable status between the standard and safety systems? (The most difficult part about the answer is using the word "exposed" without human resources coming after me. Let me explain.)

On the safety side, any non-safe variable can be exposed. This is practical for a simple reset button or to send an output status back to the standard PLC so it can be monitored on the HMI. After all, you want to know what protective device caused the shutdown.

Talking about HMI, how many times will everything need to be mapped so I can see the status on one display? Just once. I’m serious. One benefit about networking is that the I/O mapping can be done automatically. I know—I didn’t believe it either the first time they told me. The sample in Figure 3 even told me what I/O module and node it is on. Now I can simply give it a new variable name to use on the standard side and voila!—I’m ready to finish my program.

Now that I solved most of your networking questions, does anyone have a good solution for my Facebook settings problem? I hear Instagram is the new hot social networking media. Maybe I should give that a try.

– Tina Hull is product engineer, safety, for Omron Automation and Safety. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering, mhoske@cfemedia.com.

ONLINE

See additional information in this online version of this May Control Engineering article. See additional links at the bottom.

Key concepts

  • A tangle of standard control and safety devices is like an out-of-control social media account.
  • Standard devices and safety devices can use the same software platform.
  • Examples for working within a unified environment are provided.

Consider this

Lower costs and ease of use are among reasons for combining standard and safety networks. See these examples.

ONLINE extra

www.sti.com 


Author Bio: Tina Hull is TUV Functional Safety Expert and product engineer, Omron Automation Americas