The motion control industry “is going to see a flood of new standards…that promote fresh, new ways to provide machine operator safety,” says J.B. Titus, manager of business development and industry standards at Siemens Energy & Automation. That is already happening.
The old way —point-to-point wired safety systems for automated machinery installations—is less than optimal, prone to failure, and costly to maintain.
The new way —safety networks based on standard industrial networks integrated into machine control systems—is more efficient, and less prone to hazardous work-arounds.
And, it’s preventing scenarios like this:
Dr. X came in to demonstrate a large custom proton accelerator to the customer’s top brass. He wasn’t going to turn on the high-voltage beam-energy power supply, but just show that the duoplasmatron proton guns actually spat out a 150 mA proton beam with an energy of 60 KeV.
Note that 150 mA at 60 KeV means a 9,000 W beam—enough to make the stainless steel beam-tube walls glow cherry red without cooling water to protect them. “Of course,” Dr. X explained while firing up the system, “we have installed interlocks to make sure operators can’t turn on the beam unless cooling water is flowing.”
Unfortunately, in his next breath he added: “We have disabled the interlocks during final assembly and testing. In the assembly and test area, we use intelligence instead of interlocks!”
Immediately after he said that, the group was startled by the sound of six 12-in. pneumatically operated vacuum valves slamming shut, followed by the blare of a klaxon as the vacuum system sensed that the beam’s heat had melted the copper vacuum seals. The cooling water was not flowing.
Today’s automated equipment installations are far more complex than that crude semi-manual control system. Instead of the dozen or so safety sensors it had, an automated production line today can have hundreds. Simple interlock switches hardwired to controller inputs just won’t do the job anymore.
Such interlocks are quite effective during normal operations, but less effective during installation and maintenance. They are especially ineffective during troubleshooting operations—when they are needed most.
Need for change
“People [once] believed that to be truly safe, you had to run a hard piece of copper from one place to another through some kind of conduit and put it underneath a hard screw and screw it down,” says Edmund Nabrotzky, general manager of Woodhead, a division of Molex. “You have to use a special electrician to do that. And every time you add another stop button or another safety gate, you need another piece of copper going from it directly back to a panel somewhere.”
That, for a long time, was thought to be the only way to make things truly safe. Reality is quite different.
“We’ve seen in actual installations that these things can be prone to failure,” Nabrotzky reports. “Their mechanical nature means that they can get stuck, and they can wear out. The contacts become less reliable, and some safety systems are disabled because they trip too often.
“We’ve also seen that it gets annoying…when something trips [the system] somewhere. The entire line goes down, and there’s no easy way to differentiate between something that’s a critical safety issue and something that is not. Generally, the line shuts down until somebody figures out what really happened, and then gets authorization to reset it.”
“Machines today move much faster,” Karl Rapp, branch manager for automation and machine tools at Bosch Rexroth Electronic Drives and Controls Division points out, “but human response is constant, so the old way of doing [machine control], by gating and adding switches (so that the system shuts down when you open the gate or hit an E-stop switch), is no longer adequate.”
In the 1980s, machine tool acceleration of 0.2 to 0.4 G was the norm. Today, machine tools can accelerate at 1– 2 G. Also, systems are quite complex and tooling is expensive. Halting motion whenever someone opens a gate or punches an E-stop can damage equipment. Besides, if you just cut power, the equipment decelerates in an uncoordinated fashion.
“Then, people put safety delay relays in, so if you hit an E-stop, spindles decelerate and critical axes stop in a coordinated manner,” Rapp continues, “so the controller has a chance to coordinate them to a stop.”
Still, errors have to be cleared, the system has to be enabled, and a person has to check to ensure all axes are coordinated. Visual confirmation needed to move relevant axes may be impossible from outside the gate.
This leads to repetitive cycles of making an adjustment, closing the gate, resetting the controller, powering up the system, jogging the system, powering it down, opening the gate to check, then repeating the process until adjustments are right. At best, the process is cumbersome. At worst, the crew disables safety featuress.
|Analog point-to-point safety systems can create a rat’s nest of copper wires (red) to bring sensor signals into the motion controller and drives to automatically cut power when tripped.|
|Networked safety systems use existing high-speed data networks to carry safety-related signals as well as control signals. Smarter sensors can send status information as well as fault information.|
Today’s state-of-the-art machine-safety technologies, strong in Europe and expanding elsewhere, includes two basic components:
Safety networks are safety versions of standard machine-control networks, such as CANbus, with additional protocol features that make it feasible to reliably carry safety-related signals as well.
Integrated safety is the concept of building safety related features—such as the ability to slow machine motion to human speed—into controller and drive hardware and software.
“In the middle ’90s a lot of end users pushed to have motion systems safer,” Rapp recalls, “so setup and recovery become safer. We developed a dual-channel strategy where the controller is on one channel, and the drive is on another. The command interface to the drive became digital and the I/O channel to the controller became a safety channel.”
It is important to stress that the I/O interface changed from point-to-point wiring of analog signals to bus-style transfer of digital signals. This drastically reduced the number of connections to be made and the number of conductors to be run.
At a minimum any signaling system provides two pieces of information for each sensor: the sensor’s output value and the sensor’s identification. In point-to-point analog systems, analog voltage or current signals the value, but sensor identification comes from which signal line carries the voltage. With serial-bus communications, both pieces of information appear in a burst of digital signals that transfer over the same set of conductors. Analog wiring complexity increases linearly with the number of sensors, while digital bus wiring complexity is constant. With CANbus, for example, two wires carry all of the signals, whether there are two sensors or 20.
“Multiple European vendors developed digital bus systems to provide safe motion without switching power off,” Rapp recalls. “In Germany in the ’80s, for example, there were already quite a few substantial machinery safety standards that they had built for electronically controlled machinery.”
European OEMs brought the technology to the U.S. in the systems they exported, but the approach was not exactly welcomed. While some U.S. end users made the local decision to accept it, others bought the equipment and added padlocked disconnects. They didn’t use the safe-motion system because every time they opened the door, the added interlock shut off the machine.
In the past few years, this situation has started to change. Efforts to harmonize U.S. and European standards have motivated U.S. industry to re-evaluate safety standards for electronically controlled moving equipment.
The International Electrotechnical Committee (IEC) is a prime mover in this effort. As part of the normal IEC maintenance cycle, the existing standard (IEC 61508) is currently being revised. European-style safety systems will be in. Point-wired systems will be out. As an IEC member, the U.S. will adopt the new standard. Final drafts of parts 1 to 7 are scheduled to be issued to national committees for voting in January 2008, with the final revision of parts 1 to 7 due to be fully published by May 2008.
More than convenience
“Networking does more than just save money on wiring and installation costs,” according to Woodhead’s Nabrotzky. “It also opens up a whole world of extra diagnostics and functionality that you can’t get through standard binary signaling. If a device is about to go down; if a lens on a photo eye is getting dirty; if the flow rate’s being impeded by a sticky valve, this diagnostic information can come across [the network] in complex data packets. That makes networks very, very valuable.”
You used to have a safety controller and a motion controller with the safety controller running all safety gates, safety mats, light curtains, and pushbuttons. “The new standard allows you to bring them together,” Nabrotzky says. “You no longer have two systems. Obviously that saves cost—you buy only half of the equipment that you used to buy—but it also means that you can start to do things that are very interesting.”
“Safety PLCs,” Siemens’ Titus points out, “provide distributed compliance with IEC 61508 with a smart fail-safe I/O card that allows quicker response to faults without burdening the PLC with overhead for safety monitoring.”
“Machines and the people can work much closer together,” Nabrotzky says. In an analog system, for example, a robot has a zone around it that’s been hard gated with security features. As soon as a human walks anywhere near the robot, the whole system shuts down. If you integrate the control and safety systems, however, it’s possible to know the robot’s position and what it’s doing. If it’s doing something on the left side of its workspace, and a person enters the extreme right-hand side of the safety zone, the robot may not need to shut down. It might make sense to keep operating as long as there’s no interference. If the program shifts activity to where the person is, an integrated intelligent system could use sensor input to recognize that and take appropriate action to ensure safety “[This] means you can use smaller plants, he points out.”
Safety networks and integrated safety provide opportunities to save real money in several ways:
Automation designers can stop running extra circuits, fuses, breakers, and lines of copper and conduit for safety systems.
They can tap into the control system network cable that’s already running through workcells.
They can have a much more intelligent set of choices in the control system and safety system.
A more intelligent safety/control system will keep running more reliably, with more safety and fewer false triggers.
Light curtains or area sensors remain, but connect to a network instead of just a signal wire. Networks save money, avoiding the need to run extra wires. In addition, with a more sophisticated signaling system, a light curtain can do more than just say, “I’m on” or “I’m off.” The light curtain can start to say, “I’m dirty” or “My ground is loose.”
Poring over safety network specifications and standards can become a nightmare of claims, counterclaims, and utter confusion. Two things remain clear, however, :
Virtually all popular machine control network standards have a safe-motion variant.
Virtually all major control-equipment manufacturers have safe-motion features built in or available as add-ons.
To simplify the task of picking a safe-motion system, start with the control network and equipment vendor of choice based on other criteria, then ask about safe motion and how the safety functions integrate with the rest of the system. Make sure the vendor understands that you want the system to comply with the new IEC 61508 standard and ask how the related products can fill the bill.
Look for safety networking (carrying safety related signals over the control network) and integrated safety (features that make it easier for humans to work closely with powered-up equipment without disabling interlocks).
“The world we’re living in right now [with] hardwired safety systems…is constructed with a lot of pipe and wire connections, a whole cabinet full of relays and breakers, and a separate controller just for the safety system,” Nabrotzky summarizes. “In the future world, all that equipment goes away…. Safety and control are integrated in a way thatsaves money and keeps your plant running.”
Safe machine-control networks
|Safety bus||Built on||Features||Vendors|
|GuardMotion||SERCOS||With the Safe-off capability, the drive output is safely disabled to eliminate motor torque.||Rockwell/Allen Bradley www.rockwellautomation.com|
|Profisafe||Profibus||Profisafe safety measures are realized in software and added as a Safety Layer to the top of the Profibus layer 7 (ISO/OSI model) with no change to the other layers. The safety layer is responsible for the communication of safety relevant user or process data (safety application) besides the unchanged existing standard application for non safety critical functions, like diagnosis. Safety devices are connected to the same single transmission line as standard devices and communicate with an additional safety controller or a combined standard/safety-controller. Thus Profisafe uses a single-channel transfer.||www.profibus.com|
|Profisafe||Profinet (Ethernet)||Both safety-related and standard communication are possible via the same Profinet bus cable.||www.profinet.com|
|SafetyBus p||CANbus||Sensors and actuators are connected to the SafetyBus p system via decentralised I/O modules. In the application, components that belong together logically can be configured as groups and switched off separately in the case of an error.||www.safetybus.com|
|SafetyNet p||Ethernet||Open standard, real-time-response, safety features are incorporated in software drivers.||www.safetybus.com/4_Service/4.6_Service_Safetynet.htm|
|SERCOS III||SERCOS||The SERCOS interface provides the flexibility of configuring multi-vendor control systems with plug and play interoperability. Designers are not limited to products from one manufacturer, but are free to choose the best-in-breed to solve individual motion and I/O control problems.||www.sercos.com|
|C.G. Masi is senior editor. Reach him at firstname.lastname@example.org .|
6 ways to wire up savings in industrial networking
Wire and cables—metal and fiber-optic—transmit the bulk of industrial network communications. Technology trends in cabling include materials and designs that ensure signals inside are shielded or conditioned enough to be useful. Other trends include:
Design challenges . Frank Koditek, industrial market manager for Belden, says the reality of industrial Ethernet implementations reaches past connecting workstations and consoles, requiring Ethernet cable runs into harsh industrial environments, far beyond commercial conditions. Cable designer considerations include:
Robotic/continuous flex and motion applications where cables must deliver specified performance while flexing on equipment, such as robots, C-tracks, and other repetitive motion equipment.
Temperature ranges that can vary from sub-zero, where most jacket materials crack or shatter, to high temperature furnace applications that can cause materials to deform or melt.
Crushing, abrasion, and cut-through hazards that will damage an installed cable and interrupt or shutdown a network.
Oils and solvents that will immediately or over time damage or destroy the cable jacket and degrade or interrupt electrical performance.
Exposure to outdoor environments and burial applications where rain, sunlight, or immersion will degrade cables and performance.
Distance, isolation, and immunity. Ethernet, a hot area of cabling, offers coaxial, twisted-pair, and fiber-optic options, says George Thomas, president of Contemporary Controls. Among the three, fiber offers greater distances, galvanic isolation, and immunity to electromagnetic interference and lightning strikes, he adds.
Material advances. Turck, which counts industrial network cordsets among its offerings, says material advances have helped industrial networking considerably, allowing users and OEMs to better match cable jacket to environmental needs. PVC (polyvinyl chloride) is standard, multipurpose cable jacket material typically used for network cable. But network connectivity’s increase in popularity has pushed it into environments where traditional PVC cannot go.
|New materials make cable stronger, as evidenced by this expanded line of Belden Data Tuff Industrial Ethernet Cables.|
To address this, manufacturers are now using other materials like TPE (thermoplastic elastomers) and PUR (polyurethane) for network cable jackets, Turck says. TPE provides increased flexibility and is resistant to weld slag, for automotive applications or others using welding or robotics. PUR is much more resistant to abrasion than PVC, expanding network cable to friction-filled areas. Halogen-free cable jackets are important for areas where there is a risk of fire, Turck adds.
Extreme flexibility. Some cables are oil resistant and flexible for power and control cable and have exposed run approval, according to Lapp Group. Such cables can be highly crush-resistant and comply with the NEC Hazardous Area Standard for flexible cables for use in Class 1, Division 1 locations, meeting RoHS (Restriction of Hazardous Substances) requirements of the European Union, with UV resistance and approval for direct burial.
Copper or fiber options. Rockwell Automation says manufacturers are dramatically increasing the use of the information and control capabilities built into existing platforms, including connecting I/O modules that connect to EtherNet/IP (an industrial Ethernet protocol) using copper or fiber optics.
Shorter cable runs. Opto 22 engineers note overall network savings when cable runs can avoid the use of hubs or switches, using Ethernet in a daisy-chain configuration, rather than star design.
For more information, visit:
|Mark T. Hoske is editor in chief. Reach him atMHoske@cfemedia.com.|