Safety Networks Up and Running

If you can't actually see your safety network, then you'd better be absolutely sure you have some way of making certain it exists and is operating properly. Luckily, regulatory changes in the past couple of years are making it possible for developers to provide safety fieldbuses and related solutions, and give end-users the material, labor, and efficiency savings they need.

By Jim Montague December 1, 2004

At A Glance

Safety networks and communications

Fieldbuses duplicate hardwire-level safety

Generating savings, flexibility

If you can’t actually see your safety network, then you’d better be absolutely sure you have some way of making certain it exists and is operating properly. Luckily, regulatory changes in the past couple of years are making it possible for developers to provide safety fieldbuses and related solutions, and give end-users the material, labor, and efficiency savings they need. For example, the National Fire Protection Administration (NFPA) recently revised its rules to allow greater use of safety networks and/or safety PLCs. The organization had long prohibited using fieldbuses or other powered networks as part of its NFPA 79 regulations governing electrical equipment in industrial machinery.Likewise, the International Electrotechnical Commission recently published its IEC 61508 standard for safety-related electromechanical, solid-state electronic, and computer-based systems. This defines the safety integrity level (SIL), such as SIL 3, that safety fieldbuses and related products must achieve. IEC also recently drafted its 61511 and 62061 standards for process and control devices.

Inertia vs. economics

Despite these regulatory approvals, however, most potential end-users remain extremely reluctant to implement safety networks. This is usually for the same reason that they hesitate to replace hardwiring with any twisted-pair fieldbus: you can see point-to-point hardwiring, while you have to seemingly take it on faith that all the same functions are occurring on a single, low-power circuit. This is why the vast majority of industrial networks, still estimated at 75-80%, continue to be based on 4-20 mA hardwiring.

ODVA reports that its CIPsafety extension to its common industrial protocol (CIP) is the only safety protocol that is media independent, which allows seamless transfer of safety I/O messages from any point in a multi-segment architecture to other points in the same architecture.

However, this inertia is increasingly offset by equally traditional economic pressures bearing down on users to squeeze ever more efficiencies and savings from their applications. In fact, there’s evidence that the benefits of safety fieldbuses and reassurances about their integrity are fueling implementation plans. Recent research from the Open DeviceNet Vendor Association (ODVA) found that 18.2% of users surveyed in North America and Europe now buy safety PLCs, but 43.9% plan to buy them in the next three years. Also, while only 9.1% now use safety networks, more than 42% plan to in the next three years.

Pilz’ SafetyBUS p

To meet these expected demands, one of the most well-established safety fieldbuses, SafetyBus p from Pilz Automation Safety LP, recently doubled its capacity by releasing its new Programmable Safety System (PSS) SB2 that now allows users to connect one PSS to 128 nodes. Though it’s already reached 100,000 installed nodes worldwide, SafetyBus p is expected to continue growing because Pilz has released a variety of complaint products, including two SafetyBus p interfaces, and modules. Pilz also plans to launch its new SafetyBus next year to expand the system’s structure.

SafetyBus p is now five years old, and was built by Pilz, which started with a CANopen fieldbus system, and added capabilities for checking signals, timing functions for sending and receiving signals, and other software. These capabilities make this three-wire, isolated fieldbus safe by eliminating echoes, phantoms, and/or duplicated signals, and missed data. SafetyBus p also achieves Europe-based EN-954-1 Category 4 approval because the two-chip chipset in all its devices is based on a programmable safety system.

‘A lot of potential users are testing safety systems for themselves, and seeing the time they can save on troubleshooting,’ says Dino Mariuz, Pilz’ engineering manager. ‘Instead of using basic relays, they’re finding they can save 40% on labor over hardwiring.’

Profisafe

Another well-known safety fieldbus, Profisafe from the Profibus International, is based on PTO’s Profibus-DP and uses several transmission media, including RS-485 and fiber-optic cable. Three-year-old Profisafe adds a safety-focused layer to the Profibus protocol; runs over standard Profibus cabling; and provides added error-detection capabilities to achieve SIL 3 and get messages through without undetected errors.

John Swindall, test lab director at the Profibus Interface Center, says Profisafe’s layering method creates a ‘black channel’ that incorporates safety data into regular Profibus telegrams. Safety data include cyclic-redundancy checks (CRC), intended master/slave addresses, and sequence numbers to help check for missed messages.

Profisafe also is approved by Germany-based TÜV, the designated certification organization, which examined the algorithms and polynomials that Profisafe uses for its control calculations. Still, convincing potential users of Profisafe’s usefulness and safety capabilities isn’t easy.

‘Fieldbus engineers are a very conservative crowd, and those dealing with safety issues are even more conservative,’ says Swindall. ‘I think they’re starting to get over their reluctance to some extent, but users in the U.S. are still in the early stages of accepting safety networks. This is helped by the fact that Profisafe is mature and operates at 12 Mbps, which makes it the fastest protocol out there. This means users can run part of their system as a safety network along with some non-safety devices, and everything occurs on one bus without loss of system throughput.’

Besides launching numerous Profisafe-complaint products, developers and PTO’s parent organization are working to add Profisafe’s capabilities to Profibus-PA to cover process applications.

CIPsafety, DeviceNetsafety

To integrate safety and standard controls, so they can influence each other, ODVA recently developed and added its CIPsafety extension to its Common Industrial Protocol (CIP), which is the application layer shared by ODVA’s DeviceNet, EtherNet/IP, and ControlNet protocols. CIPsafety provides the base for ODVA’s new DeviceNetsafety protocol, which allows commands to be sent via an existing DeviceNet network.

‘This means that safety functions are built into the protocol. So, it isn’t the wire that ensures safety on a network; it’s they way the data is handled that makes the network safe,’ says Kimber Lynn Drake, marketing manager for Rockwell Automation’s presence sensing business. ‘This means a safety PLC can talk to both safety and non-safety components.’

CIPsafety’s specifications are scheduled for released in January 2005, and TÜV Rhineland is expected to issue its final certification of the protocol at the same time. ODVA is also planning a safety extension for its Ethernet/IP and ControlNet protocols.

Interbus Safety

To help users seeking safety network capabilities from the Interbus protocol, Interbus Club and Phoenix Contact have spent three years developing Interbus Safety. With a transmission speed of 500 kpbs or 2 Mbps, Interbus is certified and part of IEC 61158, and serves as Interbus Safety’s foundation.

This new protocol consists of safety code and safety data, which are combined into one data packet within Interbus’ standard summation frame protocol. Larry Komarek, Phoenix Contact’s automation marketing manager, says this summation method requires less data for communication overhead, which means Interbus Safety only needs 500 kbps to transmit the same data, in the same amount of time, that other methods need 1.5 Mbps to transmit. In addition, Interbus Safety’s 2 Mbps mode of operation delivers a response time of less than 10 milliseconds in typical applications, such as 1,000 standard I/O plus over 100 safety I/O.

Interbus Safety’s enabling unit is programmed with TÜV-approved function blocks, such as E-stop, two-hand control, or electrosensitive protective equipment in ‘SafetyProg’ Windows-based software, which is compatible with IEC 61131. This means that users don’t have to write their own code.

Interbus Safety meets safety functions up to Category 4 according to EN 954 and SIL 3 according to IEC 61508.

Komarek adds that Interbus Safety products are already being beta tested, and that a release in Europe is scheduled for the first quarter of 2005, with global rollouts to follow.

Online Extra

Safety equipment purchasing trends in North America and Europe

(% that presently buy vs. % that plan to purchase during the next three years)

Presently purchase
Plan to buy innext three years

Safety light barriers
54.5%
64.2%

Safety interlock switches
90.4%
90.4%

Safety floor mats
15.5%
28.3%

Safety edge guards
38.0%
47.6%

Safety relays
80.2%
81.3%

Safety PLCs
18.2%
43.9%

Safety networks
9.1%
42.2%

Redundant safety PLCs
12.8%
28.9%

Application specific controllers
20.3%
31.6%

Other safety equipment
6.4%
7.0%

Source: Control Engineering with data from ODVA and Intex Management Services