Safety over industrial communication networks

Industrial Ethernet is becoming easier to use for industrial safety applications. Standards, trends, and technologies are helping with industrial Ethernet-based safety systems.

By Joey Stubbs July 12, 2017

Implementation of an industrial safety network using Ethernet can be simpler with more standard configuration tools that are easier to program and use, reducing cost, and complexity. 

Standards for safety-rated protocols

The majority of the standards for transmitting safety-rated protocols via Ethernet have been around for more than 15 years. The major specifications that define the requirements of modern digital safety systems are contained in the following standards, International Electrotechnical Commission (IEC) 61508 Functional Safety of Electrical/Electronic/Programmable Safety-Related Systems and IEC 61784-3 Industrial Communication Networks – Profiles – Part 3: Functional Safety Fieldbuses – General rules and profile definitions. (Safety-over-EtherCAT protocol is referred to as functional safety communication profile [FSCP 12] in the IEC 61784-3 specification.) The first digital safety systems were dedicated controllers with separate, proprietary communication buses. This was a step forward for safety implementation, but required additional hardware, programming software, licenses, and an additional fieldbus for the machine designer and end users.

The availability of fast and efficient industrial Ethernet systems such as EtherCAT made it possible to use the "black channel" approach recommended in IEC 61784-3. However, this was accompanied by the important recommendation that the safety data channel not exceed 1% of the maximum failure probability of the target safety integrity level (SIL) safety rating for which the safety profile is designed. This enables safety protocol containers to be "tunneled" inside the fieldbus system, considerably simplifying the hardware and software for safety systems. Most devices for EtherCAT functional safety over EtherCAT (FSoE) are rated for SIL3. 

Trends for FSoE

The trends for FSoE have been the acceptance of safety logic controllers and safety input/output (I/O) devices from multiple vendors. There are 27 companies making products that complement a FSoE system. This falls in line with the multi-vendor acceptance of EtherCAT in general, which has 200 master controller vendors, 105 I/O vendors, and 160 drive vendors.

Additionally, the availability of servo drives with safe motion functions onboard has streamlined automation design for vendors and users of motion control products because the motion controller can issue safety function commands directly to drives for safe stop, safe torque, and safe position (see Table). In addition, there is no longer a need to power down the drives, which was always a point of debate when considering whether a freewheeling flywheel, for example, actually established the safest conditions following an E-stop button push. 

Table: Safety function commands for drives
Safe torque off (STO): Shuts off power to the motor without disconnecting power to the drive. STO is used for emergency stop situations and to prevent unexpected motor movements.
Safe stop: Uses a controlled ramp-down (deceleration) to safely stop the motor, and then activates the STO function
Safe position: This function transfers the safe position actual values of the drive to the higher-level controller. This function can be used to implement a reliable range positional travel for specific axes. If the safe position is out of range the axis will STO to prevent motion.

The benefits of advanced technologies

Configuration tools for FSoE have become more standardized over time. Users no longer have to maintain separate safety programming tools or licenses for each vendor’s products. Configuration and programming tools are available for free from multiple EtherCAT hardware and software vendors, and these can configure any vendor’s FSoE devices, eliminating the need for additional programming tools, training for additional software platforms and programming languages, and the need to purchase and maintain additional licenses. This enables the FSoE user to easily implement a SIL3-based safety system while reducing cost and complexity. In addition to the budgetary benefits, users also will be able to implement more safety technology in more places as a result of these savings.

Joey Stubbs is a North American representative at EtherCAT Technology Group. Edited by Emily Guenther, associate content manager, Control Engineering, CFE Media,


Key Concepts

The requirements for modern digital safety systems.

Standards for transmitting safety-rated protocols.

Advanced technology for safety programming tools.

Consider this

Since safety systems could be networked instead of hard wired, what savings have you realized?

ONLINE extra

See other safety protocol coverage in this issue and through this link.