News & Events

Would you like to subscribe?

• You can easily subscribe to Automation Today by filling out a simple online form.
• _
  … other newsletters
  
  
• Update
• e-News

Download full pdf

• Click here to download a full pdf of the current issue (2.2 MB)

Automation Today

• Overview:
  Overall Equipment Effectiveness

Latest News

• Collaboration aims to integrate manufacturing and IT
• Strategic Alliance with Endress+Hauser
• The right event for you…
• Study endorses integration

Feature story

• Scaleable visualisation solution

Case studies

• Pharmaceutical manufacturing
• Acemal
• Fluxys LNG
• Deco

Truly integrated safety

Refined safety legislation and new developments in technology have opened up a tantalising possibility in safety network implementation: the ability to put safety control devices alongside standard control devices on the same wire or network. Rockwell Automation’s Dr Richard Piggin, a UK expert and ODVA liaison to IEC SC65C/WG12, currently developing IEC 61784-3, Functional Safe Communication, describes the paradigm of truly integrated safety.

It seems only yesterday that we were talking about how the move from hard-wired systems to network architectures represented a fundamental change in machinery safety. But such has been the take-up of the so-called safety network that it is easy to forget how recently the change in machinery safety legislation – and in particular the introduction of IEC 61508 – made it all possible. So the challenge now is not to implement a safety network, but rather to integrate that crucial aspect into the overall network architecture.

IEC 61508 redefined the way safety systems are assessed – switching from a prescriptive, rules-based approach to a goal-based approach. This enabled manufacturers to move away from hard-wired safety systems, and to take advantage of safety controls and networks. The sense of déjà vu was palpable, echoing the moves two decades previously within the standard control environment from relays to PLCs and from parallel wiring to fieldbus. And the benefits have been the same too. Installation times and therefore costs can be dramatically reduced, while the overall flexibility of the safety system to accommodate change is increased. Improved diagnostics, ease of testing and modularity all make the safety network easy to maintain, so helping to reduce downtime. And more sophisticated systems become easier to understand and implement.

Safety networks have evolved very quickly. In early implementations, the safety network was kept completely separate from the standard control network; indeed, there are some companies today that still insist that this strategy is the only way to guarantee functional safety. But the need to run a separate, quite distinct and often unrelated safety network alongside the standard control network has distinct disadvantages. In particular, installing and supporting two completely different network architectures is far from ideal. A better approach is to implement the safety network as an actual extension of the standard control network, with safety devices and standard control devices connected on the same wire.
The latest technological developments mean that such a strategy is a reality, without compromising on stringent safety standards. In particular, there is the possibility of implementing safety networks as extensions to open fieldbus networks such as DeviceNet and EtherNet/IP.

How might this be possible? The key lies with the Common Industrial Protocol (CIP) – the open, common application layer shared by DeviceNet and EtherNet/IP, as well as other CIP networks including ControlNet. In 2005, the CIP Safety Specification was published, providing functional safety extensions, CIP Networks and extending the application coverage for CIP to include integrated safety communications in accordance with IEC 61508 SIL 3 and EN 954-1 Category 4.

The first practical implementation of CIP Safety was on DeviceNet, bringing all the benefits of improved diagnostics and ease of commissioning that users have long enjoyed with standard DeviceNet. The result, DeviceNet Safety, not only looked and felt like standard DeviceNet, it offered the possibility for true integration with standard DeviceNet, allowing users to connect safety devices and standard control devices on the same wire or network, either with or without a dedicated Safety PLC or controller. More recently has come the announcement of CIP Safety on EtherNet/IP, the prevalent industrial Ethernet specification, offering a simple means of integrating safety networks into exactly the same Ethernet architecture as used by standard control devices, the rest of the enterprise and even the Internet.
CIP Safety provides integrity through the use of an extensive set of TÜV-approved protection measures. It assures transmission integrity by detecting communication errors and it enables application integrity by allowing devices to take the appropriate actions. For most applications, when an error is detected, the device will go to a known de-energised state, typically called a safety state. The safety code in each device is responsible for detecting these communication errors, and is executed in a high integrity section of safety devices, typically using redundant hardware, which has been approved by a certification agency.

While helping to guarantee safety is paramount, DeviceNet Safety and EtherNet/IP Safety also deliver significant integration benefits by providing the same seamless bridging and routing capabilities offered by standard CIP networks. So a safety node on one DeviceNet Safety network segment can communicate seamlessly with another safety node on a separate DeviceNet Safety network segment, even across multiple layers of CIP networks. Similarly, a node on an EtherNet/IP Safety network segment can communicate seamless with other nodes on different layers and network segments.
CIP Safety on EtherNet/IP does not replace CIP Safety on DeviceNet. Rather, the two serve different applications. When to use EtherNet/IP or DeviceNet for safety will depend largely on the same requirements for standard EtherNet/IP and DeviceNet communications. Factors such as distances, packet length, response time, device cost and device power requirements will determine which network makes the most sense for a particular application. In an application where large distances, larger safety packet sizes or greater throughput is required, CIP Safety on EtherNet/IP will have advantages over DeviceNet. In applications where DeviceNet bandwidth is sufficient or power via the network is required, DeviceNet may have an advantage over EtherNet/IP.
In both cases, more and more compatible safety products are rapidly being brought to market. Rockwell Automation already has a full suite of products available for DeviceNet Safety, including safety input/output blocks, safety interlock switches, safety light curtains, safety drives and safety PLCs, and the company is steadily introducing a similar portfolio of products and solutions for EtherNet/IP Safety.

Overall, the benefits for manufacturers in moving to truly integrated safety solutions are enormous. Hardware costs are also minimised, since components can be used by both the standard and safety portions of the system. Manufacturers can also reduce their software and support costs; the same software can be used throughout the plant, and operators only have to learn one architecture. Scalability is easy, since the integrated system continuing to evolve, as needs demand, with the addition of new safety components or entire new network segments. Depending upon system requirements, engineers can deploy and distribute the necessary hardware to meet the application demands, whether on an individual machine or within an entire facility.