Integrating Safety and Control

By Dan Hebert, PE, Senior Technical Editor

Until recently, machine and robot builder OEMs needed two automation systems. One of them controlled the machine or robot, while the second dealt specifically with machine safety. Typically, the machine safety system required a separate safety PLC and a dedicated hard-wired I/O network.

Separate hard-wired safety systems were required for a number of reasons. First, many suppliers simply charged too much for their safety controllers and I/O, restricting use to safety functions. Second, safety-rated versions of many digital communication networks were still in the regulatory approval stages. Third, many OEM customers were not quite ready for change in the sensitive area of safety.

All that changed in the past few years, and integrated safety is fast becoming a viable solution in many OEM applications. Today, you can put control and safety functions into the same automation system, and run machine and safety I/O signals over the same wired or wireless safety-rated network. The price difference between standard and safety-rated controllers has narrowed, meaning that it's often cost-effective to use one automation system for both control and safety, especially in systems with a high percentage of safety I/O compared with standard I/O. Of equal importance, OEM customer acceptance grows more widespread.

Integrated Safety I/O is Faster/Easier

Brent Lekx-Toniolo is the director of the Automation Division at Toniolo Research & Development (www.toniolo-rd.com), an automation and robotics systems integrator in Oxford Mills, Ontario. He has experience with old, separate, safety systems and with new, integrated alternatives, and he prefers the new.

Toniolo built a control and safety system for a spot weld assembly cell with 11 robots. The safety system included emergency stops, access control to safeguarded spaces, robot-to-human interference detection (a combination of robot zone switches and light curtains), and general detection of operators entering work stations via light curtains.

"This was a very large safety implementation that included fail-safe over EtherCat (FSoE), 380 TwinSafe inputs, and 144 TwinSafe outputs across the welding system on 15 EtherCat I/O stations," Lekx-Tonilo explains. "On top of the significant safety requirements of the cell, the systems also needed to control more than 600 standard I/O points, 12 pneumatic manifolds and two servo drives, while interfacing with 11 robot controllers.

Lekx-Toniolo found, to his surprise, that Beckhoff Automation's (www.beckhoff.com) TwinSafe system could perform both the control and safety functions, and it was faster than the old, dedicated safety system. "The typical deactivation time of a standard safety relay is 20 ms and most safety relay systems require cascading of safety relays to build safety logic," he notes. "Many older safety networks have system response times that exceed 120 ms, and frequently exceed 200 ms. Currently, the PLC task, the entire EtherCat network and all safety in the welding cell is updated every 20 ms, which is much faster than a traditional PLC and relay-based system."

Lekx-Toniolo had less than three months to design and develop all the software for the machine's control system. "Beckhoff's IEC 61131-compliant programming environment as well as TwinSafe/FSoE came together as an integrated package that helped reduce engineering and integration times," he says.

Having one common automation platform with one network that can handle standard and motion control as well as safety requirements is not only simpler, it also consumes much less cabinet space than more traditional designs that use safety relays or multiple control platforms.

"Benefits of the system included a reduction in wiring, complete modularity, and the ability to reuse system elements in the future with very little reengineering," Lekx-Toniolo explains. "The cabinet space was reduced to less than a quarter of that typically required for a weld cell of this size."

Because it's based on pre-programmed safety function blocks, a TwinSafe environment is easy to adopt, understand and use, Lekx-Toniolo says. "The performance of EtherCat and TwinSafe let us mount safety devices closer to the hazard, which in turn allows operators to be to closer to the work piece, lowering overafll machine cycle times."

Rod Brown, engineer at Kuka (www.kuka.com), says a single control system simplifies the job. Kuka used a Siemens Industry (www.siemens.com) programmable safety controller in a robotic automobile body shop to control multiple doors, main control panels with auxiliary panels on the robots, roller tables and assorted remote devices. The Siemens controller acts as both the control processor for normal machine functions, and the safety processor to monitor and control all safety devices.

By working from one common programming environment, and using ladder logic for both process control and safety, Kuka substantially reduced its engineering efforts and increased flexibility. "We built the system in no time and commissioning was surprisingly easy," Brown says. "This approach saved us tens of thousands of dollars on the first installation alone."

Integrated Safety Upgrades

CAMotion (www.camotion.com), based in Atlanta, faced a safety problem that probably couldn't have been solved with separate safety systems. CAMotion builds X, Y, Z, Theta machines for all types of motion, including overhead gantries, with many applications in the printing industry.

Figure 1. A combination of an integrated and distributed automaton system is used to provide control and safety for this robot weld assembly cell.

In one overhead gantry system, CAMotion had to integrate control and safety functions because its overhead robot worked in the presence of human operators on the ground.