In “Breath life into your design,” I remarked on the many changes in the industry in just a few short years and how those changes are positively impacting our approach to control systems. Let’s take some time to dig further into the world of integrated safety and control.
Let’s begin by taking a bit of a walk down memory lane. I take these journeys often, as I feel it is valuable to understand why we used to design a certain way and how that necessity prompts hardware vendors to come up with easier ways to bring our designs to life.
My career path originated in the early 1980s when I attended a junior college in Canada to study “controls engineering technology.” Just as I was finishing my senior year, the college offered an extended course of study to add an “electrical engineering technology” diploma to the graduation ceremony the following fall.
While none of us thought much about this offer other than a relatively inexpensive way to add a significant second diploma to our post-graduate resume, years later I can clearly see the passing of the baton in the industry as controls became the primary focus of electrical design and power design/distribution retired to the background.
Thinking back on that now, control systems were transitioning from relay-based control systems into the programmable-logic-controller (PLC) based systems. I had inadvertently gotten in on the ground floor of a revolution that has truly changed the world.
Those early control systems were really just an extension of a relay-based design with a convenient way of creating logical algorithms without having to add more relays and wire to complete the task.
PLCs quickly became more sophisticated as the ability of the micro-processor at the heart of the PLC matured. Timers, counters, math and scaling functions, logical comparisons, ASCII and string manipulation all followed, and more elaborate control systems were the result. While the means of making decisions was advancing, the methodology behind the control of the moving parts seemed to give way to the development of bigger and better PLCs.
At the root of those earlier control designs was the master control relay. Through this circuit design, a means of stopping and starting the whole system was tied to a single circuit.
As circuits became more sophisticated, component safety became part of the algorithm so motor overloads, for example, were added to the circuit. Operator safety started to enter into the circuit design, and the maintained contact e-stop switch became a mainstay. The e-stop of that time was a single contact, and, as a means of keeping the circuit off, hardware vendors brought out an add-on device that permitted a lock to be inserted into a bracket around the e-stop button to prevent it from being pulled back out. As a result, the master control circuit could be disabled until the lock was removed. The evolution of the safety circuit had begun.
The base, of course, was a relay. One relay that provides a safe means to drop power to devices should be more robust than just a normal relay. A term called “force-guided” came into being. These relays were constructed in such a way to make sure that there is only an on-state and an off-state.
Other manufacturers proposed that, if one relay was safe, two would be safer. Safety circuits evolved to use two relays in series as a means to ensure that the failure of one would cause a failure of the circuit as a whole.
As with any evolution, there were side families in the developing world of safety. About the time that the dual safety circuit came into being, the concept of dual circuits of the safety devices came to the forefront. This thought process was born of the philosophy that, if one circuit driving two relays was safe, two circuits with both needing to be complete to drive those two relays would be even safer.
Following close behind was the desire to monitor those two safety circuits and the two safe relays to ensure that they are completely off before they are turned on and that the circuits can’t be operated independently, at the exclusion of the other.
The complex nature of this trend towards dual-redundant circuits with monitoring capability started to push the safety circuit out of the realm of creative wiring and devices into the world of the programmable controller.
Not every designer felt they needed to go in the direction of a controller of safety devices (the safety controller) when a smarter, more compact safety device (the safety relay) would do the job, so hardware vendors split into multiple paths of development.
The safety relay was born of the need to do something more elaborate than a combination of relays and dual-circuit e-stop buttons and door switches could produce. The resulting product was a significantly different looking device that embedded all of the desired features of dual-redundancy and self-monitoring in a single, DIN-rail mounted device.
About this time, the color red evolved as evoking the seriousness of safety. Most safety devices today incorporate red in the appearance. Safety relays have taken on a life of their own and future evolutions have resulted in safety relays that range from single-function, dedicated purpose to multi-function safety relays that can be altered in function by the setting of DIP switches or rotary dials.
Parallel to the development of the dedicated safety circuit, other hardware vendors picked up on the push or natural evolution of the safety circuit into the realm of the programmable controller. These vendors figured that if the circuit could benefit from the features of a PLC, why not create a dedicated safety controller that leverages that platform? In an effort to emphasize that the safety controller isn’t a programmable controller, early safety controllers had their own programming software platform. The main theme of these safety controllers is the premise that safety is paramount and, as such, should have its own controller to take care of the safety elements while the main PLC/PAC in a control design takes care of the actual inputs and outputs.
The safety controller has matured to the point where user-selectable types of safety input and output devices can be assigned to an ever-increasing number of contact points, and algorithms can be programmed to use Boolean logic (AND, OR, NOT) to bring the various inputs together to create the desired output function.
Anyone who, like me, is fascinated by genealogy studies knows that families often go their own ways only to come back together in a future generation. The wonderful benefit of a split and later rejoining is bringing along with it all of the diversity and improvements that can only happen by natural evolution. Such is the case with safety devices.
The latest safety relays can communicate directly with the main logic controller in a PLC/PAC-based platform. While the relay maintains the segregated safety functions, the relay also resides as a remote I/O device in the PLC architecture and, as such, can be interacted with as an extension of the PLC I/O table.
Similarly, the safety controller has taken on the same look and feel as a PLC/PAC, except that it is, of course, red in color. Newer PACs even have the ability to have safety I/O modules reside in the same backplane as regular I/O modules. So, truly, the branches of the safety tree are coming back together.
The most exciting evolution in the past couple of years is the accelerated development of control devices that have safety embedded in the design. For several years we have had safety circuits that employ two force-guided relays to provide safety interlocks for devices like variable frequency and servo drives. The interlocks, traditionally, came in the way of motor contactors before or after the drives to provide a means of disabling the power circuit going to or from the motor itself.
In a development that comes right out of the evolution of the safety relay/controller, the latest drives have a safety contactor built right into the drive itself. Employing the same concept as the dual, force-guided relay, the safety enabler in the drive requires the presence of two, independent signals from the safety relay to allow the input power to reach the output connections to the motor.
The best part about these innovations is, not only does it reduce the components in the control enclosure, it reduces the possibility of applying the safety device in an incorrect manner. There is a lot going on in a control circuit, and any device that can cut down the physical wiring required while limiting the chance of misapplying the technology is truly an exciting development in the evolution of the safety device.
In an interesting trend, the hardware vendors are really getting behind these new products in ways not normally seen. They are so enthusiastic about getting the new technology out there that they are offering the new product at the same or lower price than the traditional versions.
Finally, something that I really like about embedded safety in our controls devices is the ability to reach out to the safety elements from the tag structure in the PLC/PAC. For example, the status of the safety inputs on my favorite variable-frequency drive is a tag that is automatically added by the add-on module when I create the hardware tree in the software application. When I include the Ethernet interface module, which is electronically linked to the safety relay, into the hardware tree, I also get the status of the individual nodes (door switches, e-stop buttons) in my tag database. The means to trigger an output node connected to that same safety relay are also accessed via the tag database that is automatically created when the module is dropped into the hardware tree.
At the end of the day, embedded safety is impacting every aspect of control design, and, as hardware vendors continue to develop more products that leverage this technology, our designs will get safer and easier to implement.