Machine safety technology has come a long way from the basic safety relays of the past. Today, machine designers have more advanced safety tools at their disposal, including highly integrated programmable safety solutions. The best offerings in this category include safety solutions that can leverage standard hardware, software and networking infrastructure to implement high levels of safety up to SIL 3 according to IEC 61508 and ISO 13849.
In practice, this means that users can install I/O with built-in safety logic right alongside standard I/O in the same segment, whether that’s on a DIN rail or mounted on a machine. Other automation hardware comes with integrated safety functionality, such as servo drives and distributed drive systems. In terms of networking, the safety data can be transmitted over a standard industrial Ethernet or fieldbus using a “black channel” approach. With the proliferation of safety functionality to many more hardware types, machine builders can distribute more safety in more places while increasing performance and reducing overall equipment and cabling costs.
SREE SWARNA GUTTA
I/O Product Manager
Q: How has the ever-expanding availability and use of programmable I/O impacted the spread of integrated safety and programmable safety logic?
A: More people are using programmable safety I/O because of its many advantages, such as the wide range of form factors. These include standard DIN-rail-mountable terminals in the same segment as standard I/O and machine-mountable I/O modules, which reduce cabling to the control panel. Integrated safety devices have really made it easy for machine builders to offer more safety in more places. Because of integrated safety’s programmability in standard automation software, you can configure complicated logic inside a simple input device to make it safer for the people who are operating the machine. This enables machine builders to use safety as a competitive advantage and deliver many different safety features rather than just hardwiring an e-stop to certify the machine according to minimal safety requirements.
Programmable safety with safety I/O is easier to implement and less expensive – during commissioning and in the long term. It reduces the number of components and, as a result, the control cabinet footprint. Machines are safer, and they have less downtime because of easier restarts from a safe stop to a running state. These are major reasons why more machine builders are implementing integrated programmable safety, rather than the traditional approach.
Q: What are the benefits of programmable safety over older ways of implementing machine safety, such as safety relays?
A: Traditional safety relays are still the most common method, but they just cut the power to stop machines. Integrated programmable safety does much more. First, the safety is totally integrated into the machine control system, so you have a wealth of diagnostic information available. That’s really important. When a machine stops, it’s crucial to understand why. With simple safety relays, you have to open the control cabinet just to know which relay tripped and, usually, trace the wiring back to the field device.
With integrated safety logic, you have access to much more diagnostic data. EtherCAT and TwinSAFE, especially, provide information down to the terminal level to localize where a signal tripped and why.
Another challenge with safety relays is that specific relays only offer specific functionalities. There are separate devices for e-stops, door switches, safety mats and other devices. Adding another e-stop using traditional safety relays involves significant wiring effort. Therefore, the component list gets bigger and bigger when commissioning a safety system.
When using integrated safety, this functionality is mostly handled in software, so the hardware side is simpler. The safety I/O is either an input or an output, and what it does is up to the program. Changes require little to no rewiring, since safety logic updates take place in software. But the system retains the necessary redundancy using the TÜV-certified Safety over EtherCAT (FSoE) protocol.
Having access to the safety program in code benefits serial machine production. Transferring code from one machine to another machine is easy. All you need to do is wire the I/O as you normally would.
In addition, analog safety is available in programmable systems. Purely digital safety relays can only be on or off. Analog safety allows machines to constantly check the pressure or the temperature on a module, for example, and safely turn it off before it fails. That reduces machine downtime, too, and helps with maintenance.
Integrated safety systems, such as TwinSAFE, incorporate safety program engineering into the universal TwinCAT 3 automation platform used for PLC, motion control and more.
Q: What opportunities exist for technology convergence in safety systems?
A: When we speak about integrated safety, we’re talking about one system. On the hardware side, standard I/O and certified safety I/O integrate easily into the same segment. On the software and programming side, Beckhoff provides TwinCAT 3 software as a universal engineering and runtime platform for all machine automation needs. It’s all one system.
What advantages does it give? All the information is immediately accessible, including the diagnostic data. Because it’s all in one system, you can put that diagnostic information on an HMI alongside other machine performance stats. If something happens, operators or maintenance can easily troubleshoot it, for example. Also, machine builders talk a lot about IoT and remote monitoring. Uploading the safety data to the cloud, a database or HMI is possible and easier to accomplish in one system. For many years, TwinCAT has been driving the convergence of all of these industrial automation technologies.
Q: Some machines used in discrete manufacturing require intrinsically safe I/O hardware and explosion protection. What advice do you give to these OEMs?
A: When we talk about safety in a standard machine, people think about e-stops and safety switches. When we talk about intrinsic safety, people immediately think of the oil and gas industry. The perception is that intrinsically safe devices only belong in those industries, but that’s not true. Intrinsic safety is used in countless other industries, such as processing sugar and flour, where there’s significant dust, or cosmetics, alcohol and many others with vapors that are prone to explosion.
Typically, engineers use intrinsically safe barriers with standard I/Os, rather than intrinsically safe modules. This adds up to more parts, bigger control panels and higher costs. It’s better to use an intrinsically safe module that slides right next to standard I/O or safety I/O. Intrinsically safe I/O terminals provide reliable, low-voltage communication directly to sensors and devices in hazardous areas, even in Zone 1 or Zone 0 where dust or other particles could act as an ignition source. They simplify safety architectures and are equally important to machine builder OEMs.
Q: What technologies or best practices are being used to ensure the security of safety data?
A: Many people worry about whether their data is secure and what might happen if it’s not. With EtherCAT, the functional principles make data automatically secure. EtherCAT establishes secure networking because it’s set up without any IP addresses, and the EtherCAT master knows exactly what kind of data to expect from the slave devices. Through EtherCAT’s default mode of operating, your data is already secure.
For safety data, it’s actually more protected. FSoE uses a black-channel approach, so standard devices can’t read the safety data when it passes through. Only the safety terminals recognize the data. They read and process that data, then send commands in response. Using TwinSAFE, customers don’t have to worry about data security, especially when using EtherCAT.
For more information about Beckhoff Automation integrated safety, please visit www.beckhoff.com/twinsafe.