PROFIsafe and Trends - Pete Brown - Siemens

What is

PROFIsafe and

how does it

work?

Pete BrownSiemens I CS

2

Peter Brown / What is PROFIsafe?

“The condition of being safe; freedom from danger, risk, or injury.”

In the UK (and Europe) this can cover many areas and industries, for example:Supply of Machinery (Safety) RegulationsElectromagnetic Compatibility RegulationsElectrical Equipment (Safety) RegulationsPressure Equipment RegulationsSimple Pressure Vessels (Safety) RegulationsEquipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres RegulationsLifts RegulationsMedical Devices RegulationsGas Appliances (Safety) Regulations

Important: It is essential to have some form of riskassessment / risk analysise.g. HAZAN / HAZID / HAZOP / RA to ISO 12100

What do we mean by “Safety”

3


Profibus DP

Standard-Host/PLC

F-Gate-way

otherSafety-

Bus

Repeater

Standard-I/O

Master-Slave Assignment

F-Field-Device

DP/PA

Coexistence of standard and failsafe communication

F-Host/FPLC

Standard-I/O

F-I/O

Engineering Tool

PG/ES withsecure accesse.g. Firewall

TCP/IP

F = Failsafe

F-Sensor F-Actuator

PROFIsafe – The Vision

4


F-Host / FPLC

Laserscanner Standard-I/O F-I/O Drive with integratedSafety

1:1 Communication relationship between master and slave1

2

Bus cycle

Cyclic Communication

5


"Black Channel": ASICs, Links, Cables, etc. Not safety relevant

"PROFIsafe": Safety critical communications systems: Addressing, Watch Dog Timers,Sequencing, Signature, etc.

Safety relevant, Not part of the PROFIsafe: Safety I/O / Safety Control Systems

Non safety critical functions, e.g. diagnostics

Standard-I /O

StandardControl

1

2

7

1

2

7

1

2

7

1

2

7

1

2

7

SafetyInput

SafetyControl

SafetyOutput

Safety-LayerSafety-LayerSafety-Layer

e.g.. Diagnostics

PROFIsafe – ISO/OSI Model

6


PROFIsafe – Add-on Strategy

Standardengineering

toolSTEP 7

StandardCPU

StandardPROFIBUS DP

StandardRemote I/O

Failsafe engineeringTool

Distributed Safety

FailsafeI/O Modules

PROFIsafe

Failsafe ApplicationProgramF-Hardware

7


Coexistence of standard program and safety-related program on one CPU

Changes to the standard program have no effect on the integrity of the safety-related program section

Standard program

Safety program

Standard program

Back-up

PROFIsafe - Program

8


Time redundancy and diversity replacecomplete redundancy

Time redundancyTime

DiverseOperation

Operation

Coding Comparison

DiverseOperators

Operators

DiverseOutput

Output

Stopby D /C

D = /C

CA, B

/A, /B

OR

AND

PROFIsafe – Coded Processing

Coded Processing

9


“Black channel"

PROFIsafelayer

PROFIsafelayer

Standarddata

Fail-safedata

Standardbusprotocol

Standarddata

Fail-safedata

Standardbus

protocol

PROFIBUS

PROFINET

PROFIsafe - Introduction

Safety-oriented communication via PROFIsafe First standard of communication in accordance with safety standard IEC 61508PROFIsafe supports safe communication for the open standard PROFIBUS and PROFINET The PROFIsafe meets possible faults like addresserror, delay, data loss with

Serial numerationof PROFIsafe-telegramTime monitoringAuthenticity monitoring via unique addressesOptimized CRC-checking

PROFIsafe supports standard- and failsafe Communication by one medium

10


Failure type:

Remedy: ConsecutiveNumber

Time Outwith Receipt

Codename forSender and

Receiver

Data Consistency

Check

Repetition

Deletion

Insertion

Resequencing

Data Corruption

Delay

Masquerade (standard message mimics failsafe)

Revolving memory failure within switches

Overview: Possible Errors and detection mechanism


11


S S S S

Standard PROFINET IO messages

F Input/Output Data Status /Control Byte CRC2

acrossF I/O data, Status or

Control Byte, F-Parameter,

and Vconsnr_h

Max. 12 / 123 Bytes 1 Byte 3/4 Bytes *) *) 3 Bytes for a max. of12 Byte F I/O data4 Byte for a max. of123 Bytes F I/O data

PROFIsafe container =Safety PDU

PROFIsafe safety PDU

12


CRC1

.

3 Bytes

(F-Device)Consecutive

Number(not trans-

mitted)0,1...0FFFFFFh

F Input data Status Byte CRC2

acrossF Input data, Status Byte,F-Parameter,

and Vconsnr_d

Max. 12 / 123 Bytes 1 Byte 3 / 4 Bytes

Vconsnr_d

3 Bytes

Change Toggle_d0 1or 1 0when incre-mented

include Vconsnr_dwithin CRC2 calculation(see calculation details)

ResetR_cons_nr(Bit 2 of theControl Byte)

1

IncrementToggle_h(Bit 5 of theControl Byte)

Extended Consecutive Number (24 Bit)

24/32 Bit CRC Signature

24 Bit consecutive number

Synchronization via "Toggle Bit"

Virtual consecutive numbering = patented

Example:

13


Which protocol must be supported ?

IO-C

FDO

Actuator

PROFINET

-IODevice

FDI

FDO

Sensor

PROFIBUS.

PROFIBUS DeviceModular Device

Local bus

F-Host

PROFINET-PROFIBUS

Link

Encapsulation

EncapsulationEncapsulation

F-DI Fail-safe digital inputF-DO Fail-safe digital outputIO-C PROFINET IO-Controller

PROFINETSWITCH


14


Which protocol version applies when ?

PROFIsafe V2 Slave used in

Protocol with 8Bit-Counter(= PROFIsafe

V1 mode)

Protocol with 24Bit-Counter(= PROFIsafe

V2 mode)PROFIBUS network only mandatory mandatory

PROFINET network only - mandatory

PROFIBUS / PROFINET network

mandatory mandatory

Goal: 100% compatabilityA PROFIsafe slave which supports the v2 mode must be able to replace an older version of this PROFIsafe slave which only supports the v1 mode without the need of any adaption


15


DP MasterDP Master

PROFINET – PROFIsafe V2

PROFIBUS – PROFIsafe V1 or V2

DP Slave V2DP Slave V2

I/OI/O--Device V2Device V2

DP Slave V1DP Slave V1DP Slave V1DP Slave V1

Proxy

Only Only DP Slave V2DP Slave V2

V1 = PROFIsafe Profil V1V1 = PROFIsafe Profil V1V2 = PROFIsafe Profil V2V2 = PROFIsafe Profil V2

Which protocol version applies when ?


Handling

Functional

Safety

Modern Requirements and

Best Practice

‘Drivers’ for Safety

Legislation: “I need to do something.…..but what?”

Fear: “What are my responsibilities and am I doing enough…. Or too much?”

Compliance: “Can I prove I have done as much as is reasonably practicable”

Operational Efficiency: “Can I produce products safely with maximum efficiency?”

Cost: “Am I getting the best return on my investment” (FFI)

Support: “I want advice based on solutions not products”

17

Peter Brown / Handling Functional Safety

What is Functional Safety?

Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs. Functional safety is achieved when every specified safety function is carried out and the level of performance required of each safety function is met.

Functional safety relies on active systems.

Safety achieved by measures that rely on passive systems is not functional safety.

18


Reactor

Basic Process Control System (BPCS)

Inputs Outputs

Safety Instrumented System (SIS)

Inputs Outputs

Systematic Failures

Definition of a systematic failure:failure related in a deterministic way to a certain cause, which can only be eliminated by a modification of the design or of the manufacturing process, operational procedures,documentation or other relevant factors

Examples of systematic failures include human error in:

The safety requirement specification;The design, manufacture, installation or operation of the hardware;The design and / or implementation of the software.

19


‘Best Practice’20


IEC 61508

IEC 62061 ISO 13849

EN 954(until 2011)

IEC 61511

ProcessIndustry Manufacturing Industry

Focu

sPr

oduc

t Man

ufac

ture

Focu

sIn

tegr

atio

n

Relevant goodpractice

Harmonizedstandards

Basic Lifecycle Concept21


Functional Safety

Control of dangerous failures during

operation through Robust Design

Control and avoidance of systematic failures

through Robust Processes

Safety Lifecycle Requirement

Engineering / DesignSystem ArchitectureFailure Probability

Planning / ProcessesSafety Management

Verification / Responsibilities

Verification and Validation

Verification (in general) =“Are you making it right?"Verification is the process used to evaluate whether or not a system complies with regulations / specifications / conditions imposed at the start of a phase.

Validation (in general) ="Are you making the right thing?“Validation is the process of establishing evidence (including functional testing) that provides a high degree of assurance that a system accomplishes its intended requirements (Fit for purpose).

22


Simplified Safety Lifecycle23


Hazard and Risk Assessment

Design and Engineering

Installation, Validation and Start-up

Operation and Maintenance

Modernisation and Upgrade

Verif

icat

ion

24

Author / Title of the presentation

Questions?24

PROFIsafe and Trends - Pete Brown - Siemens

Engineering

Transcript of PROFIsafe and Trends - Pete Brown - Siemens