A & T · fail-safe digital module DM-F PROFIsafe and therefore do not affect the existing...

Applications & Tools

Answers for industry.

Cover

Integration SIMOCODE pro V with a Fail-safe Digital Module in SIMATIC PCS 7

SIMATIC PCS 7

Application Description � April 2012

2 PCS 7 SIMOCODE F-Systems

1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Industry Automation and Drive Technologies Service & Support Portal This article is taken from the Internet Service Portal by Siemens AG, Industry Automation and Drive Technologies. The following link takes you directly to the download page of this document:

http://support.automation.siemens.com/WW/view/en/58824610

Caution: The functions and solutions described in this entry are mainly limited to the realization of the automation task. In addition, please note that suitable security measures in compliance with the applicable Industrial Security standards must be taken, if your system is interconnected with other parts of the plant, the company’s network or the Internet. For further information on this issue, please refer to Entry ID 50203404. http://support.automation.siemens.com/WW/view/en/50203404.

If you have any questions about this document, please contact us at the following e-mail address:

[email protected]

For further information on this topic, you may also actively use our Technical Forum in the Service & Support Portal. Add your questions, suggestions and problems and discuss them in our large forum community:

http://www.siemens.de/forum-applikationen



mailto:[email protected]

http://www.automation.siemens.com/WW/forum/guests/Conference.aspx?ForumID=229&Language=de

PCS 7 SIMOCODE F-Systems 1.0, Entry ID: 58824610 3

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

s

SIMATIC PCS 7 PCS 7 SIMOCODE F-Systems 58824610

Task 1

Solution 2

Basics 3

Configuration of SIMOCODE pro V in PCS 7

4 Configuration of SIMOCODE pro V with DM-F PROFIsafe

5

The Demo Project 6

AS Program 7

Operation of the Application

8

Safety Considerations 9

Links & Literature 10

History 11

Warranty and Liability


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Warranty and Liability Note The application examples are not binding and do not claim to be complete

regarding configuration, equipment and any eventuality. The application examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. You are responsible for ensuring that the described products are used correctly. The application examples do not relieve you of the responsibility to use sound practices in application, installation, operation and maintenance. When using these application examples, you recognize that we will not be liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these application examples at any time without prior notice. If there are any deviations between the recommendation provided in this application example and other Siemens publications (e.g. catalogs), the contents of the other documentation shall have priority.

We accept no liability for information contained in this document. Any claim against us – based on whatever legal reason - resulting from the use of the examples, information, programs, engineering and performance data etc., described in this application example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in cases of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or violation of fundamental contractual obligations (“wesentliche Vertragspflichten”). The damages for a breach of fundamental contractual obligations are, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change in the burden of proof to your detriment.

Any form of duplication or distribution of these application examples or excerpts hereof is prohibited without the express consent of Siemens Industry Sector.

Table of Contents


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Table of Contents Warranty and Liability..............................................................................................4

1 Task.................................................................................................................7

2 Solution...........................................................................................................8 2.1 Overview of the overall solution .........................................................8 2.2 Description of the core functionality..................................................10 2.3 Hardware and software components used .......................................11

3 Basics ...........................................................................................................13 3.1 Pressure measurement (PIRZ111)...................................................13 3.2 EMERGENCY STOP button (hz111) ...............................................15 3.3 SIMOCODE pro V with DM-F PROFIsafe.........................................17

4 Configuration of SIMOCODE pro V in PCS 7...............................................19 4.1 Configuration by means of the GSD file ...........................................19 4.1.1 Installation of the GSD file ...............................................................19 4.1.2 Hardware configuration with GSD....................................................21 4.2 Using the Process Device Manager (PDM) ......................................24 4.2.1 Installation of the EDD (Electronic Device Description).....................24 4.2.2 Hardware Configuration with PDM ...................................................25 4.3 Using SIMOCODE ES .....................................................................27 4.3.1 Installing SIMOCODE ES ................................................................27 4.3.2 Hardware configuration with SIMOCODE ES...................................28

5 Configuration of SIMOCODE pro V with DM-F PROFIsafe..........................32

5.1 General information .........................................................................32 5.2 Configuration with SIMATIC PDM ....................................................33 5.3 Configuration with SIMOCODE ES ..................................................37

6 The Demo Project.........................................................................................42

7 AS Program ..................................................................................................43

7.1 Overview.........................................................................................43 7.2 Standard Logic ................................................................................44 7.2.1 Higher-level functions ......................................................................44 7.2.2 Measurements.................................................................................45 7.2.3 Driver (fan) with SIMOCODE pro V..................................................46 7.3 Safety program................................................................................47 7.3.1 Higher-level functions ......................................................................47 7.3.2 Measurements.................................................................................48 7.3.3 Safe shut-down of SIMOCODE pro V DM-F PROFIsafe...................49 7.3.4 Maintenance Override Switch (MOS) ...............................................49

8 Operation of the Application........................................................................52 8.1 Overview.........................................................................................52

Table of Contents


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

8.2 Acknowledge F start-up and module/channel failure.........................53 8.3 Operating SIMOCODE pro V ...........................................................53 8.4 Maintenance Override Switch (MOS) ...............................................55

9 Safety Considerations..................................................................................58 9.1 Device data .....................................................................................58 9.1.1 PFD and PFH of the components used ............................................58 9.1.2 SIMOCODE pro DM-F PROFIsafe module.......................................58 9.1.3 SITRANS P DS III............................................................................59 9.1.4 EMERGENCY STOP / motor contactor............................................60 9.2 Safety functions...............................................................................61 9.2.1 Safety function EMERGENCY STOP...............................................61 9.2.2 Safety function “Pressure monitoring” ..............................................63

10 Links & Literature.........................................................................................65 10.1 Bibliographic references ..................................................................65 10.2 Internet links....................................................................................65

11 History ..........................................................................................................66

1 Task


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

1 Task Introduction

Process industry often uses procedures that work with high pressures or temperatures. The processed materials are often hazardous to people’s health or can destroy the environment when released. In many cases a safety system is used if there is an intolerable risk for people or the environment. The safety system has the task to stop the process when a critical status is reached and to prevent an emission of hazardous materials. Blocking systems must be safely closed and supply units (pumps, ventilation systems, conveyor units) must be safely de-energized.

Description of the automation problem A motor in connection with the process control system and a safety system is to be safely shut down in compliance with the requirements for SIL 2 and SIL 3 (SIL – Safety Integrity Level, standard: IEC 61508/IEC 62061). When motors with constant speeds at low voltage are operated, SIMOCODE pro is used. SIMOCODE pro is a flexible, modular motor management system. It optimizes the connection between the process control system and the motor branch circuit, increases the availability of the system and results in considerably reduced planning, commissioning, operating and maintenance efforts. If integrated in the low-voltage switchgear, SIMOCODE pro is the intelligent connection between the higher-level automation system and the motor branch circuit. In combination with the DM-F PROFIsafe module, a fail-safe shut-down of the drive is possible via the SIMOCODE pro V and a SIMATIC S7F control system.

2 Solution


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

2 Solution 2.1 Overview of the overall solution

This application example describes a safe shut-down of a drive when the EMERGENCY STOP button is pressed or when a measuring system reaches a critical state. The motor is controlled via a SIMOCODE pro V, which receives orders via PROFIBUS from the process control system. The safe shut-down (EMERGENCY STOP) is ensured by the connected fail-safe digital module DM-F PROFIsafe. The fail-safe digital module receives the shut down order via PROFIsafe from the safety-oriented part of the control system. Depending on the external connections of the DM-F PROFIsafe, the following performance level (PL) or safety integrity level (SIL) can be reached: · PL e with category 4 according to ISO 13849-1 or · SIL 3 according to IEC 61508

The strict separation of SIMOCODE pro standard functions and safety-oriented functions prevents the functions from influencing each other in an undesired manner, while the functions they share are optimally combined. The safety technology and the safety-oriented functions remain restricted to the fail-safe digital module DM-F PROFIsafe and therefore do not affect the existing components and concepts of SIMOCODE pro. The fail-safe digital module DM-F PROFIsafe serves exclusively for a safety-oriented shut-down of a motor branch circuit from a fail-safe control (F-CPU). The communication between the two is ensured via PROFIBUS using a fail-safe PROFIsafe protocol.

2 Solution


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Schematic layout The following figure gives a schematic overview of the most important components of the solution:

Figure 2-1

Applicability The application was prepared with PCS 7 V7.1 SP2, with F-Systems V6.1 and the SIMOCODE library PCS 7 SIMOCODE pro Library V7.0 SP3. SIMOCODE pro V is used for controlling a direct starter. But you can also realize other motor circuits and shut them down safely with the DM-F PROFIsafe module. In the application, a SIMATIC S7 400FH, which is set up with S7-417H CPUs is used as the automation system. The example can also be realized with an S7-412H or S7-414H system, and alternatively with an S7-414F or S7-416F single station system.

Required knowledge Basic knowledge about SIMATIC S7, PCS 7, F-Systems and safety technology is assumed.

2 Solution


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

2.2 Description of the core functionality The application describes the implementation of the following items:

· control and fail-safe shut-down of a direct starter with SIMOCODE pro V and DM-F PROFIsafe

· Fail-safe detection of an analog signal with triggering · fail-safe detection of EMERGENCY STOP · logic for signaling an acknowledgement request after an F channel or an F

module failure · logic for acknowledging the failure · Maintenance Override Switch (MOS) for the simulation of a substitute value

during a cyclic review of the analog value · motor control by the PCS · release of the on-site operator control by PCS · on site on/off pushbutton with ON display · SIMOCODE pro V control panel in the switchgear with on/off function –

released together with the on-site release of PCS · configuration of the SIMOCODE pro V for the on-site operation with the keys or

the control panel · safety-oriented shut-down of the motor when an EMERGENCY STOP button is

pushed, or when a pressure tolerance is exceeded · reporting the signal statuses of the DM-F PROFIsafe to the higher-level PCS

via PROFIBUS · supervision of the check-back contacts for the contactors by the DM-F

PROFIsafe · Integration into the PCS 7 with the SIMOCODE pro library and the respective

faceplates · realization of the standard functions and safety functions in one CPU

(integrated solution) · compliance of the respective safety standards

Advantages of this solution The solution presented in this document offers the following advantages: · Safety-oriented shut-down of a load by SIMOCODE pro V with DM-F

PROFIsafe · uniting operational and fail-safe shut-down in the motor management system

without any additional effort · broad scope of application with the safety integration level (IEC 61508) up to

SIL 3 · functions for a contactor monitoring in the SIMOCODE pro V modules · transmission of meaningful diagnose information to the AS and display in the

OS

2 Solution


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

· reduction of space needed for the installation in the control cabinet, since only a limited number of devices are used

· standardized integration of the motor branch circuit and reduction of the wiring thanks to an integrated PROFIBUS DP interface

2.3 Hardware and software components used

The application was set up with the following components:

Hardware components

Table 2-1

Component No. MLFB/Order number

Note

SITRANS P DSIII HART 1 7MF4033-1DA00-1AA6-Z C20 (SIL2) 7MF4033-1DA00-1AA6-Z C23 (SIL2/3)

Pressure measuring transducer 2-wire, 4 – 20 mA, HART, measuring range 8.3 – 250 mbar

EMERGENCY STOP 1 3SB3 801-0EG3 Mushroom pushbutton 2Ö 40 mm, with yellow head, no protective collar

Circuit breaker for motor protection

1 3RV1011-0FA1 Designed for 0.35 … 0.5 A

Motor contactor 2 3RT2 015-1BB42

SIMOCODE pro 1 3UF7 010-1AB00-0 SIMOCODE pro V basic device 1

Fail-safe digital module DM-F PROFIsafe

1 3UF7 330-1AB00-0

Current measuring module

1 3UF7 100-1AA00-0 0.3 – 3 A

Operator panel 1 3UF7 200-1AA00-0

Connecting cable 0.1m 1 3UF7 931-0AA00-0

Connecting cable 0.5m 1 3UF7 932-0AA00-0

SIMATIC S7 1 6ES7 654-8EN01-3BB1 FH Bundle with CPU 417 and runtime licence for F-system

Y-link 1

IM 153-2 high feature 1 6ES7 153-2BA02-0XB0

Bus module 1 6ES7 195-7HD10-0XA0 For receiving 2 IM153-2 red Bus module 1 6ES7 195-7HC00-0XA0 Bus module for an 80 mm

wide module Bus module 1 6ES7 195-7HB00-0XA0 Bus module for two 40 mm

wide modules F-DI 1 6ES7 326-1BK02-0AB0 FDI24xDC24V

2 Solution


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed


Note

F-AI 1 6ES7 336-4GE00-0AB0 FAI6x15bit HART 20-pin front connector 1 6ES7392-1AJ00-0AA0

40-pin front connector 1 6ES7392-1AM00-0AA0

PROFIBUS connector 3 6ES7 972-0BA52-0XA0

Note The functionality was tested with the described hardware components. Similar products not included in the above list can also be used. Please note that in such cases changes in the sample code (such as addresses etc) or changes in the wiring of the hardware components (such as different pin assignments) will be necessary.

Standard software components

Table 2-2


Note

SIMATIC PCS 7 Safety ES Package for AS/OS V7.1

1 6ES7 651-6AF17-0YA5 PO unlimited incl. AS/OS engineering - licence PO unlimited and AS runtime - licence for 600 PO

Contained in the PCS 7 Safety ES package: (S7 F SYSTEMS V6.1 FLOATING LICENCE)

(1)

(6ES7833-1CC02-0YA5)

(Engineering software for the configuration of the safety function in PCS 7)

Safety Matrix Tool V6.2 1 6ES7833-1SM02-0YA5 Optional for the configuration of the safety function

SIMATIC PCS 7 SIMOCODE pro library V7.0 SP3 PCS 7 SIMOCODE pro V7.0 for PCS 7 V7.0 and V7.1

1 3UF7 982-0AA10-0 Engineering software

SIMOCODE ES 2007 + SP2

1 3ZS1 312-6CC10-0YA5 Optional for the configuration of the SIMOCODE pro

3 Basics


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

3 Basics For illustrating the functions, the application example uses the designations listed in the following table for the symbols and the CFC plans:

Table 3-1

Component Designation Criterion Remark

Pressure measurement

PIRZ111 > 40 mbar 0 …60 mbar; 4…20 mA; 2-wire

Emergency stop HZ111 activated 1 = OK; 2 contacts exclusive SIMOCODE AN111_ST Status SIMOCODE

SIMOCODE AN111_CU Current SIMOCODE

SIMOCODE AN111_CO Command SIMOCODE

SIMOCODE DM-F AN111_FS Failssafe stop SIMOCODE

The signals to shut down the motor are detected by fail-safe ET 200M modules.

3.1 Pressure measurement (PIRZ111)

Wiring The pressure measuring transducer is wired in accordance with the module manual for the fail-safe analog input module (6ES7 336-4GE00-0AB0) to input 0. For supplying the pressure measuring transducer, the voltage supplied by the module is used. With the chosen wiring, the module can detect a short-circuit between the encoder voltage supply Vs0 and M0+ and an undervoltage at the pressure measuring transducer. Figure 3-1

3 Basics


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

The channels of the module can only be activated in pairs (0/3, 1/4, 2/5). Since only one sensor is connected to channel 0, channel 3 outputs the error message “wire break”. To suppress this message, a resistor must be switched to channel 3.

Parameters in the HW Config The following figure shows the configuration of channel 0/3 for a 1oo1 selection. For the input module 0/3, the encoder supply of the module and the short-circuit test are activated. The diagnose alarm of the module must be activated so that any module or channel failure can be reported in the PCS 7.

Figure 3-2

3 Basics


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

3.2 EMERGENCY STOP button (hz111)

Wiring The EMERGENCY STOP button is interconnected with the fail-safe digital input module (6ES7 326-1BK02-0AB0). The two contacts of the actuator have been designed equivalently, so that when the button is pushed, the signal at both inputs of the module will change from “1” to “0”. The wiring of the signals is on channel 0 and channel 12, which is assigned to the module. The contacts are supplied with power by the module.

Figure 3-3

Parameters in the HW Config The following figure shows the setting of the parameters of channel 0/12 for a 1oo2 selection of two channels with a discrepancy time of 50 ms. For the input module 1/3, the encoder supply of the module and the short-circuit test are activated. The diagnose alarm of the module must be activated so that any module or channel failure can be reported in the PCS 7.

3 Basics


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 3-4

3 Basics


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

3.3 SIMOCODE pro V with DM-F PROFIsafe

Wiring DM-F PROFIsafe The DM-F PROFIsafe module provides a fail-safe output and two standard outputs. The standard outputs can be switched, but the output potential is only available when the fail-safe output is also active. The fail-safe output is controlled via the PROFIsafe from the safety program of the control system. The standard outputs are controlled via the outputs of the function module DM1 in SIMOCODE pro V. The three inputs (IN1, IN2, IN3) and the check-back circuit (FBC) of the DM-F PROFIsafe are available as inputs 1 to 4 at the function module DM1 in the SIMOCODE pro V. The check-back circuit is monitored in the DM-F PROFIsafe, the fail-safe output only being activated when the check-back circuit is closed.

Figure 3-5

The wiring of SIMOCODE pro V with the DM-F PROFIsafe for a direct starter can be carried out according to the following circuit diagram:

3 Basics


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 3-6

4 Configuration of SIMOCODE pro V in PCS 7


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

4 Configuration of SIMOCODE pro V in PCS 7 SIMOCODE pro V is a configurable module for motor control. For the integration of SIMOCODE pro V with the DM-F PROFISafe module into a SIMATIC project, there are the following possibilities: · GSD file · SIMATIC PDM · SIMOCODE ES SIMOCODE pro V can either be configured by means of the enclosed software “SIMOCODE ES” or by means of the PCS 7 software “SIMATIC PDM”. For SIMATIC PDM, you will need the respective EDD (electronic device description) file.

4.1 Configuration by means of the GSD file The GSD file is used to configure the SIMOCODE in the hardware configuration. Here, you can edit the bus address, the input/output address and the partial process image. SIMOCODE itself can only be configured by means of SIMATIC PDM or SIMOCODE ES. The configuration software, however, does not necessarily have to be installed on the PCS ES or integrated in the SIMATIC Manager. Please find more information on the configuration with SIMATIC PDM in the chapter “5.2 Configuration with SIMATIC PDM”. Please find more information on the configuration with SIMOCODE ES in the chapter „5.3 Configuration with SIMOCODE ES”.

4.1.1 Installation of the GSD file

For the configuration of the SIMOCODE pro V in PCS 7, you will need the latest GSD file. You can download it at the following link: http://support.automation.siemens.com/WW/view/en/113630

2. Open the dialog “Hardware Configuration”.

3. Select the menu function “Options > Install GSD Files…”

4. Navigate to the place where the GSD file is stored.

5. Select the desired languages and click on the “Install” button.




1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-1

After a successful installation, you will find the SIMOCODE pro V in the standard catalog under “PROFIBUS DP > Additional Field Devices > Switching Devices > SIMOCODE > SIMOCODE pro V (GSD V1.4)”. Figure 4-2



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

4.1.2 Hardware configuration with GSD

The following steps show who to configure the hardware with GSD:

1. Enter the SIMOCODE pro V from the device catalog into HW Config by dragging the device to the desired PROFIBUS string.

2. If necessary, replace the used “Basic Type 2“ (4 input / 2 output bytes) by “Basic Type 1” (10 input / 4 output bytes)

3. Insert the module “PROFIsafe” in the second slot.

Figure 4-3

In the standard module of SIMOCODE pro V, the I/O addresses and the partial process image of the cyclic interrupt OBs are set in the address register for the processing of the SIMOCODE. Depending on the selected basic type, the respective number of I/O bytes is assigned. You can adjust the start address and the partial process image.

4. Open the Properties dialog of the standard module.

5. Set the Start address and the Process image.

6. Assign a symbolic name in the symbol file for the input and output words.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-4

In the PROFIsafe module, you can configure the start addresses and the partial process image in the same way as in the standard module. The safety-oriented shut-down of the DM-F PROFIsafe module is carried out via bit 0 of the first output byte. All the other input and output parameters are used by the system and must not be controlled by the program.

7. Open the Properties dialog of the PROFIsafe module.

8. Set the Start address and the Process image.

9. Assign a name for bit 0 of the first output byte in the symbol table. In this example the bit has the address “Q 15.0”.

With the option “Substitute value behavior for DP Master. Keep last value“, the DP Master (PROFIBUS CP) continues to send the last value to SIMOCODE in case of a CPU stop. This behavior only applies for standard signals. The fail-safe output of DM-F PROFIsafe is switched off at the latest when the time set in the parameter “F_WD_Time” has run out. The safety-relevant parameters in the PROFIsafe module are set in the tab “PROFIsafe2". The tab contains the following parameters:



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Table 4-1

Parameters Description

F_SIL Safety Integrity Level This setting cannot be changed.

F_CRC_Length CRC (Cyclic Redundancy Check) Number of CRC bytes. The value depends on which PROFIsafe version you use.

F_Par_Version PROFIsafe Version V1-mode with 2-byte-CRC or V2-mode with 3-byte-CRC. The V2-mode is only supported by SIMATIC S7 400H CPUs from firmware V4.5 onwards.

F_Source_Add Safety address of the CPU. This setting cannot be changed.

F_Dest_Add Safety address The safety address is set in binary form at the DIP switches of the DM F-PROFIsafe. The address set at the module is displayed in the configuration software used.

F_WD_Time Communication monitoring time. If no telegram is received from the CPU during the indicated time, the fail-safe output is switched off. The monitoring time can be determined with the following Excel sheet. http://support.automation.siemens.com/WW/view/en/22557362 For further information, please refer to the PCS 7 Compendium Part B in the entry: http://support.automation.siemens.com/WW/view/en/35016980

Figure 4-5

The box “Current F parameter CRC (CRC1) hexadecimal” shows the signature of the safety-relevant parameters of the DM-F PROFIsafe. This value is used in the





1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

CFC plan in the module driver for the module. If the safety-relevant parameters are changed, the AS program has to be compiled again and loaded into the AS.

4.2 Using the Process Device Manager (PDM) For using the SIMOCODE with SIMATIC PDM you need the respective EDD file. You can download the EDD at the following link: http://support.automation.siemens.com/WW/view/en/50389556

4.2.1 Installation of the EDD (Electronic Device Description)

With PDM, the devices are installed by means of the PDM program “Manage Device Catalog”

1. Start the program (“Start > SIMATIC > SIMATIC PDM > Manage Device Catalog”).

2. Chose the folder with the extracted device description and select the devices you wish to install.

Figure 4-6

3. Click on “OK” to install the files. After the installation, the PDM device versions of SIMOCODE are available in the hardware configuration. They are stored in the standard catalog “PROFIBUS DP > Switching Devices".




Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-7

4.2.2 Hardware Configuration with PDM

1. Add the “SIMOCODE pro V (safety technology) (PDM)” from the device catalog in the hardware configuration. By default, the module “Basic type 2” (4 input / 2 output bytes) is being installed. You can replace it by “Basic type 1” if required (10 input / 4 output bytes).

2. Insert the module “PROFIsafe” module in the second slot of the SIMOCODE. The configuration of the device via PDM is pre-set in the device settings. You can start SIMATIC PDM with a double-click on the device. The configuration data will be stored in the SIMATIC project.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-8

The further configuration in the HW Config is the same as for the GSD variant. Please read chapter “4.1.2 Hardware configuration with GSD”. Please read chapter “5.2 Configuration with SIMATIC PDM” to learn how the SIMOCODE pro V motor management system is configured with PDM.



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

4.3 Using SIMOCODE ES For the devices to be available for use with SIMOCODE ES in the HW catalog, SIMOCODE ES must be integrated in STEP 7.

4.3.1 Installing SIMOCODE ES

1. Start the SIMOCODE ES installation file.

2. During the installation of SIMOCODE ES, select the following options: – SIMOCODE ES 2007 incl. SP2 – SIMOCODE pro Integration in STEP 7

Figure 4-9

After the installation, further SIMOCODE variants will be available in the hardware catalog in the standard profile at “PROFIBUS DP > Switching Devices > Motor Management System”.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-10

4.3.2 Hardware configuration with SIMOCODE ES

1. Open the hardware catalog

2. Drag one of the devices with the desired configuration to the PROFIBUS string. – SIMOCODE pro V (basic type 1 – PROFIsafe) – SIMOCODE pro V (basic type 2 – PROFIsafe)

Note Behind a Y-link, the SIMOCODE pro with the DM F PROFIsafe module can only be installed as a GSD or PDM device. It is not possible to use the SIMOCODE ES variant behind a Y-link.



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-11

SIMOCODE pro can only be configured with SIMOCODE ES from the HW Config or with an external software directly in the motor management System.

SIMOCODE pro V standard module In the Properties of the standard module, you can set the I/O addresses as you wish or you can keep the system settings.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 4-12

To make it easier to match the SIMOCODE control block later on, assign symbolic names fort he I/O addresses in the symbol table here. When the symbol file is opened from the HW Config, every bit will be displayed. Therefore the symbols must be assigned directly in the symbol table. SIMOCODE ES enables you to access the diagnose information from SIMOCODE by different paths. If the option „via Remote Access“ is activated, the access can be via the routed link. No direct PROFIBUS connection between the diagnose device and the SIMOCODE is necessary.

Figure 4-13



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

PROFIsafe module The PROFIsafe module of SIMOCODE ES only allows the setting of the start address of the input bytes (4 Bytes). The start address of the output bytes (5 bytes) is the same as the input bytes. The safety-oriented shut-down of the DM-F PROFIsafe module is carried out via bit 0 of the first output byte. Assign a symbolic name for this bit in the symbol table. All the other input and output parameters are used by the system and must not be changed by the control program.

Figure 4-14

The safety-relevant parameters in the PROFIsafe module are set in the tab “PROFIsafe2". The PROFIsafe parameters and their settings are the same as for the safety module of SIMOCODE pro V with GSD or PDM. A precise description of the individual parameters can be found in chapter “4.1.2 Hardware configuration with GSD”.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

5 Configuration of SIMOCODE pro V with DM-F PROFIsafe SIMOCODE pro V is configured by means of the function modules and their input / output parameters. Depending on the software used (PDM, SIMOCODE ES), the representation of the function modules is different. With SIMOCOD ES you also have the possibility of a graphic configuration.

5.1 General information

The communication between SIMOCODE and the AS is via PROFIBUS DP. If you used the basic type 2 in the HW Config, the interface to SIMOCODE consists in 4 input bytes (signals from SIMOCODE pro V to the AS) and 2 output bytes (signals from the AS to SIMOCODE pro V). The signals have been configured with a standard assignment.

NOTICE When you use PCS 7 and the SIMOCODE library, please make sure that the signals are connected with the respective function blocks and that they must not be changed.

The device name and the settings for the operator panel and the local operator push-buttons can be changed later in the catalog “Device Configuration”. The following table describes the standard configuration of the cyclic message data:

Table 5-1

Inputs Value

Byte 0

E 0.0 Not connected E 0.1 Status – OFF E 0.2 Status – ON E 0.3 Message – Prewarning Overload (I > 115 % le) E 0.4 Not connected E 0.5 Status – Mode Remote E 0.6 Status – group failure E 0.7 Status – group warning

Byte 1 E 1.0 Not connected E 1.1 Not connected E 1.2 Not connected E 1.3 Not connected E 1.4 Not connected E 1.5 Not connected E 1.6 Not connected



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

E 1.7 Not connected Byte 2+3

E 2.0 .. E 3.7 Max. current I_max

The following table describes the standard configuration of the cyclic control data:

Table 5-2

Outputs Value

Byte 0

A 0.0 Not connected A 0.1 Control – OFF A 0.2 Control – ON A 0.3 Test 1 – Input A 0.4 Emergency start – Input A 0.5 Operation mode selector S1 A 0.6 Reset 1 – Input A 0.7 Not connected

Byte 1 A 1.0 Not connected A 1.1 Not connected A 1.2 Not connected A 1.3 Not connected A 1.4 Not connected A 1.5 Not connected A 1.6 Not connected A 1.7 Not connected

Note For further information on the standard assignment of the control and message data, please refer to the system manual about SIMOCODE pro (http://support.automation.siemens.com/WW/view/en/20017780).

5.2 Configuration with SIMATIC PDM

1. Open SIMATIC PDM with a double-click on the SIMOCODE symbol in the HW Config.

2. Select the SIMOCODE pro V basic configuration and click on the “OK” button. The system will only ask for the basic configuration when you open SIMOCODE for the very first time.

3. Enter a device name and click on the “OK” button.




1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 5-1

With the selection in this example “Direct online starter (DM-F PROFIsafe)”, the following components will be configured automatically: · DM-F PROFIsafe module · Operator panel · On/off button for local operation · Interface to the AS In the actual dialog for the configuration of SIMOCODE pro V with SIMATIC PDM, the automatically set configuration is displayed and can be changed there. If you haven’t installed any Operator Panel at SIMOCODE pro V, for example, it can be deactivated here.



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 5-2

The PROFIBUS address from the HW Config is displayed in the folder “Bus Parameters”. The address for the DM-F PROFIsafe module is set in the device by means of the address switch. The PROFIsafe address is displayed when SIMOCODE pro V has been read out.

Figure 5-3



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

In the folders “Motor Protection” and “Monitoring Functions”, you can adapt SIMOCODE pro V to the motor and set various tolerances for motor diagnosis and maintenance alarms. In the folder “Motor Control”, you can set the individual operating locations for the motor control. With the two control signals S1 and S2 in the folder “Motor Control > Control Station > Operation Mode Selector” you can choose among 4 different operation modes: · Local Control [LC] – local control by the start-stop button · PLC/PCS [DP] – control via the program of the AS · PC [DPV1] – acyclic control via DPV1 (e.g. with SIMOCODE ES) · Operator Panel [OP] The basic configuration of SIMOCODE pro V as a direct starter only differentiates between “Local” and “PLC/PCS” mode. In the “Local” mode, SIMOCODE pro V can be operated both, by means of the start/stop button and by the Operator Panel.

Figure 5-4

4. Download the device configuration of SIMOCODE pro V with the menu function “Device > Downloading into the devices …”.



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Note Downloading SIMOCODE pro V with PDM from HW Config. requires a routing-capable connection with the respective hardware. When the DM-F PROFIsafe module and the F system are used, SIMOCODE pro V must be connected to a PROFIBUS string, which is accessible via a PROFIBUS CP. The internal PROFIBUS interface of the H-CPUs only supports this function from firmware V6.0.0 onwards.

5.3 Configuration with SIMOCODE ES

You can start SIMOCODE ES from HW Config. Please proceed as follows:

1. Select the SIMOCODE symbol:

2. Select the module “SIMOCODE pro V” module.

Figure 5-5

3. Select the entry “Properties” in the context menu.

4. In the “Properties” dialog, change into the “Parameter” tab.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 5-6

In the „Parameter“ tab the current status of SIMOCODE ES is displayed. When the button “Parameter” is active, you can start the program. When SIMOCODE ES has already been started, this button cannot be pressed.

5. Start SIMOCODE ES by clicking on the “Parameter” button.

6. Select the SIMOCODE pro V basic configuration and click on the “OK” button. The system will only ask for the basic configuration when you open SIMOCODE ES for the very first time.

Figure 5-7



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

With the selection in this example “Direct online starter (DM-F PROFIsafe)”, the following components will be configured automatically: · DM-F PROFIsafe module · Operator panel · On/off button for local operation · Interface to the AS In the actual dialog for the configuration of SIMOCODE pro V with SIMOCODE ES, the automatically set configuration is displayed and can be changed there. If you haven’t installed any Operator Panel at SIMOCODE pro V, for example, it can be deactivated here. The basic configuration can also be changed by selecting the entry “Device Configuration”.

Figure 5-8

You can call the other settings for adapting the system to the motor via the parameter tree or from the graphic editor. But when you use the PCS 7 SIMOCODE block library, the interface to the AS is fixed and must not be changed. The graphic editor shows all the existing configurations and interconnections, like in the CFC plan.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 5-9



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Take the required function blocks and signals from the catalog and interconnect their inputs and outputs. A double-click on one of the function blocks leads to the parameter settings of the block. For further information on the use of the Graphic Designer and the function of individual modules, please refer to the SIMOCODE pro manual or the online helpdesk.

7. Download the parameters in SIMOCODE pro V.

Note Downloading the SIMOCODE pro V parameters from the ES requires a routing-capable connection with the respective hardware. When the DM-F PROFIsafe module and the F system are used, SIMOCODE pro V must be connected to a PROFIBUS string, which is accessible via a PROFIBUS CP. The internal PROFIBUS interface of the H-CPUs only supports this function from firmware V6.0.0 onwards.

8. Save the settings you made when you leave SIMOCODE ES. The settings will then also be available after moving the PCS 7 project.

Figure 5-10

6 The Demo Project


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

6 The Demo Project To open the Demo Project, the following software needs to be installed: · PCS 7 V7.1 SP3 · S7 F Systems V6.1 · SIMATIC PDM V6.0 SP5 (PCS 7 Option) · SIMOCODE Electronic Device Description (EDD) for PDM · PCS 7 SIMOCODE pro library V7.0 SP3

Note For the AS program to work correctly, the SIMOCODE hardware must be installed. A simulation of the AS program with PLCSIM is not possible in this form.

1. Extract the archive of the Demo Project in the Simatic Manager with the command “File > Retrieve”

2. Open the retrieved project.

Note For configuring a fail-safe program, it must be password-protected. Fail-safe CFC plans or the configuration of the fail-safe modules are thus protected against any unauthorized access.

The password for the F program in this Demo Project is “Siemens”.

7 AS Program


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

7 AS Program 7.1 Overview

The fail-safe signal detection and control of SIMOCODE pro V and the operation and visualization are realized as an integrated solution in a CPU 41x. Since the operator control and monitoring is not as time-critical as the protective function, and a strict separation of the protection and the standard functions must be observed, the operating and monitoring part is realized in OB32 (1 s) and the fail-safe program in OB34 (200 ms). For every process tag, there are two plans, which carry the name of the process tag ID [Messstellenkennzeichen= MKZ] (plan name: MKZ = plan with standard function part, MKZ_F = plan with safety function). Furthermore, acknowledgement requests for module and channel failure and for the start-up of the safety program have been realized. After the start-up of the safety program, the fail-safe output is passivated until the start-up has been acknowledged. For test purposes an MOS (Maintenance Override Switch) function has been realized for switching the input drivers of the fail-safe input signals to the operating mode Simulation. When the multi-project was created with the project wizard, it already contains a technological hierarchy with Process cell(1), Unit(1) and Function(1). The plans for the application are created on the level “Function(1)” in the Technological view.

Figure 7-1

Note The interconnections to the driver modules are not described in more detail in this document. They are created automatically during the compilation of the AS program, and the necessary connections are made.

7 AS Program


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

7.2 Standard Logic

7.2.1 Higher-level functions

In the project, two functions have been realized, which supply status information from the safety program and require an action from the operator. After the start-up of the control, depending on the type of logic, safety-oriented outputs become active, since the process is in “Good” state. To prevent this, a start-up function is configured in the safety program. The operator is informed about the start-up and is requested to confirm the acknowledgement for activating the fail-safe outputs.

Figure 7-2 CFC plan: Start-upAckReq

Failures of safety-oriented modules must always be acknowledged in F systems. In case of channel failures, the configuring person has the possibility to decide whether they require an acknowledgement or not. For this purpose, every channel driver has an output “ACK_REQ” (1 = acknowledgement required). To inform the operator that a module / channel failure has gone and can be acknowledged, all the channel drivers gather the signals “ACK_REQ” in an OR relation and they are visualized by means of the “DIG_MON”module.

Figure 7-3 CFC plan: FailAckReq

7 AS Program


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

7.2.2 Measurements

The CFC plan “HZ1111” contains the blocks for the visualization of the EMERGENCY STOP button. The CFC plan “PIRZ1111” contains the blocks for the visualization of the pressure measurement. In this application example, the visualization was realized with the PCS Standard Library and also with the PCS 7 Advanced Process Library (APL). In both cases the outputs “QBAD” and “QUALITY” of the F-channel driver block “F_CH_DI” and “F_CH_AI” are used to indicate the status of the channel at the OS. For the further processing of the F signal “QBAD” in the standard program, the signal must be converted from “F_BOOL” to “BOOL”. The process value “Q_DATA” is converted to the respective structure for the APL block.

Figure 7-4 CFC plan: HZ111

Figure 7-5 CFC plan: PIRZ111

7 AS Program


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

7.2.3 Driver (fan) with SIMOCODE pro V

There already are blocks for all pre-defined motor variants for SIMOCODE. They are stored in the block library “PCS 7 SIMOCODE pro V70 SP3”.

Figure 7-6

For controlling the fan, the respective block “SMC_DIR” (direct starter) from the SIMOCODE library is used in the AS program. You have to interconnect the inputs and outputs of the “SMC_DIR” block with the hardware in the following way: · “IN_01 (WORD)” = status information SIMOCODE · “IN_23 (WORD)” = motor current · “Q_01 (WORD)” = control signal SIMOCODE In front of the SIMOCODE block, an interlock block is configured to simulate and visualize the fail-safe shut-down. When the interlock block is triggered, the operation of SIMOCODE is blocked and the operator receives the information about the cause which led to the shut-down.

7 AS Program


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 7-7 CFC plan: AN111

7.3 Safety program The individual elements of the protective function, signal detection and output of the shut-down command are assigned to the respective process tag in individual plans. Alternatively simple protective functions can be combined in one CFC plan.

7.3.1 Higher-level functions

The function for acknowledging the start-up for the fail-safe program is realized by means of the “Start-upAck_F” plan

Figure 7-8 CFC plan: Start-upAck_F

7 AS Program


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Note The output (“OUT”) of the “F_QUITES” block is set for one cycle, if in the input (“IN”), the value 6 is written at first and then changes to the value 9 within one minute.

In order to be able to set the value at the OS, you have to activate the option operator control and monitoring in the properties of the “F_QUITTES” block.

For acknowledging the module/channel failure, a “F_QUITES” block is required. Its output (“OUT”) must be interconnected with all the inputs “ACK_REI” of all the F channel drivers.

Figure 7-9 CFC plan: FailAck_F

7.3.2 Measurements

The plans “HZ111_F“ (EMERGENCY STOP) and “PIRZ111_F“ (pressure sensor) contain the fail-safe channel drivers to read in the process signals. The fail-safe status signal “QBAD” of the input driver is additionally negated and used in the logic in order to carry out a shut-down even in case of a channel failure. The process tags are visualized in the program part of the standard logic (chapter 7.2.2 Measurements).

Figure 7-10 CFC plan: HZ111_F

7 AS Program


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 7-11 CFC plan: PIRZ111_F

7.3.3 Safe shut-down of SIMOCODE pro V DM-F PROFIsafe

The fail-safe logic for shutting down SIMOCODE consists of an AND-relation of four signals and an output driver for a PROFIsafe Slave (F_CH_BO). The AND relations ensures that both input signals are in the GOOD range and that none of the signals is faulty.

Figure 7-12 CFC plan: AN111_F

7.3.4 Maintenance Override Switch (MOS)

In the present application, a possibility to test the protect functions from the operator station without I/O was realized by means of the MOS function. During the operation of a system, the block is used to temporarily by-pass a safety function, e.g. in case of a repetition test.

7 AS Program


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

It must be made sure that the process is being monitored by other measures during this time.

Figure 7-13 CFC plan: MOS_F

The MOS function consists of the following blocks, which allow a safe changing of values in the safety program: · F_SWC_P

realizes the fail-safe protocol between OS and AS · F_SWC_BO

receiving block for the safe operation of a Bool value · F_SWC_R

receiving block for the safe operation of a real value · SWC_TR

Template for a time limitation of the maintenance function · SWC_MOS

visualization of the maintenance function With an MOS function up to three bypass signals can be activated and a BOOL or REAL value can be set. In the application, one bypass signal each is used to switch the driver blocks for the pressure measuring and the EMERGENCY STOP to simulation. For the pressure measuring a simulation value can be pre-set. At the input driver of the EMERGENCY STOP signal, the simulation value is configured to “1". The time of a bypass is limited to 10 minutes, but it can be reset fail-safely before the time has expired from the faceplate of the MOS function.

7 AS Program


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

For a safe assignment of the MOS operator panel to the function in the AS, the block needs a so-called “identifier”. By default, the plant identification from the CPU properties is used for this. Enter the respective text in the HW Config.

Figure 7-14

8 Operation of the Application


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

8 Operation of the Application 8.1 Overview

The components of the application example are summarized in a process image. For the demo project, the PDM variant of SIMOCODE pro V was used. The following objects are configured in the process image: · SIMOCODE block symbol (AN111) · Interlock block for AN111 · Status display fort he pressure (PIRZ111, APL and Standard) · Status display for the EMERGENCY STOP (PIRZ111, APL and Standard) · Acknowledgement request for the F start-up · Acknowledgement request for the module/channel failures · MOS function

Figure 8-1



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

8.2 Acknowledge F start-up and module/channel failure The acknowledgement requests for the start-up and the module/channel failure is visualized by means of the digital status display. The “Reset” buttons are only active in an acknowledgement request. In order to exit the acknowledgement, you must hit the “Confirm” button, which is active for a maximum of 60 sec. after you have hit the “Reset” button.

Figure 8-2

8.3 Operating SIMOCODE pro V SIMOCODE pro V is operated by means of the blocks contained in the SIMOCODE library. In this application example, SIMOCODE pro V has been configured as a direct starter. The faceplate contains the following 8 views: · Standard (status and operation) · Limits (motor current and limits) · Maintenance (operating mode) · Errors · Warnings · Messages · Batch · Trend (curve display) In the following figure, the circle diagram is depicted with all 8 views of the faceplate.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 8-3

The operating states of the SIMOCODE pro V DM-F PROFIsafe module are displayed as errors or warnings. After a shut-down of the drive via the DM-F module (Safety Switch Off) or after an error in the feedback circuit of the motor contactors (Safety Wiring Error, Safety Feedback Circuit or Fault F9), please proceed as following to restart operation:

1. Remove the fault.

2. Reset SIMOCODE (reset “Group Error” in the faceplate).

3. Acknowledge the fault in “F_CH_DO” by pressing the “Reset” and “Confirm” buttons in the OS.

NOTICE If a fail-safe output signal is pending, the safety-oriented part of the function in the DM-F module is reactivated with the acknowledgement of the channel “F_CH_DO”. In the application example this switches on the contactor Q1.

If a wire in the feedback circuit breaks, while the drive is also switched off from the DM-F module, the warning “Safety Feedback Circuit” is created when the fail-safe of SIMOCODE is activated. In this case, you have to deactivate the fail-safe output first and then carry out the steps described above.



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

The function to switch off the DM-F module realized in the safety-oriented part of the control is simulated in the standard part of the AS and used for protective shut-down or for blocking the start-up command in SIMOCODE. For the simulation and visualization of the protective function, an interlock block from the standard library is used.

Figure 8-4

8.4 Maintenance Override Switch (MOS) In this example, the MOS function is used for the simulation of the process signals for pressure (PIRZ111) and for EMERGENCY STOP (HZ111). Bypass 1 switches the module driver (F_CH_AI) of the pressure measurement (PIRZ111) to the operating mode “simulation”. The simulation value is pre-set in the entry box “Fail-safe value”. Bypass 2 switches the module driver (F_CH_DI) of the EMERGENCY STOP button (HZ111) to the operating mode “simulation”. The simulation value is configured “1” at the driver.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Figure 8-5

The individual values are changed by one or two users in several steps that have to be carried out after the operation authorization has been set. The individual steps are:

1. (Initiator) Change the value or set the bypass function

2. (Initiator) Initiate the changes by pressing “Initiate”

Figure 8-6



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

3. (Confirmer) Set the option “Operation was verified and can be activated”

4. (Confirmer) Confirm the changes by pressing “Confirm”

Figure 8-7

The texts displayed at “Tag name” are the names of the connected blocks in the CFC plan. For the identification of the CPU, the MOS function uses an identification taken from the “Plant designation” in the properties of the CPU. You can adjust the authorization levels in the Properties of the Block symbol.

Figure 8-8

9 Safety Considerations


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

9 Safety Considerations 9.1 Device data

Please find the device data required for safety considerations in the device manuals or in the following entry: http://support.automation.siemens.com/WW/view/en/27832836

9.1.1 PFD and PFH of the components used

For the components used the PFD (Average probability of failure on demand) and the PFH (Probability of a dangerous failure per hour) values are summarized in the following table:

Table 9-1

Component MLFB PFD PFH Proof test interval

CPU 417-4H 6ES7417-4HT14-0AB0 3.8E-04 4.3E-09 20 years SM326 F-DI 24 (SIL CL 3, PL e)

6ES7326-1BK02-0AB0 <1.00E-05 <1.00E-09 20 years

SM336 F-AI 6x 0/4..20 mA HART

6ES7336-4GE00-0AB0 <1.00E-05 <1.00E-09 20 years

Table 9-2

Communication PFD PFH Remark

PROFIsafe F-IN à F-CPU à F-OUT

<1.00E-05 <1.00E-09 This value is only added once in the evaluation of the safety function.

9.1.2 SIMOCODE pro DM-F PROFIsafe module

Please find the safety-specific technical data for the DM-F PROFIsafe module in the manual “System Manual Fail-safe Digital Modules SIMOCODE pro Safety”. (http://support.automation.siemens.com/WW/view/en/50564852

Safety-specific device data

Table 9-3

Description Value

PROFIsafe Version V2 Achievable SIL according to 61508 up to 3 SIL actuation limit according to IEC EN 62061

3





Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Description Value Achievable performance level (PL) according to ISO 13849-1

up to e

Achievable category according to ISO 13849-1

up to 4

Hardware fault tolerance (HFT) 1 Device type according to IEC 61508-2 B Device type according to EN ISO 13849-1 4 MTTFd high DCavg high T1 value (lifetime) according to IEC 61508 20 years Stop category according to DIN EN 60204-1.

0

Approvals TÜV (IEC 61508, ISO 13849-1, NFPA79)

Table 9-4

AC/DC 110 V – 240 V DC 24 V

PFHd at a high requirement rate according to EN 62061

4.41 x 10-09 1/h (40°C) 7.78 x 10-09 1/h (60°C)

4.36 x 10-09 1/h (40°C) 7.65 x 10-09 1/h (60°C)

PFDavg at a low requirement rate according to IEC 61508

5.21 x 10-06 (40°C) 9.34 x 10-06 (60°C)

5.13 x 10-06 (40°C) 9.14 x 10-06 (60°C)

Monitoring and reaction times

Table 9-5

Description Value

PROFIsafe monitoring time (F_WD_Time) ≥ 250 ms Reaction time in fault-less condition Worst Case Delay Time (TMAX / TWCDT)

≤ 150 ms

Reaction time if there is a fault One Fault Delay Time (TOFDT)

200 ms

Off-delay time in case of a power cut (typical) 220 ms Off-delay time in case of a power cut (maximum) 320 ms Recovery time in case of a power cut (typical) 1 s

9.1.3 SITRANS P DS III

For the application in safety functions, the SITRANS P DSIII with the option C20 or C23 is available. They contain the required certificate for the safety functions. From the certificate the following failure rates for the use of the measuring transducer in a 1oo1 architecture have been taken:



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Table 9-6

Description Value

Safe failure rate 153FIT / hour Safe detected failure rate 0 / hour Safe undetected failure rate 153FIT / hour Dangerous failure rate 512FIT / hour Dangerous detected failure rate 486FIT / hour Dangerous undetected failure rate 26FIT / hour Safe failure fraction 96% PFDavg for a low requirement rate according to IEC 61508 (MTTR = 72h)

6.16 E-4

Fit for use in Safety Integrity Level IEC 61511

SIL 2

9.1.4 EMERGENCY STOP / motor contactor

For triggering an EMERGENCY STOP in a local operation, the EMERGENCY STOP control device (3SB3 801-0EG3) with positive opening contacts. The motor is switched off by two power contactors (SIRIUS 3RT2 015-1BB42) with mirror contacts. These devices belong to the Siemens SIRIUS product group. For the Siemens SIRIUS product group, the following values for the use in low requirement rates are quoted in the Siemens standard SN 31920 of September 2007.

Table 9-7

Siemens SIRIUS product group Standard failure rate 1)

Percentage of dangerous failures 2)

EMERGENCY OFF / EMERGENCY STOP control devices with positive opening contacts

100 FIT 3) 20%

Contactors / motor starters with positively driven contacts or mirror contacts

100 FIT <40% 4)

Power circuit-breakers 3RV 50 FIT <40%

1) The failure rate in the table was limited to 100 FIT. (The only exception is the power circuit-

breaker, which was limited to 50 FIT). 2) Only applicable at the conditions described above. 3) Also limited to 100 FIT due to protection against tampering in combination with latching. 4) The SIL level can be improved by failure detection by means of a positively driven auxiliary

circuit-breaker.



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

9.2 Safety functions The following supplementary safety functions are important for the further considerations:

Table 9-8

Function Description

EMERGENCY STOP (supplementary safety function)

When EMERGENCY STOP is activated, the motor must be switched off.

Pressure monitoring (safety function)

When the pressure limit value is exceeded, the motor must be switched off.

Note EMERGENCY STOP is no means for risk minimization but a supplementary safety function.

9.2.1 Safety function EMERGENCY STOP

The safety function consists in an input circuit, the CPU and an output circuit. For the input and output circuits, two channels are provided. In the input circuit, the two contacts of the EMERGENCY STOP button are detected by two inputs of the F-DI module. In the output circuit, the two power contactors are switched off by the DM-F PROFIsafe module by means of two contacts internally connected in series.

Figure 9-1

Determination of the SFF (Safe Failure Fraction)

SFF = (∑λS + ∑λDD) / (∑λS + ∑λD)

From the standard failure rate of 100 FIT and a percentage of dangerous failures of 20 %, an SFFSensor = 80% is determined fort he EMERGENCY STOP button with a single-channel design. The unit FIT (Failure In Time) corresponds to the number of failures in 109 hours. For a motor contactor, an SFFActor > 60 % is determined from the standard failure rate of 100 FIT and a percentage of dangerous failures of < 40 % with a single-channel design.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Since it is a type A device, a two-channel set-up is necessary to reach SIL3 according to IEC 61508. This requirement is complied with by the use of a second motor contactor. For the SIMATIC components, no architectural consideration is carried out since they are certified up to SIL 3.

PFD value calculation On the basis of the SIEMENS standard SN31920 the PFD value is calculated according to the following simplified formula:

2)(txPFD DUDavg ××=l

With “λD(DU) = 20 FIT” with a “Proof-Test” interval of one year the result is the following “PFDavg” value for the EMERGENCY STOP with two contacts: PFDavg = 20E-09 * 365 * 24 / 2 = 8.76E-05

For a motor contactor with “λD(DU) = 40 FIT” the following “PFDavg” value results: PFDavg = 40E-09 * 365 * 24 / 2 = 1.752E-04 For the calculation of the 1oo2 architecture of the motor contactors used in our example, the following formula is used:

( )11,2

11,21, 34

ooSooSooS PFDPFDPFD ×+÷øö

çèæ ×= b

With “PFDS,1oo1 = 1.752E-04” and “β = 0.1” the following “PFDavg” value result for the motor contactors: PFDavg = (4/3 * 1.752E-04 * 1.752E-04) + (0.1 * 1.752E-04) = 1.76E-05 The table shows the individual PFD values of the components used in this application for the EMERGENCY STOP function:

Table 9-9

EMERGEN-CY STOP

button

Digital input

SM326 F-DI 24

AS

CPU 417-4H

SIMOCODE pro V DM-F

PROFIsafe

Motor contactors

Communi-cation

Selection 1oo2 1oo2 1oo1D 1oo2 1oo2 -

Proof Test T1

1 year 20 years 20 years 20 years 1 year -

Standard failure rate

100 FIT - - - 100 FIT -

Percentage dangerous failures

20% - - - 40% -

PFDAVG 8.76E-05 1.00E-05 3.80E-04 1.50E-05 1.76E-05 1.00E-05

SIL SIL 3 IEC 61511

SIL 3 IEC 61508 certificate



SIL 3 IEC 61511

SIL 3



Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

The sum of the PFD values is PFDGES = 5.20E-4, so the function fulfils the requirement for SIL 3. For the EMERGENCY STOP, both the architecture and the PFD value fulfils the requirements for SIL 3 for the function.

9.2.2 Safety function “Pressure monitoring”

The safety function consists of an input circuit, the CPU and an output circuit. The input circuit has a one-channel and the output circuit has a two-channel design. In this application example, a pressure transducer “SITRANS P DS III (4..20mA)” was used, which is connected to a fail-safe analog input module. Alternatively, the pressure transducer can also be used as a PROFIsafe PA device, which is directly connected to the PROFIBUS. In the output circuit, the two power contactors are switched off by the DM-F PROFIsafe module by means of two contacts internally connected in series.

Figure 9-2

Determination of the SFF (Safe Failure Fraction) According to the enclosed certificate, the pressure transducer according to IEC 61508 is a device of the type B with an SFF = 80% and according to IEC 61511 on the basis of a “Proven in Use” analysis suitable in a 1oo1 configuration for SIL 2.

PFD value calculation The table shows the individual PFD values of the components used in this application for the pressure monitoring function. However, it only fulfils the requirements up to SIL 2. For the fulfillment of the SIL 3 protective function, the two-channel design and a respective evaluation of the signals of the pressure transducer is required.



1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

Table 9-10

Pressure measuring transducer SITRANS P DS III

Analog input

SM336 F-AI 6x0/4-20mA

AS

CPU 417-4H

SIMOCODE pro V DM-F

PROFIsafe

Motor contactors

Communi-cation

Selection 1oo1 1oo1 1oo1D 1oo2 1oo2 - Proof Test T1

1 year 20 years 20 years 20 years 1 year -

Standard failure rate

- - - - 100 FIT -

Percentage dangerous failures

- - - - 40 % -

PFDAVG 6.16E-04 1.00E-04 3.80E-04 1.50E-05 1.76E-05 1.00E-05 SIL SIL 2

IEC 61511 SIL 2 IEC 61508 certificate



SIL 3 IEC 61511

SIL 3

The sum of the PFD values is PFDGES = 1.04E-3, so the function fulfils the requirement for SIL 2.

10 Links & Literature


Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

10 Links & Literature 10.1 Bibliographic references

The following list is by no means complete and only provides a selection of appropriate sources. Table 10-1

Topic Title

/1/ Basics of low voltage switching technology


/2/ Industrial controls SIRIUS innovations


10.2 Internet links

The following list is by no means complete and only provides a selection of appropriate information. Table 10-2

Topic Title

\1\ Reference to the document


\2\ Siemens I IA/DT Customer Support

http://support.automation.siemens.com

\3\ Motor management SIMOCODE pro

http://www.automation.siemens.com/mcms/industrial-controls/de/steuergeraet-ueberwachungsgeraet/simocode/Seiten/default.aspx

\4\ SIMOCODE pro System manual


\5\ SIMOCODE pro DM-F PROFIsafe System manual


\6 SIMOCODE GSD http://support.automation.siemens.com/WW/view/en/113630

\7\ SIMOCODE EDD http://support.automation.siemens.com/WW/view/en/50389556



http://support.automation.siemens.com/WW/view/de/58824610

http://support.automation.siemens.com/








11 History


1.0, Entry ID: 58824610

Cop

yrig

ht ã

Sie

men

s A

G 2

012

All

right

s re

serv

ed

11 History Table 11-1

Version Date Change

V1.0 26.04.2012 First issue

Date post:	14-Mar-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

A & T · fail-safe digital module DM-F PROFIsafe and therefore do not affect the existing...

Documents