Flexible Safety Solutions for Modular Machines

Every machine manufacturer must evaluate the risk presented by its products under the Machinery Directive 2006/42/EC in order to protect people coming into contact with the machine. In order to reduce the risk presented by the machinery to an acceptable residual risk, manufacturers follow a three-stage process: First, risks must be minimized as far as possible in terms of design. Remaining risks must be reduced by means of technical protective measures. The third stage of risk reduction requires the manufacturer to create user information, such as operating manuals, that explain proper use of a product.   

When speaking of safety or machine safety, this usually refers to the second stage. The exact design of these technical protective measures is not precisely defined. This is why there are different safety concepts with specific advantages and disadvantages: On the one hand, there are central, hardwired systems with safety relays, and on the other hand, there are centrally wired applications with safety controllers or safety controls. Distributed safety concepts with IP67 I/O modules combined with central safety controls or distributed IP67 safety controllers are a third variation. Passive safety solutions are also an option when applications are suitable.  

Central safety systems with relay technology  

Like conventional automation technology, the automation of safety functions was originally based on relay technology. Safe relay technology is still being used today. The logic is mapped by means of hard-wired contacts. The advantage of these installations is that the hardware is relatively inexpensive and they are understood worldwide. No software is used. However, in larger and more complex safety installations, the relay technology becomes too complicated. Troubleshooting and fault diagnosis are very time-consuming. System self-tests are not possible.  

Central systems with safety controllers  

Once a certain level of complexity is reached, it is more efficient to implement safety applications with safety controllers. Programs can be written in controllers or safety controls that, in simplified terms, link actions with conditions and Boolean operators (AND, OR, NOT, XOR).   
While the wiring for these applications is easier than it is for relay technology, all safe signals must be routed to the central controller in the control cabinet, which involves long commissioning times.  

The advantage of the safety controllers is that safety programs can be copied and used multiple times for machines of the same type. Extensions to the safety functions are relatively easy to implement. What’s more, the safety applications can be displayed as diagrams on HMIs. Information and signals are sent from both the controller to the PLC and from the PLC to the controller.  

XS26 safety controller easy to expand  

TURCK offers the SC10, SC26 and XS26 safety controllers from its partner Banner Engineering for central installations. All three devices can be used as devices/slaves in Profinet, Modbus TCP or Ethernet/IP networks. Users can therefore use exactly the same security architecture and application, regardless of the market for which a plant is intended.  

Safety programs by drag-and-drop  

Users program the control application in Banner’s free safety controller software. It provides a clear graphic interface for configuration and simulation of safety applications, and a range of export options for the documentation. Prefabricated modules for classic safety components allow safety applications to be programmed by drag-and-drop without programming code. The programs can be copied to other controllers using USB sticks. This means that the  program can be designed on the desktop, be tested and then copied to the application. The wiring must be installed on site in the field using classic point-to-point connections.  

One special feature of the SC10 safety controller is the ISD security protocol. ISD (In-Series Diagnostics ) can be used to connect 32 safety devices as linked slaves. The protocol is set to the modulated 24 V voltage . Information about the switch states and diagnoses of the safety sensors can be opened using the control. This feature usually only comes with more expensive safety controls with fieldbus or Ethernet communication.  

Many safety controllers are also easy to expand. Once all inputs and outputs on the XS26 controller are assigned, their number can be increased by additional modules. The user can add up to eight elements. There are input or output modules as well as OSSD or relay modules available.  

One disadvantage of the central safety architectures is often the complex wiring required for commissioning. Local protective boxes that allow distributed installation of the IP20 controllers can provide an interim solution.  

Offline engineering for fast commissioning  

The safety application can be pre-programmed and tested on the autonomous safety controller from Banner, even if a machine or the individual machine module is still offline. Testing safety programs from a desk and the workshop makes commissioning a lot faster. In live operation, the central safety control can then operate the application using multiprotocol Ethernet. Consistently modular machines can then control their safety functions locally at the module.  

Central control for distributed safety concepts  

Anyone who wants to minimize the central or distributed setup of protective housings for quick wiring and commissioning of their machines will end up coming across distributed safety installations with IP67 components. As is generally the case in automation technology, distributed architectures are becoming increasingly prevalent in safety engineering.    

A distinction is made between two types. There are distributed concepts that gather safe signals on IP67 I/O modules and relay them to the central safety control using fieldbuses or secure Ethernet protocols. And there are fully distributed installations that control safety applications directly in the field on IP67 safety controllers. Which of the two alternatives is better is determined on a case-by-case basis. Both distributed architectures provide the advantage of efficient wiring with Ethernet lines using standard connectors. The high density of information and the option of communicating meta-information make commissioning and diagnosis of the applications easier.  

Long cycle times require long safety distances  

It may be that longer response times need to be factored into applications with central safety controls when allowing for the bus cycle times and linked messages, which in turn require longer distances between the protective devices and the hazard sources.   

TURCK’s TBPN safety I/O modules for Profisafe and TBIP for CIP Safety allows both solutions to be implemented – with central or distributed control. Both module versions are available as full - safety modules with four safety-related universal inputs/outputs and four safety-related inputs that can collect up to 16 single-channel safe signals. The modules reliably switch up to 2 amps per output, at a maximum of 9 amps per module. They are suitable for use up to PL e, Cat. 4, SILCL 3.  

Should fewer safety-related inputs and outputs suffice for certain applications while at the same time requiring standard I/Os, TURCK offers an innovative special solution for this with its hybrid modules, and also for Profisafe (TBPN) and CIP Safety (TBIP). The hybrid modules provide two safe digital inputs as well as two safe, universal digital inputs or outputs and four universal digital standard inputs or outputs. They switch the same currents and can be used in the same safety categories as the full - safety modules. The hybrid safety modules feature two IO-Link master ports in class A; the second port can be shut down as safety-related.    

All TURCK safety modules come with a safe controller that can implement pre-processing for time-critical applications, as well as safety applications without a connection to a fail-safe control. Subsequent integration of a stand- alone application into a safe control with Profisafe or CIP Safety communication is always possible later on. The modules are convenient to program using a software tool. In operation, its integrated web server makes diagnosis and commissioning easy. The robust design featuring fully encapsulated module electronics make all modules suitable for use in harsh industrial environments. They are compliant with protection classes IP65/IP67/IP69K and operate reliably even in an extended temperature range of –40…+70 degrees Celsius.  

Distributed solution with passive safety   

Another variation on distributed safety concepts is referred to as passive safety. These applications are relatively cost-effective and ideally combine the benefits of central and distributed security architectures. Unlike conventional safety technology, passive safety applications do not supply power to every actuator using a separate, safe output. Passive safety simply ensures that the voltage to an actuator group is safely switched off in critical situations. To do this, the I/O groups used consistently ensure galvanic isolation of the sensor voltage (V1) from the actuator voltage (V2). The actuator system in the machine is switched off regardless of its status.   

Safety with IO-Link too  

TURCK offers an end-to-end passive safety solutions concept. All TURCK I/O components, including the IP67 I/O link masters, ensure consistent galvanic isolation of V1 and V2. TURCK I/O hubs for the transmission of up to 16 digital signals using IO-Link also isolate V1 and V2. This allows safe I/O-Link applications to be designed even without an IO-Link safety protocol. TURCK developed the TBSB switch-off box for safe shutdown. It is connected to a secure channel of a safety module (made by TURCK or another manufacturer) in the field, and if there is a safety event, it safely shuts down the actuator voltage to the downstream modules.