profisafe and trends - pete brown - siemens
TRANSCRIPT
What is
PROFIsafe and
how does it
work?
Pete BrownSiemens I CS
2
Peter Brown / What is PROFIsafe?
“The condition of being safe; freedom from danger, risk, or injury.”
In the UK (and Europe) this can cover many areas and industries, for example:Supply of Machinery (Safety) RegulationsElectromagnetic Compatibility RegulationsElectrical Equipment (Safety) RegulationsPressure Equipment RegulationsSimple Pressure Vessels (Safety) RegulationsEquipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres RegulationsLifts RegulationsMedical Devices RegulationsGas Appliances (Safety) Regulations
Important: It is essential to have some form of riskassessment / risk analysise.g. HAZAN / HAZID / HAZOP / RA to ISO 12100
What do we mean by “Safety”
3
Peter Brown / What is PROFIsafe?
Profibus DP
Standard-Host/PLC
F-Gate-way
otherSafety-
Bus
Repeater
Standard-I/O
Master-Slave Assignment
F-Field-Device
DP/PA
Coexistence of standard and failsafe communication
F-Host/FPLC
Standard-I/O
F-I/O
Engineering Tool
PG/ES withsecure accesse.g. Firewall
TCP/IP
F = Failsafe
F-Sensor F-Actuator
PROFIsafe – The Vision
4
Peter Brown / What is PROFIsafe?
F-Host / FPLC
Laserscanner Standard-I/O F-I/O Drive with integratedSafety
1:1 Communication relationship between master and slave1
2
Bus cycle
Cyclic Communication
5
Peter Brown / What is PROFIsafe?
"Black Channel": ASICs, Links, Cables, etc. Not safety relevant
"PROFIsafe": Safety critical communications systems: Addressing, Watch Dog Timers,Sequencing, Signature, etc.
Safety relevant, Not part of the PROFIsafe: Safety I/O / Safety Control Systems
Non safety critical functions, e.g. diagnostics
Standard-I /O
StandardControl
1
2
7
1
2
7
1
2
7
1
2
7
1
2
7
SafetyInput
SafetyControl
SafetyOutput
Safety-LayerSafety-LayerSafety-Layer
e.g.. Diagnostics
PROFIsafe – ISO/OSI Model
6
Peter Brown / What is PROFIsafe?
PROFIsafe – Add-on Strategy
Standardengineering
toolSTEP 7
StandardCPU
StandardPROFIBUS DP
StandardRemote I/O
Failsafe engineeringTool
Distributed Safety
FailsafeI/O Modules
PROFIsafe
Failsafe ApplicationProgramF-Hardware
7
Peter Brown / What is PROFIsafe?
Coexistence of standard program and safety-related program on one CPU
Changes to the standard program have no effect on the integrity of the safety-related program section
Standard program
Safety program
Standard program
Back-up
PROFIsafe - Program
8
Peter Brown / What is PROFIsafe?
Time redundancy and diversity replacecomplete redundancy
Time redundancyTime
DiverseOperation
Operation
Coding Comparison
DiverseOperators
Operators
DiverseOutput
Output
Stopby D /C
D = /C
CA, B
/A, /B
OR
AND
PROFIsafe – Coded Processing
Coded Processing
9
Peter Brown / What is PROFIsafe?
“Black channel"
PROFIsafelayer
PROFIsafelayer
Standarddata
Fail-safedata
Standardbusprotocol
Standarddata
Fail-safedata
Standardbus
protocol
PROFIBUS
PROFINET
PROFIsafe - Introduction
Safety-oriented communication via PROFIsafe First standard of communication in accordance with safety standard IEC 61508PROFIsafe supports safe communication for the open standard PROFIBUS and PROFINET The PROFIsafe meets possible faults like addresserror, delay, data loss with
Serial numerationof PROFIsafe-telegramTime monitoringAuthenticity monitoring via unique addressesOptimized CRC-checking
PROFIsafe supports standard- and failsafe Communication by one medium
10
Peter Brown / What is PROFIsafe?
Failure type:
Remedy: ConsecutiveNumber
Time Outwith Receipt
Codename forSender and
Receiver
Data Consistency
Check
Repetition
Deletion
Insertion
Resequencing
Data Corruption
Delay
Masquerade (standard message mimics failsafe)
Revolving memory failure within switches
Overview: Possible Errors and detection mechanism
PROFIsafe - Introduction
11
Peter Brown / What is PROFIsafe?
S S S S
Standard PROFINET IO messages
F Input/Output Data Status /Control Byte CRC2
acrossF I/O data, Status or
Control Byte, F-Parameter,
and Vconsnr_h
Max. 12 / 123 Bytes 1 Byte 3/4 Bytes *) *) 3 Bytes for a max. of12 Byte F I/O data4 Byte for a max. of123 Bytes F I/O data
PROFIsafe container =Safety PDU
PROFIsafe safety PDU
12
Peter Brown / What is PROFIsafe?
CRC1
.
3 Bytes
(F-Device)Consecutive
Number(not trans-
mitted)0,1...0FFFFFFh
F Input data Status Byte CRC2
acrossF Input data, Status Byte,F-Parameter,
and Vconsnr_d
Max. 12 / 123 Bytes 1 Byte 3 / 4 Bytes
Vconsnr_d
3 Bytes
Change Toggle_d0 1or 1 0when incre-mented
include Vconsnr_dwithin CRC2 calculation(see calculation details)
ResetR_cons_nr(Bit 2 of theControl Byte)
1
IncrementToggle_h(Bit 5 of theControl Byte)
Extended Consecutive Number (24 Bit)
24/32 Bit CRC Signature
24 Bit consecutive number
Synchronization via "Toggle Bit"
Virtual consecutive numbering = patented
Example:
13
Peter Brown / What is PROFIsafe?
Which protocol must be supported ?
IO-C
FDO
Actuator
PROFINET
-IODevice
FDI
FDO
Sensor
PROFIBUS.
PROFIBUS DeviceModular Device
Local bus
F-Host
PROFINET-PROFIBUS
Link
Encapsulation
EncapsulationEncapsulation
F-DI Fail-safe digital inputF-DO Fail-safe digital outputIO-C PROFINET IO-Controller
PROFINETSWITCH
PROFIsafe - Introduction
14
Peter Brown / What is PROFIsafe?
Which protocol version applies when ?
PROFIsafe V2 Slave used in
Protocol with 8Bit-Counter(= PROFIsafe
V1 mode)
Protocol with 24Bit-Counter(= PROFIsafe
V2 mode)PROFIBUS network only mandatory mandatory
PROFINET network only - mandatory
PROFIBUS / PROFINET network
mandatory mandatory
Goal: 100% compatabilityA PROFIsafe slave which supports the v2 mode must be able to replace an older version of this PROFIsafe slave which only supports the v1 mode without the need of any adaption
PROFIsafe - Introduction
15
Peter Brown / What is PROFIsafe?
DP MasterDP Master
PROFINET – PROFIsafe V2
PROFIBUS – PROFIsafe V1 or V2
DP Slave V2DP Slave V2
I/OI/O--Device V2Device V2
DP Slave V1DP Slave V1DP Slave V1DP Slave V1
Proxy
Only Only DP Slave V2DP Slave V2
V1 = PROFIsafe Profil V1V1 = PROFIsafe Profil V1V2 = PROFIsafe Profil V2V2 = PROFIsafe Profil V2
Which protocol version applies when ?
PROFIsafe - Introduction
Handling
Functional
Safety
Modern Requirements and
Best Practice
‘Drivers’ for Safety
Legislation: “I need to do something.…..but what?”
Fear: “What are my responsibilities and am I doing enough…. Or too much?”
Compliance: “Can I prove I have done as much as is reasonably practicable”
Operational Efficiency: “Can I produce products safely with maximum efficiency?”
Cost: “Am I getting the best return on my investment” (FFI)
Support: “I want advice based on solutions not products”
17
Peter Brown / Handling Functional Safety
What is Functional Safety?
Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs. Functional safety is achieved when every specified safety function is carried out and the level of performance required of each safety function is met.
Functional safety relies on active systems.
Safety achieved by measures that rely on passive systems is not functional safety.
18
Peter Brown / Handling Functional Safety
Reactor
Basic Process Control System (BPCS)
Inputs Outputs
Safety Instrumented System (SIS)
Inputs Outputs
Systematic Failures
Definition of a systematic failure:failure related in a deterministic way to a certain cause, which can only be eliminated by a modification of the design or of the manufacturing process, operational procedures,documentation or other relevant factors
Examples of systematic failures include human error in:
The safety requirement specification;The design, manufacture, installation or operation of the hardware;The design and / or implementation of the software.
19
Peter Brown / Handling Functional Safety
‘Best Practice’20
Peter Brown / Handling Functional Safety
IEC 61508
IEC 62061 ISO 13849
EN 954(until 2011)
IEC 61511
ProcessIndustry Manufacturing Industry
Focu
sPr
oduc
t Man
ufac
ture
Focu
sIn
tegr
atio
n
Relevant goodpractice
Harmonizedstandards
Basic Lifecycle Concept21
Peter Brown / Handling Functional Safety
Functional Safety
Control of dangerous failures during
operation through Robust Design
Control and avoidance of systematic failures
through Robust Processes
Safety Lifecycle Requirement
Engineering / DesignSystem ArchitectureFailure Probability
Planning / ProcessesSafety Management
Verification / Responsibilities
Verification and Validation
Verification (in general) =“Are you making it right?"Verification is the process used to evaluate whether or not a system complies with regulations / specifications / conditions imposed at the start of a phase.
Validation (in general) ="Are you making the right thing?“Validation is the process of establishing evidence (including functional testing) that provides a high degree of assurance that a system accomplishes its intended requirements (Fit for purpose).
22
Peter Brown / Handling Functional Safety
Simplified Safety Lifecycle23
Peter Brown / Handling Functional Safety
Hazard and Risk Assessment
Design and Engineering
Installation, Validation and Start-up
Operation and Maintenance
Modernisation and Upgrade
Verif
icat
ion
24
Author / Title of the presentation
Questions?24