380 likes | 582 Views
Rexroth IndraDrive Integrated Safety Technology. complete intelligent safe. Reaction with enabling control handle when a linear axis starts up. Linear axis with ball screw spindle, v=28m/min, M=1.4Nm, n=6000 rev/min. (m/min). 30. 25. 20. 15. 10. 5. 0.
E N D
Rexroth IndraDriveIntegrated Safety Technology complete intelligent safe
Reaction with enabling control handle when a linear axis starts up Linear axis with ball screw spindle, v=28m/min, M=1.4Nm, n=6000 rev/min (m/min) 30 25 20 15 10 5 0 (ms) 0 100 200 300 400 500 Overtravel: 110mmbest reaction Overtravel: 2mmwith safety on board technology Overtravel: 200mmnormal reaction
Risk Assessment According to DIN EN 954 Safety categories: Category B Safety-related parts must be designed so that they withstand the influences to be expected. System characteristics: A fault can lead to loss of safety. Example: - Selection of cable cross-sections - Selection of the suitable power supply - Control without any safety precautions
Risk Assessment According to DIN EN 954 Safety categories: Category 1 Requirements of cat. B must be met; in addition, proven components/principles must be used/applied. System characteristics: A fault can lead to loss of safety. (However, the probability of occurrence is lower than in category B) Example: Proven components: Emergency stop switching device, fuse, cables to IEC, etc. Proven principles: Forced operation, over-dimensioning, limitation, etc.
Risk Assessment According to DIN EN 954 Safety categories: Category 2 Requirements of cat. B and 1 must be met; in addition, the safety function must be tested by the machine control at suitable intervals. System characteristics: A fault can lead to loss of safety between testing intervals. (But is recognized in the course of testing) Example: Structure of the control: Cyclical test
Risk Assessment According to DIN EN 954 Safety categories: Category 3 Requirements of cat. B and 1 must be met. Safety-related parts must be designed so that: - a fault will not result in loss of safety. - a fault is recognized. System characteristics: If a single fault occurs, safety is maintained. Some - not all – faults are recognized. (Several faults can lead to loss of safety) Example: Structure of the control: Redundancy
Risk Assessment According to DIN EN 954 Safety categories: Category 4 Requirements of cat. B and 1 must be met. Safety-related parts must be designed so that: - a fault will not result in loss of safety. - a fault is recognized upon or before the next request. System characteristics: If a single fault occurs, safety is maintained. All faults are recognized. Example: Structure of the control: Redundancy, short-circuit-proof
Stop Categories Control current circuits Stop functions for the shutdown of machines/axes/drives Category 2 Controlled shutdown Energy supply is maintained also at standstill Category 0 Uncontrolled shutdown Energy supply is imme- diately disconnected; if required application of mech. brakes Category 1 Controlled shutdown Energy supply is maintained until standstill isachieved
Diversity Diversity is redundancy with different components, techniques and principles. e.g. different hardware manufacturers, different software structures by different programmers, etc. The integrated safety technology from Bosch Rexroth is consistently structured diversely
IndraDriveStarting Lockout Starting Lockout EU type test certificate for safety component “safety related starting lockout“ Safety category 3 (to EN 954-1) Stop category 0 (to EN 60204-1) The power supply to the drive is safely interrupted. The drive cannot generate torque/force and hence no dangerous movements. Display: "AS" Forced dynamization for detecting dormant errors Time interval can be adjusted (e.g. open protective door every 8 hours). Note: For all applications of category 3 to EN 954-1 it is not permitted to route both channels via a standard PLC!
IndraDrive:Integrated safety technology Integrated safety technology (safety on board) Type test EU type test certificate for safety component SI functions: - safety related standstill, - safety related operational stop, - safety related drive interlock, - safety related reduced speed, - safety related limited absolute position - safety related direction of motion Execution in accordance with safety category 3 (to EN 954-1) Safety technology only monitors! It does not control the safety related operation!
IndraDrive:Integrated safety technology Crosswise data comparison
IndraDrive:Integrated safety technology Operating principle The safety functions are monitored by the drive system during operation. To this end, three principles for detecting dormant errors are realized in the system: Dual-channel data processing with diverse structure Crosswise comparison of safety-relevant data Dynamization of steady states These measures ensure that a single fault cannot result in the loss of safety functions (category 3 to EN 954-1).
IndraDrive:Integrated safety technology Selection of channel 1 via I/Os IndraDrive power section IndraDrive control section I/O Processor A with SI function M Processor B with SI function I/O SI active SI active Channel 2 Channel 1
IndraDrive:Integrated safety technology Selection of channel 1 via command communication IndraDrive power section IndraDrive control section SERCOS SERCOS Control Channel 1 Processor A with SI function I/O M Processor B with SI function I/O SI active SI active Channel 2 Channel 1
IndraDrive:Integrated safety technology Internal dynamization Dynamization signal Master 24V 0V Slave Slave
Dynamization signal 24V 0V IndraDrive:Integrated safety technology External dynamization Slave Slave Slave
IndraDrive:Integrated safety technology Safety related standstill Standstill: State, in which the mechanical component is at a standstill, with the drive being no longer supplied with energy. Safety related standstill Stop category 1 (to EN 60204-1) - The time for shutdown (transition to a safety related status) can be adjusted. - The safety related standstill is interrupted by the actuation of an enabling control! Display: “SH“ Caution: Vertical axes must be held in position by the motor brake / external brake / weight compensation after the power stage was locked!
IndraDrive:Integrated safety technology Safety related drive interlock The safety function corresponds to “safety related standstill halt“ (stop category 1 to EN 60204-1) The only exception: The drive interlock cannot be interrupted by the actuation of an enabling control! Display: „ASP“ Caution: Vertical axes must be held in position by the motor brake / external brake / weight compensation after the power stage was locked! Note: The motor holding brake alone is not permitted for the protection of persons!
IndraDrive:Integrated safety technology Safety related operational stop The drive is at a standstill, all control loops are active, dual-channel standstill monitoring equipment is active. Stop category 2 (to EN 60204-1) - Standstill window can be adjusted. - The time for shutdown (transition to a safety related status) can be adjusted. - The safety related operational stop is interrupted by the actuation of an enabling control! Display: “SBH” Note: The axes must be held in position by an external brake or mechanical lock, if external forces acting on the axis must be expected during safety related operational stop!
IndraDrive:Integrated safety technology Safety related reduced speed The drive rotates at reduced speed. Speed monitoring is activated in two channels. - The time for activating the enabling control is monitored. - The time for deceleration (transition to a safety related status) can be adjusted. - Combination with “safety related limited absolute position“ is possible. - Combination with “safety related direction of motion“ is possible. - Combination with “safety related limited increment“ is possible. - Up to 4 safe speeds are possible. Display: “SBB”
IndraDrive:Integrated safety technology Safety related limited increment The compliance with a maximum safety related limited increment is monitored via two channels. Exceeding the safety related limited increment results in the shutdown according to stop category 1. - In addition, safety related reduced speed is active. - The time for activating the enabling control is monitored. - Combination with “safety related limited absolute position“ is possible. - Combination with “safety related direction of motion“ is possible. Display: “SBB”
IndraDrive:Integrated safety technology Safety related limited absolute position The compliance with the given, absolute position limit values is monitored via two channels. Exceeding of a limit value results in a shutdown according to stop category 1. The same is valid for an actuating of this feature outside the limit values. - In addition, safety related reduced speed is active. - The time for activating the enabling control is monitored. - “Safety related homing” is a precondition for this. - Combination with “safety related direction of motion“ is possible. - Combination with “safety related limited increment“ is possible. Display: “SBB”
IndraDrive:Integrated safety technology Safety related direction of motion It is monitored via two channels, that the movement is carried out in only one given direction. A movement in the non-released direction results in a shutdown according to stop category 1. - In addition, safety related reduced speed is active. - The time for activating the enabling control is monitored. - Combination with “safety related limited absolute position“ is possible. - Combination with “safety related limited increment“ is possible. Display: “SBB”
IndraDrive:Integrated safety technology Safety related maximum velocity With the safety function “safety related maximum velocity“, two channels monitor the drive for exceeding the given speed limit value. Exceeding results in the shutdown according to stop category 1. Display:“---“ Note: This monitoring feature is active in any operating mode. It cannot be directly activated or deactivated.
IndraDrive:Integrated safety technology Safely monitored stopping The function controls the transition: - from the normal operating mode to the safety related operating mode of safe standstill, - from one safety related operating mode of safe movement to safety related standstill. The transition (type of deceleration) to safety related standstill or safety related drive interlock can optionally be controlled by the drive or the master control. The transition to safety related operational stop must be controlled by the master control. A tolerance time must be determined for the transition to standstill. Exceeding results in the shutdown according to stop category 1.
IndraDrive:Integrated safety technology Safety related homing To be able to realize diverse, i.e. dual-channel-separated position monitoring, the individual channels and their actual position value systems must be diversely referenced. - Dual-channel activation of the homing command. - Dual-channel evaluation of both homing switches. With absolute measuring systems the homing procedure must also be diverse. Instead of a home cam, a manually operated switch may be used for acknowledging the correct absolute position.
IndraDrive:Integrated safety technology Safety related outputs Safety related diagnostic outputs “Safely acquired states" are passed on to other system components. Controlling of: - Safety relays, - Safety PLC, etc. Safety related control of a door locking device For several axes within a hazardous zone, a diagnostic master is activated in one of the drive control units, which acquires the safety related status of these axes and controls the door locking device. Note: Position monitoring of the locked, separating protective equipment is additionally required.
Operating mode switch+ enabling control Operating mode switch Enabling control IndraDrive:Integrated safety technology 4 dual-channel inputs: - Operating mode switch- Enabling control device - Safety switch 1- Safety switch 2 Normaloperation Safely reduced speed 1 Safe standstill
IndraDrive:Integrated safety technology • 4 dual-channel inputs: • Operating mode switch- Enabling control device- Safety switch 1- Safety switch 2 4 dual-channel inputs: - Operating mode switch- Enabling control device - Safety switch 1- Safety switch 2 Normaloperation Operating mode switch+ enabling control(+ safety switch 1) Operating mode switch Safely reduced speed 1 Safe standstill Enabling control Safely reducedspeed 2 Enabling control + safety switch 1
IndraDrive:Integrated safety technology • 4 dual-channel inputs: • Operating mode switch- Enabling control device- Safety switch 1- Safety switch 2 Normaloperation Operating mode switch+ enabling control (+ safety switch 1 + 2) Operating mode switch Safely reduced speed 1 Safe standstill Enabling control Safely reducedspeed 2 Enabling control + safety switch 1 Safely reduced speed 3 Enabling control + safety switch 2 Safely reduced speed 4 Enabling control + safety switch 1 + safety switch 2
Drive interlock Drive interlock (ASP) Drive interlock Drive interlock IndraDrive:Integrated safety technology Normaloperation 4 dual-channel inputs: - Operating mode switch- Enabling control device - Safety switch 1- Drive interlock 4 dual-channel inputs: - Operating mode switch- Enabling control device - Safety switch 1- Drive interlock Operating mode switch Safely reduced speed 1 Safe standstill Enabling control Safely reducedspeed 2 Enabling control + safety switch 1
IndraDrive:Integrated safety technology Dynamization Starting Lockout Manual (actuation of starting interlock) Required after power-on and within an adjustable time interval Safety technology I/O: • Safety technology I/O: • Dynamization takes place automatically, without being noticed by the user: • - Internally by SI master • - Externally by PLC / safety PLC • Safety technology I/O: • Dynamization takes place automatically, without being noticed by the user: • - Internally by SI master • - Externally by PLC / safety PLC • Adjustable time intervals • Due to NC/NO combination, one channel is always lead through • Safety technology I/O: • Dynamization takes place automatically, without being noticed by the user: • - Internally by SI master • - Externally by PLC / safety PLC • Adjustable time intervals • Integrated Safety Technology (I/O): • Dynamization takes place automatically, without being noticed by the user: • - Internally by SI master • - Externally by PLC / safety PLC • Adjustable time intervals • Due to NC/NO combination, one channel is always lead through • Synchronization of dynamization in the slaves
SI master IndraDrive:Integrated safety technology Different hazardous zones SI master SI master SI master
IndraDrive:Integrated safety technology In the case of a control and drive system with integrated safety technology, the following components of conventional safety technology are no longer required: Motor standstill guard for monitoring the safe standstill Rotary speed guard for monitoring safely reduced speeds Power contactors between control devices and motors Limit switches or position cams for recognizing ranges Note: The integrated safety technology is not intended to substitute conventional safety technology such as emergency stop equipment and protective door guards.
External monitoring Internal monitoring Drive Controller Drive Controller with safety integrated Monitoring M M v v IndraDrive:Integrated safety technology Advantages over conventional solutions Examples: Monitoring of safe motion External: Delayed reaction times Particularly fatal with drives with high acceleration rates Additional measuring and evaluation technology required Internal: Direct responding reduces reaction time ( 2 ms) Often more cost-efficient Free selection of control technology Simple interlinking of safety functions possible (e.g. safely reduced speed + safe direction of movement) Source: BIA report 5/2003