Functional machine safety using discrete wiring is an established way to protect workers from injury, and protect companies from the expense associated with accidents and downtime.

AS-Interface safety devices are connected directly to the simple, two-conductor network. The gateway (top left) interfaces with any of today’s dominant upper level networks (DeviceNet, PROFIBUS, EtherNet/IP), and allows the PLC to perform annunciation and diagnostics.
Historically, machine safety has been based on wiring redundancy of safety-rated input components (e-stops, light curtains, door interlock switches) to safety relays. Fundamentally, this technology is easy to understand. The only trouble with these methods is that they are complex unless the safety function is trivial in nature. For instance, most hardwired solutions take the all-or-nothing approach: as soon as one of the safe inputs activates, the entire system shuts down. This may be safe in most cases, but it is certainly not ideal in terms of productivity. Worse than taking a productivity hit is the fact that some well-established hardwired scenarios are actually NOT safe at all.

In many safety systems, magnetic REED safety switches (green devices) and safety e-stops (yellow/red devices) are switched in series and connected to the inputs on a safety relay.
A large number of safety systems are constructed such that even in situations where a safety input device that has failed closed (i.e. a welded or sticky contact), the machine can be restarted! The figure on the next page illustrates this kind of problem.

In this case, a welded contact on the magnetic safety switches can easily go undetected, even if the safely relay goes into a safety lockdown state once it detects that only one REED contact opened. Unfortunately, operators can simply “overwrite” this by cycling one of the force-guided e-stops (or any other still functioning safety device on the cable run), thus “resetting” the safety relay. Once this happens, the machine can be restarted, even though the faulty safety device is still present.

Safety engineers have known about these kinds of problems—and their solution— for a long time; connecting each safe input device to its one safety relay solves the problem. But the price for doing this is very high, not only in terms of dollars and cents, but also in terms of wiring complexity and cabinet space. Wiring complexity is still the main reason why, even today, safety systems take the all-or-nothing approach instead of deactivating only the necessary machine sections. Examples where a zoned approach is a requirement are everywhere and the following situation can be found in automated drug packaging applications.

A safety enabling switch — activated and carried by the maintenance person – must allow the safety doors to be opened without shutting down the entire machine; the electron beam must certainly be deactivated. Enabling switch in hand, maintenance personal can perform adjustments to the pneumatic delivery system while the electron beam sterilization system remains safely deactivated. This situation is very similar to muting frequently used in light curtain applications.

Solving this application problem is certainly possible using the old hardwired approach. Unfortunately it is time-consuming, labor-intensive and difficult to troubleshoot.

« Start Prev 1 2 Next End»

The U.S. Government does not endorse any commercial product, process, or activity identified on this web site.