Functional machine safety using discrete wiring is an established way to protect workers from injury, and protect companies from the expense associated with accidents and downtime.

AS-Interface safety devices are connected directly to the simple, two-conductor network. The gateway (top left) interfaces with any of today’s dominant upper level networks (DeviceNet, PROFIBUS, EtherNet/IP), and allows the PLC to perform annunciation and diagnostics.

Historically, machine safety has been based on wiring redundancy of safety-rated input components (e-stops, light curtains, door interlock switches) to safety relays. Fundamentally, this technology is easy to understand. The only trouble with these methods is that they are complex unless the safety function is trivial in nature. For instance, most hardwired solutions take the all-or-nothing approach: as soon as one of the safe inputs activates, the entire system shuts down. This may be safe in most cases, but it is certainly not ideal in terms of productivity. Worse than taking a productivity hit is the fact that some well-established hardwired scenarios are actually NOT safe at all.

A large number of safety systems are constructed such that even in situations where a safety input device that has failed closed (i.e. a welded or sticky contact), the machine can be restarted! The figure on the next page illustrates this kind of problem.

In this case, a welded contact on the magnetic safety switches can easily go undetected, even if the safely relay goes into a safety lockdown state once it detects that only one REED contact opened. Unfortunately, operators can simply “overwrite” this by cycling one of the force-guided e-stops (or any other still functioning safety device on the cable run), thus “resetting” the safety relay. Once this happens, the machine can be restarted, even though the faulty safety device is still present.

In many safety systems, magnetic REED safety switches (green devices) and safety e-stops (yellow/red devices) are switched in series and connected to the inputs on a safety relay.

Safety engineers have known about these kinds of problems—and their solution— for a long time; connecting each safe input device to its one safety relay solves the problem. But the price for doing this is very high, not only in terms of dollars and cents, but also in terms of wiring complexity and cabinet space. Wiring complexity is still the main reason why, even today, safety systems take the all-or-nothing approach instead of deactivating only the necessary machine sections. Examples where a zoned approach is a requirement are everywhere and the following situation can be found in automated drug packaging applications.

A safety enabling switch — activated and carried by the maintenance person – must allow the safety doors to be opened without shutting down the entire machine; the electron beam must certainly be deactivated. Enabling switch in hand, maintenance personal can perform adjustments to the pneumatic delivery system while the electron beam sterilization system remains safely deactivated. This situation is very similar to muting frequently used in light curtain applications.

Solving this application problem is certainly possible using the old hardwired approach. Unfortunately it is time-consuming, labor-intensive and difficult to troubleshoot.

An alternative approach is using the AS-Interface Safety at Work. These safety input devices are simply connected to safety-rated, addressable input modules. Alternatively, dedicated safe-rated devices with integrated AS-Interface chips can be connected directly to the network, resulting in the greatest possible time saving and the cleanest possible layout.

Irrespective of how the safety input devices are connected to the network, the network is now used to transmit their state to the programmable Safety-Monitor, which replaces the safety relay in old, hardwired installation. From here on out, the logic behavior is defined in the software and specifying the necessary functionality is accomplished simply by combining “input blocks” with “logic-functions.” Diagnostics is easy and powerful and can be performed by any PLC connected to the network (either via a gateway or by means scanner cards connected to the PLC backplane. A typical setup uses e-stops and door interlock switches supporting zoned safety on a simple, two-conductor cable run.

AS-Interface Safety at Work reduces the amount of wiring by up to 90%, while adding significant flexibility. It prevents unsafe startups on hard-wired systems. The problem of deactivating the electron beam while the pneumatic system keeps running is easily solved using this safety networking technology.

This article was written by Helge Hornis, PhD, Manager of the Intelligent Systems Group of Pepperl+Fuchs Inc. (Twinsburg, OH). For more information, please contact Mr. Hornis at 330-486-0001, or visit .