5th Edition Supplement - Paragraf 34Safety-relevant functions 8/3 9 Fail-Safe Drives 9.1 G120 drive inverter 9/2 Overview 9/2 Benefits 9/3 Applications 9/4 Functions 9/5 Integration

6.3 Laser scanners SIMATIC FS600 6/26.4 Light curtains and light grids SIMATIC FS400 6/36.5 Technical data 6/4

7 Fail-Safe ControlsSIMATIC Safety Integrated

7.1 Standards 7/27.2 PROFINET-CPUs 7/2

SIMATIC ET 200pro 7/4Technical data 7/5

8 Fail-Safe Motion Control Systems

8.1 SINUMERIK 840D sl / SINAMICS S120 8/2Safety-relevant functions 8/3

9 Fail-Safe Drives

9.1 G120 drive inverter 9/2Overview 9/2Benefits 9/3Applications 9/4Functions 9/5Integration 9/8Technical data 9/9

10 Referencesrefer to the Safety Integrated System Manual, 5th Edition

11 Appendix

11.1 Terminology and abbreviations 11/211.2 References 11/611.3 Contact – Internet, Hotlines 11/611.4 Seminars available for safety technology,

Standards and Directives 11/711.5 Index 11/19

Content

1 Regulations and Standardsrefer to the Safety Integrated System Manual, 5th Edition

2 Specification and Design Safety-RelevantControl Systems for Machinesrefer to the Safety Integrated System Manual, 5th Edition

3 Connecting Sensors/Actuatorsrefer to the Safety Integrated System Manual, 5th Edition

4 Fail-Safe Communicationsusing Standard Fieldbuses

4.1 Fail-safe automation solutions with PROFINET 4/2and PROFIsafe

4.2 ASIsafe 4/5

5 Safety Industrial Controls

5.1 SIRIUS position switches 5/25.2 SIRIUS Emergency Stop 5/75.3 SIRIUS command and signaling devices 5/85.4 SIRIUS safety relays 5/11

3TK2845 “2x monitored start” 5/113TK2845 “agreement button” 5/123TK2845 “mechanical lock” 5/143TK2845 “solenoid lock” 5/16

5.5 ASIsafe 5/185.6 Safety Motorstarter ET 200 Solutions 5/21

Safety Motorstarter Solution Local 5/24Safety Motorstarter ET 200pro Solution Local 5/25Safety Motorstarter Solution PROFIsafe 5/28Safety Motorstarter Solution PROFIsafe for PROFINET 5/29

6 Fail-Safe Optical Sensors

6.1 Switching strips SIMATIC FS100 6/26.2 Light barriers SIMATIC FS200 6/2

Important note:The products described here have been developed to realize safety-relevant functions as part of a complete plant or machine. Generally,a complete safety-relevant system includes sensors, evaluation units,signaling devices and concepts for safe shutdown and stopping. Themanufacturer of a plant or machine is responsible for ensuring thecorrect overall function. Siemens AG, its local offices and affiliatedcompanies (in the following “known as Siemens“) is not in a positionto guarantee all of the properties and features of a complete plant ormachine which Siemens did not design.

Siemens does not accept any liability for recommendations which aregiven or implied in this Manual. It is important that all of the associatedproduct documentation is carefully observed in order to correctly usethe products. This Manual shall neither become a part of nor modifyany prior or existing agreement, commitment or relationship. The salescontract contains the entire obligation of Siemens. The warrantycontained in the contract between the parties is the sole warranty ofSiemens. Any statements contained in this Manual neither create newwarranties nor modify the existing warranty.

Foreword

Regulations and Standardsrefer to the Safety Integrated System Manual, 5th Edition 1

Specification and Design of Safety-RelevantControl Systems for Machinesrefer to the Safety Integrated System Manual, 5th Edition 2

Connecting Sensors and Actuatorsrefer to the Safety Integrated System Manual, 5th Edition 3

Fail-Safe Communicationsusing Standard Fieldbuses 4

Safety Industrial Controls 5

Fail-Safe Optical Sensors 6

Appendix 11

Fail-Safe Controls 7

Fail-Safe Motion Control Systems 8

Fail-Safe Drives 9

Referencesrefer to the Safety Integrated System Manual, 5th Edition 10

The PROFIsafe profile has been portedto PROFINET. This means that all of the prerequisites have been created for seamless, fail-safe, vertical and horizontal automation solutions basedon Industrial Ethernet. The PLC-basedsolution with PROFINET and PROFIsafemakes plant and machinery construc-tion far more straightforward and, atthe same time, more cost effective.It allows new, innovative solutions -but also allows existing bus systems to be integrated. The range of fail-safecontrollers and distributed I/O modulesis quickly growing.

PROFINET – the new standard forautomation

PROFINET has been developed by thePROFIBUS User Organization PNO. Thismeans that it is a non-proprietary, openstandard based on Industrial Ethernet.PROFINET consequentially uses FastEthernet with data transfer rates of100 Mbit/s and switching technology,utilizes established IT standards suchas TCP/IP - and is offering extensivefunctions for configuration, diagnos-tics as well as accessing process datavia the Internet.

Data transfer using TCP/IP or UDP/IPprotocols is completely adequate forcontrol sequences that are not criticalfrom a time perspective. Process datathat is critical from a time perspective -e.g. cyclic net data or event-controlledalarms - require, on the other hand,real-time data transfer. PROFINET usesan optimized real-time communicationschannel that with cycle times in therange of between one and ten milli-seconds reaches a performance that is comparable with any of the fieldbuses available in the market.PROFINET Isochronous Real-Time (IRT)with a cycle time under one milli-second with a jitter accuracy of lessthan one microsecond is available forespecially sophisticated tasks such asclock cycle synchronous motion controlapplications.

Distributed field devices can be inte-grated just the same as existing fieldbus systems using proxy technology.The system fulfills all requirementsregarding installation technology suit-able for industrial environments, sim-ple network administration and diag-nostics, protection against unautho-rized access and just recently, also fail-safe communications using conven-tional Industrial Ethernet components(refer to Fig. 4/1).

2 Safety Integrated System Manual

4 Fail-Safe Communicationsusing Standard Fieldbuses

Fig. 4/1

PROFINET, the comprehensive standard for the automation

4.1 Fail-safe automationsolutions with PROFINETand PROFIsafe

PROFINET and PROFIsafe

For many years now, safety-relevanttechnology has been integrated into the standard automation environmentbased on SIMATIC S7 controllers,PROFIBUS and PROFIsafe. This leading-edge solution has proven itself in manythousands of applications - and thatworldwide. The range of Safety Integra-ted products encompasses all of therequired components - from the sensorthrough the control up to the actuatorand is certified for safety levels up to SIL 3 (Safety Integrity Level) of IEC61508 and Category 4 of EN 954-1.

This portfolio has now been expandedto include PROFINET-capable compo-nents. Effective immediately, a com-plete product range with fail-safe con-trollers, fail-safe I/O and an appropriateengineering environment is available.This portfolio includes controllers forthe medium (S7-300) and upper (S7-400) performance ranges, digitalinput/output modules belonging to the ET 200S/pro distributed I/O systemas well as motor starters and driveinverters with degree of protectionIP20 and also IP65/67 for configura-tions that do not use enclosures andcabinets.

The new fail-safe S7-300 CPUs havePROFIBUS and PROFINET interfaces.The fail-safe ET 200 I/O modules caneither be operated on PROFIBUS orPROFINET using the appropriate businterface modules.

They have their own diagnostic mecha-nisms and automatically carry-out testsand checks for broken wires, short-cir-cuit and cross-circuit faults.

This means that a complete PLC-basedproduct range is available for safety-relevant applications under PROFIBUSand also PROFINET. The system require-ments of the user alone decide whichbus is actually used. Many componentscan be re-used when changing-overfrom one to the other bus.

PROFIsafe protocol

Communications between fail-safecontrollers and fail-safe I/O are estab-lished using the “PROFIsafe” protocolprofile that has been initially de-veloped for PROFIBUS DP. PROFIsafewas the first communications standardaccording to IEC 61508 that permitsstandard and safety-relevant communi-cations along one and the same bus.With SIL 3 and Cat. 4, PROFIsafe fulfillsthe highest requirements in the pro-duction and process industries.PROFIsafe has been checked and certi-fied by the German TÜV (GermanTechnical Inspectorate) and also by theBGIA (BG Institute for OccupationalSafety and Health).

Openness of PROFIsafe

While the error identification mecha-nisms of PROFIsafe V1.30 were suffi-cient for data transfer via PROFIBUS DP,the more extensive features of Ethernet/ PROFINET IO require, for example, alarger address space and expandedswitch technology functions in thePROFIsafe protocol. The new PROFIsafeprotocol supports 2 modes:

• the V1 mode that is compatibleto PROFIsafe V1.30 and

• the V2 mode that supports operation of PROFINET IO and PROFIBUS DP.

The PROFIsafe protocol V2 supportssafety-relevant communications for open standard busses - whether it is the proven PROFIBUS DP or all versions of the new, fast PROFINET IObus system. Using PROFIBUS PA (IEC61158-2), the seamless, distributedautomation extends down into theprocess world, e.g. for hazardous zones.Not only this, PROFIsafe also supportsstate-of-the-art radio-based systems viaWireless Industrial Ethernet.

Standard network components, e.g.switches, proxys can also be usedfor fail-safe communications.

Safety Integrated System Manual 3

4

Integrating existing networks

PROFINET also allows existing PROFIBUSnetworks and other fieldbus systemswith either standard as well as fail-safecommunications to be integrated. Thisallows composite systems to be config-ured comprising fieldbus and Ethernet-based sub-systems as well as a gradualtransition to PROFINET. Not only this, ithelps to protect investments that havebuses - allowing them to also be usedfor fail-safe communications.

The use of the proxy concept simplifiesthe integration of existing fieldbussystems but at the same time main-taining a high degree of transparency.On Ethernet, a proxy is the represen-tative for one or several fieldbusdevices (e.g. connected to PROFIBUS). It ensures transparent communicationsbetween the networks and, for instance,transfers cyclic data to the fieldbusdevices. As PROFIBUS master, a proxycoordinates data transfer betweenPROFIBUS nodes and devices.

At the same time, it is the Ethernetnode with PROFINET communications(Fig. 4/2).

In addition to proxies that are hardwired, proxies with wireless LAN con-nectivity can also be used on IndustrialEthernet, which permits completelynew automation solutions.


4 – Fail-safe communications using standard fieldbuses

Fig. 4/2

Fail-safe communications via PROFIsafe for PROFIBUS and PROFINET

New configuration software “asimon V2+”

As already described in the Safety Inte-grated System Manual (5th Edition),every safety monitor can be simplyconfigured using the PC-based asimonconfiguration software.

When using the new asimon V2+ soft-ware, the range of applications thatcan be addressed is significantly in-creased and service is also improved as a result of diagnostic functions thatare even more efficient.

Just as before, the safety-relevant logicis parameterized by dragging & drop-ping. All older monitor versions can beconfigured using the new asimon V2+software.

New functions - an overview

• It is simpler to commission the sys-temThe code sequence of safety AS-islaves is learnt step-by-step with diagnostic informationSelectable number of simulated slaves

• Simpler diagnostics via AS-Inter-faceA diagnostics index is assignedto the software function blockThe signal and relay outputsare signaled via AS-Interface


4.2 ASIsafe

4

Fig. 4/3

Diagnostics index assignment for PLC interrogation

Example of an application: Using thecommand “AS-i sorting”, the AS-iaddresses are assigned a fixed diagnos-tics index - e.g. AS-i address “1" =”diagnostics index 1".

• New function blocksMonitoring block “zero sequencedetection”Start blocks “activated via a standard slave” and “activated via the monitor input” (level sensitive)Block “operational ON/OFF switching via monitor input”

• Extended function blocksMonitoring blocks with selectable functions “local acknowledgment”and “starting test”Output blocks “door tumbler me-chanisms via delay time” and “door tumbler mechanism via zero speedmonitors and delay time” now optio-nally with STOP1 for enable circuit 1

The door tumbler mechanism is onlyactivated if the zero speed monitorissues an enable signal. If an enablesignal is not issued, then the door tum-bler mechanism is only re-activatedafter the selected delay time has ex-pired. This is used to secure the areaaround machines that have potentiallyhazardous motion.


4 – Fail-safe communications using standard fieldbuses

Fig. 4/4

Output block, door tumbler mechanism and zero speed monitor with delay time,

optionally with STOP1 for enable circuit 1

Overview

SIRIUS position switches are used to

• Detect the position of movingmachine parts and components

• Detect and sense hazardous motion of machine parts and components

• Monitor protective devices withhinged joints such as swiveling doors, hatches, etc.

• Monitor protective devices that canbe laterally shifted - such as slidingdoors, protective meshes etc.

Features

SIRIUS position switches offer

• A comprehensive range of productswith standardized enclosures and actuators

• Simple to mount solutions to detect and monitor hazardous motion and access areas.

• Standard device mounting acc. to Standards EN 50041 and EN 50047

• Maximum protection against tam-pering and manipulation of theprotective devices using, e.g. multi-ple coded, separate actuators

• Protective devices are monitoredup to Category 4 acc. to EN 954-1

• Integrated in the ASIsafe bus system

• High degree of protection, even for standard products

Applications

SIRIUS position switches are used,among other things, for the followingtasks:

• In the plant and machinery areato monitor protective barriers andaccess hatches on printing machines.

• Position switches with lockingmechanism are predominantlyused to monitor parts of the machine with increased potential hazard - such as robot cells. A pro-tective door is safely interlocked until the machine comes a standstill.

• Safety-relevant shutdown of amachine or system when the end-stop is reached, e.g. for elevators or escalators.

• Protective doors are monitoredusing magnetically-operatedswitches that are immune to manipulation when the switch is mounted so that it is covered - this also plays a significant role in areas requiring cleaning and disinfection.


5 Safety Industrial Controls

5.1 SIRIUS position switches


5As a result of the wide variety of actuators, enclosures and contact systems that are required in the field, SIRIUS 3SE position switches are convincing in almost every application.With positively opening contacts.Versions with dimensions, mounting points and characteristic values are available that arein compliance with Standards EN 50041 to EN 50047.

As a result of their significantly lower switching distance and precise switching points, our short-stroke switches ensure safety-relevant shutdown even for extremely short actuation travel.

Standard position switches

A wide variety of enclosures and actuator versions are available to monitor protective doors. Thanks to the multiple mechanically coded actuators, it is not possible to simply bypass the protective devices.With positively opening contacts.Locking mechanism:Position switches with separate actuator and locking mechanism keep a protective door inter-locked until the operating zone can be entered without incurring any danger. An electrical signal, e.g. from a standstill (zero speed) monitor controls the interlocking solenoids and therefore releases the protective door.

Mechanically locked (closed-circuit principle) and solenoid locked (open-circuit principle)versions with 4 contacts as standard are available.

Position switches with separate actuator/locking mechanism

Versions with a standard enclosure acc. to EN 50047 that are mechanically connected to thehinge axis as well as hinge-mounted switches with already mounted hinge are available.With positively opening contacts.The NC contacts already open at protective door opening angles of 4 degrees andissue the shutdown command. For versions with snap-action contacts, the signalingcommand (NO contact) is simultaneously issued with the shutdown command (NC contact).

Hinge-mounted switches

These contactless magnetically-operated switches offer a high degree of protection against manipulation. They are available in 3 different designs.

The safety-relevant evaluation and monitoring to achieve Category 4 according to EN 954-1 is realized using the 3TK284, 3SE6 safety relays, ASIsafe and F-SIMATIC.

Magnetically-operated switches

Design

• Standard switches:Modular design with replaceable modules (actuator head, enclosure, contacts).

• Separate actuator as well as switcheswith locking mechanism:Fixed contact unit can be combined with various actuators (standard ac-tuators, with lateral mounting and radius actuators).

• Hinge-mounted switches:Compact contact unit that is directly mounted on the hinged axis or with already pre-assembled hinge.

• Standard connections for mechanicalposition switches:Metric glands, preferably M20x1.5. Versions with M12 connector and multi-pole connectors are available.

• Magnetically-operated switches:Compact, device cast in resin withconnecting cables.

Examples

1. Standard switches:

Sense end positions and endstops ontool slides in special-purpose machin-ery construction

2. Switches with separate actuator:

Monitor protective doors on automaticproduction equipment


5 – Safety industrial controls

3. Hinge-mounted switches:

Monitor access hatches for woodwork-ing machines

4. Magnetically-operated switches:


5

Monitoring unit Magnetically-operated switch Category reached

acc. to E 954-1

Contact blocks Switching signal

1. SIRIUS safety combination 3TK284 Electronic

2. SIRIUS safety combination 3TK285 Electronic

with auxiliary relays

3. SIRIUS safety load feeders 3RA7. Electronic

4. ASIsafe 3RKl.

5. SIMATIC ET 200S 48F-DI DC 24 V 3SE6605-1BA 3SE6704-1BA

PROFIsafe (1 NO/1 NC , M80)

3SE6605-2BA 3SE6704-2BA

(1 NO/1 NC , 25x88)

6. SIMATIC ET 200M SM826 DI 24 V 3SE6605-3BA 3SE6704-3BA

(1 NO/1 NC, 25x33)

SIMATIC S7-300F SM826 DI 8 Namur 3SE6604-2BA 3SE6704-2BA

(2 NC, 25x88 mm)

Possible combination – monitoring unit – magnetically-operated switch

3SE6604-2BA

(2 NC, 25x88mm)

3SE6404-2BA

Cat. 4



Standard position switches • Positively opening contacts, acc. to IEC 947-5-1

• High contact reliability even at 5V DC / 1mA

• Suitable for ambient temperaturesfrom -35° to +85°C

• Extremely high mechanical endurance (30 million switching operations)

• High IP67 degree of protection• Various NC/NO contact versions - up to

4 contacts are possible• Enclosure in compliance with EN 50041,

EN 50047 and special designsPosition switch with • Moulded plastic or metal enclosure in separate actuator/ IP66 and IP67locking mechanism • Enclosures acc. to EN 50047, EN 50041

and special designs • Safety standard for protective door

interlocking functions acc. to EN 1088• 4 or 5 approach

directions• High degree of protection IP65 or IP67• Mechanical endurance 1x106

operating cycles• Ambient temperature from –30° to +85°C• Various NC/NO contact versions - up to

4 contacts possible, as well as positionmonitoring of the actuator and the interlockingsolenoids with up to 2 contacts.

Hinge-mounted switches • Enclosure acc. to EN 50047 for hinge mounting1NO/1NC snap-action contacts, 5 degree of 15degree switching point

• Switch with integrated hinge for 40 mm profile, 4 degree switching point, 1 NO contact/2 NC contacts slow action contacts

SIRIUS position switches

Technical data

Overview

SIRIUS Emergency Stop switches areactuated by operating personnel andare used to manually shut down plants and systems when hazards occur (acc.to ISO 13850 (EN 418)).

Features

SIRIUS Emergency Stop switches distin-guish themselves as a result of:

• Extensive product range with variousEmergency Stop operator components- rotate to release- pull to release- key-operated release

• Can be simply and quickly mounted• Plastic and metal versions• Embedded - among other things in

the AS-Interface bus system

The following advantages are obtained:

• Can be used up to Category 4 acc. toEN 954-1 thanks to the positively-opening NC contacts

• High degree of protection up to IP67• Harmonized range of command and

signaling devices• Directly connected to ASIsafe, direct-

ly connected to the yellow profiled cable

Applications

In all types of plants and machines,Emergency Stop command devicesallow plants and systems to be manuallyshut down when hazards arise and areused in the following industry sectors:

• General machinery construction• Automation technology• Special machine construction• Woodworking industry• Machine tool construction• Food & Beverage industry

Product family/productgroups

The family of SIRIUS command devicesincludes, in addition to Emergency Stopactuators:• Pushbuttons• Indicator lights• Selector switches• Key-operated switches• Emergency Stop command devices

These devices are available either inround or square moulded-plastic ver-sions as well as in round metal ver-sions.

The Emergency Stop command devicescan be used up to Category 4 acc. toEN 954-1. They all have positively-opening contacts.

3TK28, ASIsafe and F-SIMATIC are usedto safely evaluate and monitor to achieveCategory 4 using a safety module.

Design

The command devices have a modulardesign and comprise actuator elementssuch as Emergency Stop, pushbuttonas well as a holder to retain the devicein the front panel and the contact ele-ments and lamp sockets that can besnapped-in.

The actuator element is mounted in astandard 22.5 mm front panel hole andretained from the back with the holder.Contact blocks and lamp sockets aresnapped onto the rear of the actuatorelement.

Contact blocks and lamp sockets areavailable with screw terminals, CageClamp terminals (spring-loaded termi-nals) as well as with solder pins forsoldering into printed circuit boards.

Example

Automated production line with Emer-gency Stop control devices located atexposed positions. These are used tomanually shut down the line or modulewhen a hazard occurs.


5.2 SIRIUS EmergencyStop

5

Degree of protection IP66 (plastic versions)IP67 (metal versions)

Mounting hole 22.3 mm+0.4 mm

(round designs, plastic and metal)26 x 26 mm (square plastic versions)

Rated operating voltage 400 V, AC 12Rated operating current 10 V, AC 12Contact reliability 5 V, 1 mA(test voltage, current)

SIRIUS Emergency Stop

Technical data


Overview

SIRIUS command devices are used tomanually shut down plants when haz-ards occur. They are activated by oper-ating personnel. Classic EmergencyStop command devices (acc. to ISO13850 (EN 418)) are available for thispurpose.

SIRIUS signaling devices are used tovisually and acoustically signal machineand plant states. Signaling devices areavailable for the modular range of“SIRIUS 3SB3 command and signalingdevices” as well as 8WD signalingcolumns with a comprehensive rangeof accessories.

Features

SIRIUS command devices include:

3SE7 cable-operated switches

• Emergency Stop function acc. to ISO 13850 (EN 418)

• Versions for cable lengths upto 100 m

• LED signal display with high intensity

• Monitoring function for cable breakage and cable tension

• Integrated ASIsafe

SIRIUS command devices include:

Signaling columns 8WD4

• Modular design, up to 5 modulesper column

• Simple to mount and change lamps without tools

• Connected to AS-Interface• High IP65 degree of protection• Extensive range of accessories

Applications

SIRIUS command and signaling devicesallow machines and systems to be man-ually shut down when a potentiallyhazardous situation occurs and aremainly used in the following industrysectors.

• General machinery construction• Automation technology• Special machine construction• Woodworking industry• Machine tool construction• Food & Beverage industry

Cable-operated switches are used inplants extending over a wide area - forexample, transport conveyor belts inopen-cast mining or material feederbelts for printing machines.


5.3 SIRIUS command and signaling devices


5Product family/product groups

System comprising cable-operated switch and cable.

Cable-operated switches are, depending on the length of cable required, available in various designs. Cable lengths of up to 100 m are possible. Different contacts are available for eachdesign.In order that the state of the cable-operated switch is still visible at a distance, the switch can be equipped with an LED signal display.Extensive range of accessories.

3SE7 cable-operated switches

Available elements:Steady-light, flash, rotating beacon, repeated light flash and siren elementsColors: Red, yellow, green, blue, clear (white) Devices are connected using screw and Cage Clamp terminals.Up to 5 elements can be mounted in each signaling column. Various acoustic modules up to 105 dB are available.

8WD signaling columns can be directly connected to the AS-Interface bus system through the ASI module that can be integrated - even using A/B technology.

Downtimes can be minimized using the new GSM radio element thus increasing productivity.When the individual signal elements are energized, the GSM element sends an appropriate SMS to a cellular telephone. Easy to commission without any programming costs. The GSM frequency of either 900 or 1800 MHz means that it can be used in all of the usual European networks.

8WD signaling columns

Design

SIRIUS 3SB3 command devices have a modular design and comprise actua-tor elements such as Emergency Stop,pushbuttons as well as holders formounting in front panel holes andcontact blocks and lamp sockets thatcan be snapped in.

The actuator element is mounted in astandard 22.5 mm front panel hole andretained from the back with the holder.Contact blocks and lamp sockets aresnapped onto the rear of the actuatorelement.

Contact blocks and lamp sockets areavailable with screw terminals, CageClamp terminals (spring-loaded termi-nals) as well as with solder pins forsoldering into printed circuit boards.



3SE7 cable-operated switch • Metal enclosure in degree of protection IP65• Electrical load capability AC 15 AC 400 V, 6 A• Short-circuit protection 6A (slow-acting)• High IP65 or IP67 degree of protection• Mechanical endurance >1x106 operating cycles• Ambient temperature from –25o to +70oC• Various NC/NO contact versions - up to

4 contacts are possible8WD signaling columns • Connecting element: Rugged thermoplastic

enclosure• Light elements: Thermoplastic • Operating voltages: 24 V AC/DC, 115 V AC

and 230 V AC• High IP65 degree of protection • Ambient temperature from –30o to +50oC• 8WD44 ASI elements:

Addressing socketStatus LEDs for diagnosticsCan be changed-over to an external auxiliary voltageA/B technology

• 8WD44 GSM radio element: Frequency, 900 or 1800 MHz24 V DC


Technical data

3TK2845 “2x monitoredstart”

Description

For the “2x monitored start” version,sensor block C is equipped with a moni-tored start instead of an automaticstart. Both sensor inputs are acknowl-edged using a common “ON” button.

The cascading input is implemented as“automatic start”.

A device version is also available whereoutput blocks III and IV are switched-out with a delay.

Application

This version can, for example, be usedfor the following applications.

Sensor block B: Emergency Stop command device(manual/monitored start)

Sensor block C: Protective door(manual/monitored start)

Many production cells, e.g. robot cellsare secured using protective doors andEmergency Stop command devices.When servicing or loading the robot,the operator opens the protectivedoor and enters the hazardous area. In order to prevent the robot restart-ing if the protective doors closes be-hind him or is accidentally closed, themachine restart must be consciouslyacknowledged using the “ON” button.


55.4 SIRIUS safety relays

The key-operated switch is in the “OFF”position• Emergency Stop shuts down all out-

puts• The protective door shuts down all

outputs• The machine restarts when the

Emergency Stop is released, theprotective door is closed by pressing“ON”

The key-operated switch is in the “ON”position• The key-operated switch de-ener-

gizes K3 and K4 (they drop out)• The protective door function is by-

passed, K1 and K2 remain energized• Emergency Stop additionally de-

energizes K1 and K2 (they drop out)

3TK2845 “agreement button”

Description

The “agreement button” version is usedto connect and evaluate an agreementbutton. In conjunction with a 3TK2841it is possible to also incorporate anEmergency Stop. There is also a deviceversion available where output blocksIII and IV are switched-out with a delay.



Application

This circuit is used in applications whereoperation must continue although per-sonnel are in the hazardous zone.

In order that the operator is still pro-tected, he carries an agreement buttonwhen he enters the hazardous zone.

The machine is shut down if the ope-rator makes a sudden movement as aresult of a reflex (e.g. he releases theagreement button or presses the agree-ment button past its center position).

Circuit example

The key-operated switch is in the “OFF”position

The agreement button does not haveany function here. If the door is actuat-ed, all outputs are shut down. Emer-gency Stop shuts down the outputs viathe cascading input.

The key-operated switch is in the “ON”position

All of the outputs are shut down whenthe key-operated switched is changed to “ON”. The agreement button is nowactivated. When the operator brings theagreement button into the appropriateposition, then the outputs are again en-abled (switched-in) even when the dooris open. Just as before, Emergency Stophas a higher-level shutdown function.


5

3TK2845 “mechanical lock”

Description

The “mechanical lock” version is provid-ed to connect a position switch lockedusing spring force. For this version,output blocks III and IV are alwaysswitched-in with delay. One of thesetwo outputs must be used to controlthe solenoid.

Application

The mechanical lock is used where ma-chines still run-on after they have beenpowered-down. In order to preventanybody entering the hazardous zoneduring this run-on time, the protectivedoor is interlocked until the hazardousmotion has come to a stop.



Circuit example

Emergency Stop:

Output blocks I and II are immediatelyshut down if Emergency Stop is actuat-ed. Blocks III and IV remain shut down.The equipment is only restarted againafter releasing the Emergency Stop andpressing the “ON” button.

Releasing the door:

If the door release is actuated, outputblocks I and II immediately shut down.After the selected time has elapsed,output blocks III and IV are switched-inand the door interlocking withdrawn.The equipment is restarted with the“ON” button with the door closed.

Cascading input:

If the cascading input is de-energized,the equipment responds just the sameas for an Emergency Stop. The cascad-ing input is implemented as an auto-matic start.


5

3TK2845 “solenoid lock”

Description

The “solenoid lock” version is used toconnected a position switch interlockedusing spring force. For this version,output blocks III and IV are alwaysswitched-out with a delay. One ofthese two outputs must be used tocontrol the solenoid.

Application

The solenoid lock is used for machinesthat continue to run-on after they haveprevent anybody entering the hazardouszone during this run-on time, the pro-tective door is interlocked until the haz-ardous motion has come to a stop.



Circuit example

Emergency Stop:

Output blocks I and II are immediatelyshut down if Emergency Stop is actuat-ed. Blocks III and IV remain switched-in.The equipment is only restarted againafter releasing the Emergency Stop andpressing the “ON” button.

Releasing the door:

If the door release is actuated, outputblocks I and II immediately shut down.After the selected time has elapsed,output blocks III and IV are switched-inand the door interlocking withdrawn.The equipment is restarted with the“ON” button with the door closed.

Cascading input:

If the cascading input is de-energized,the equipment responds just the sameas for an Emergency Stop. The cascad-ing input is implemented as an auto-matic start.


5

2x monitored start 3TK2845-1DB4x Screw terminal Instantaneous 0.05 – 3 s 0.05 – 30 s 5 – 300 s

Agreement button 3TK2845-1EB4x Screw terminal Instantaneous 0.05 – 3 s 0.05 – 30 s 5 – 300 s

mechanical lock 3TK2845-1FB4x Screw terminal -- 0.05 – 3 s 0.05 – 30 s 5 – 300 s

solenoid lock 3TK2845-1GB4x Screw terminal -- 0.05 – 3 s 0.05 – 30 s 5 – 300 s

Version Order No. [MLFB] Terminal x=0 x=1 x=2 x=4

2x monitored start 3TK2845-2DB4x Spring-loaded terminal Instantaneous 0.05 – 3 s 0.05 – 30 s 5 – 300 s

Agreement button 3TK2845-2EB4x Spring-loaded terminal Instantaneous 0.05 – 3 s 0.05 – 30 s 5 – 300 s

mechanical lock 3TK2845-2FB4x Spring-loaded terminal -- 0.05 – 3 s 0.05 – 30 s 5 – 300 s

solenoid lock 3TK2845-2GB4x Spring-loaded terminal -- 0.05 – 3 s 0.05 – 30 s 5 – 300 s

Version Order No. [MLFB] Terminal x=0 x=1 x=2 x=4

Reference - follow-on

Overview, features/customer benefitsas well as function/design and applica-tion areas were discussed in Chapter4.2 (Safe communications via standard

fieldbuses; Section ASIsafe in the SafetySystem Manual, 5th Edition).

Following-on from this, the productrange will now be individually de-scribed.



5.5 ASIsafe

The safety monitor is the core element of ASIsafe. The safety monitor (basic) monitors data transferred via AS-Interface (master calls - responsefrom safety slaves).Additional functions are possible using the new enhanced safety monitor. A larger working memory (RAM) allows complex applications to be configured. Brief shutdown operations are saved in a buffer memory for diagnostic purposes. The logical functions can be linked with one another and cascaded. Additional timers have been integrated for switch-in and switch-on delay and also pulse functions.Removable terminals are new - they ensure simple installation and fast replacement.

Safety monitors

Emergency Stop devices can be directly connected using the Standard ASI Interface withsafety-relevant communications. This applies to Emergency Stop devices from the range of SIRIUS 3SB3 command devices that are mounted in front panels and for mounting in an enclosure. An Emergency Stop device mounted in a front panel can be directly connected to the AS-Interface via a safety module.

SIRIUS Emergency Stop

Various AS-Interface capable enclosures equipped with 3SB3 command devices can be implemented with safety-relevant connection for an Emergency Stop.Command and signaling devices can be arranged in enclosures according to customerspecifications. These can be configured using a configurator that can be found under thefollowing link:

http://www.siemens.de/sirius-befehlen

Emergency Stop in enclosures


SIRIUS position switches can be directly connected using the standard AS-Interface with safety-relevant communications. There is a direct connection available for this purpose, that is mounted onto the position switch thread. This means that the components for the safety functions no longer have to be conventionally wired.


The light curtains and light grids, Category 4 according to EN 954-1 offer active opticalprotection for persons at machines.They can be optionally directly connected to AS-Interface in a safety-relevant fashion.

SIMATIC sensors

The laser scanner is an optical electro-sensitive protective device to secure hazardous areas. It has a radius of up to 4 m. The AS-Interface version permits a direct safety-relevant connectionto be established.

SIMATIC sensors

The compact K45F safety module is equipped with 2 safety-relevant inputs for electro-mechanical transmitters and sensors.In operation up to Category 2 according to EN 954-1, both inputs can be separately used.However, the module has a 2-channel input if Category 4 is required.

K45F safety module

5



The compact K60F safety module is equipped with 2 safety-relevant inputs for electro-mechanical transmitters and sensors.Both inputs can be separately used in operation up to Category 2 according to EN 954-1. However, the module has a 2-channel input if Category 4 is required. The module also has two non-safety-relevant outputs. K60F is available in two versions:• Power supply for the outputs via the yellow cable • Auxiliary power supply for the outputs via the black cable (Vaux.)

K60F safety module

The safety SlimLine Module S22.5F has 2 “safety” inputs for electro-mechanical sensors and allows safety-relevant signals to be connected to ASIsafe in local electrical cabinets and boxes.Both inputs can be separately used for operation up to Category 2. The module has a2-channel input if Category 4 is required.

Two S22.5F module versions have been recently included in the range, which in addition to the two safety-relevant inputs, also have two standard outputs. They are either supplied from the yellow AS-Interface cable or via the auxiliary voltage from the black 24 V DC cable.The safety SlimLine modules S22.5F are suitable for use in control cabinets and local electrical enclosures. They have removable terminals for simple installation/replacement.

S22.5F safety module

The new AS-Interface Analyser is the ideal supplement for local diagnostics of the AS-Interface Networks.The quality and function of an AS-Interface installation can be completely checked using the analyser - this significantly speeds-up commissioning. Monitoring, evaluating and preventive investigation of the AS-Interface network are simpler and more detailed. An LED display directly at the unit allows the network to be monitored without having to use a note-book. Further, the analog I/O signals and the state of the safety slaves are nowdisplayed. Preventive diagnostics is simplified as a result of the newly introduced "common error signal". Thanks to the further optimized operator navigation, users with somewhat less ex-perience can start to use the “Expert Mode”.

AS-Interface Analyser V2

The basic and comprehensive AS-i diagnostics is now supported by the HMIpro operator soft-ware TRANSLINE 2000 package.It is now possible to simply engineer the system in a standard way as pre-configured screensare being integrated - and now also taken into account ASIsafe Slaves. Users are provided with a fast overview from where they can call-up detailed information about all of the plant and system components.All of the diagnostic functions of the AS-i bus can be displayed at any time on the HMI screen via the control (PLC) and graphically displayed next to the master diagnostics (when slaves fail, etc.).

Transline 2000

Overview

As part of the SIMATIC ET 200 distrib-uted I/O system, all motor starters areintegrated into the existing automationsystem via PROFIBUS or PROFINET. The finely modular system architectureguarantees optimum integration of all

applications with reference to individ-ual machines or complete plants. Thisis true for the production as well as forthe process industry. The direct or re-versing motor starter for ET 200S andfor ET 200pro can be combined withsafety systems. They are used whereverit is decisive to reduce engineering

costs, wiring and equipment - but alsowhere availability and flexibility counts.


55.6 Safety MotorstarterET 200 Solutions

• Direct and reversing starters

• Power range up to 12 A / 5.5 kW

• Self-establishing power bus

ET 200S up to 40 A

ET 200pro up to 25 A

Motorstarter Standard Motorstarter High Feature Motorstarter Failsafe

• Direct and reversing starters

• Low number of versions as a result

of the wide range overload protection

• Selective motor protection concept

that can be parameterized via the bus

• Remote reset

• Power fed via

PROFIBUS/PROFINET

• Power range

ET 200S to 16 A / 7.5 kW

ET 200pro to 12 A / 5.5 kW

• Self-establishing power bus:

ET 200S up to 50 A

ET 200pro up to 25 A

• Short-circuit strength, ET 200S:

Coordination type, Category 2

• Extensive diagnostic functions

In addition to all of the features of Motor-

starter High Feature, ET 200S Motorstar-

ter Failsafe also offer:

• Intrinsically safe, based on a self-moni-

toring function certified by the German

Technical Inspectorate (TÜV) and inter-

nal redundant shutdown in compliance

with Category 4 acc. to EN 954-1 and

SIL 3 acc. to IEC 61508

• Assigned to one of 6 safety-relevant

shutdown groups

ET 200pro Station with motor startersStandard and High Feature

ET 200pro Station with motor startersStandard and High Feature

ET 200pro Station with motor startersFailsafe

The Safety Motorstarter ET 200 Solu-tions allow motors to be shutdown in a safety-relevant fashion and are pre-destined for all applications up toCategory 4 according to EN 954-1 orSIL 3 according to IEC 61508. Theycomprise:

• Safety modules• Motorstarter Standard• Motorstarter High Feature• Motorstarter Failsafe (ET 200S)

The topmost objective is to offer anoptimum and highly effective safety

concept that takes into account trends in automation technology and the appropriate standards - and is also accepted in the field. This is the reason that two different multi-functional safety concepts are avail-able:



Fig. 5/1

Safety Motorstarter ET 200S Solutions: Defining the optimum solution

* Hot swapping: A device is replaced in operation

without any consequences for the operational

CPU and motor starter.


5

Safety Motorstarter SolutionLocal

From the perspective of safety systems,this solution is frequently used for safe-ty-relevant applications that are limitedin terms of their geographical extent.They operate autonomously and do notrequire a safety-relevant control. It isnot necessary to specifically programthe safety system.

For Safety Motorstarter ET 200 SolutionLocal, the motor starter versions Stan-dard, High Feature and Failsafe (for ET 200S) can be seamlessly used. Thesafety-relevant sensors are directly con-nected to the safety modules. Depend-ing on the selected function, theseswitch downstream motor starters in asafety-relevant fashion. Further, all ofthe signals from the modules are auto-matically transferred as diagnostic sig-nals - for example when cross-circuitfaults occur in Emergency Stop circuits.

When combined with external safetyrelays or ASIsafe, then Safety ModulePM-DFX1 is specifically used for ET200S. This allows up to 6 shutdowngroups to be fed. This means that in-dividual Motorstarter Failsafe can beshutdown in a safety-relevant fashion -either selectively or cascaded.



Fig. 5/2

Integrating command and detecting devices

Fig. 5/3

Integrating external safety circuits

Safety Motorstarter ET200pro Solution Local

The new standard for applicationswithout electrical cabinets

Any three-phase loads can be protectedand controlled using the ET 200promotor starters. These are an integralpart of the ET 200pro distributed I/Osystem and are implemented in a highIP65 degree of protection. This meansthat they are optimally suited for use in modular, distributed I/O withoutelectrical cabinets or enclosures. Thelow variance (2 devices up to 5.5 kW)optimizes engineering and stock inven-tory costs.

They are directly connected to PROFIBUSor PROFINET, which ensures transpar-ent automation structures. This alsoapplies to the extensive diagnosticfunctions regarding transferring thecurrent value or tripping frequency.

The motor starter option that can beordered with 400 V AC brake outputoffers the possibility of controlling mo-tors equipped with a 400 V AC brake.Autonomous special functions can beimplemented with the 4 locally effec-tive inputs on the Motorstarter HighFeature. These inputs operate inde-pendently of the bus and higher-levelcontrol, e.g. as fast stop for valve con-trol systems or end stop shutdownfunctions.

All 400 V components have power con-nectors with interlocking clips in com-pliance with ISO 23570 connection sys-tems.

Safety Motorstarter Solution Local areused for safety-relevant applications.These comprise:

• the Safety Local Isolatorand

• the 400 V Disconnecting Module

A safety level corresponding to Category4 can be achieved with the appropriatecircuit.

Safety Local Isolator Module

The Safety Local Isolator Module withthe load disconnector function andintegrated group fusing function is an isolator that can be parameterizedusing a DIP switch with integrated safety evaluation functionality.

It is used to

• Connect a 1 or 2-channel EmergencyStop circuit (protective door or Emer-gency Stop button).

• When an Emergency Stop is issued,it is used to shut down the 400 V disconnecting module up to Catego-ry 4 acc. to EN 954-1 / SIL 3 acc. to IEC 61508. This safely disconnectsthe 400 V.

• Selectable starting behavior (autostart / monitored start) using a shift switch.

• Safety output, e.g. to control thelocking mechanism (locking sole-noid) of a protective door monitoringswitch.


5

Fig. 5/4

Safety Local isolator module and 400 V disconnecting module

400 V Disconnecting Module

The 400 V Disconnecting Module canbe used in conjunction with the SafetyLocal Isolator Module for local safety-relevant applications up to Category 4according to EN 954-1 / SIL 3 accordingto IEC 61508. It contains two contac-tors connected in series to disconnectthe main circuit in a safety-relevantfashion. A safety rail in the backplanebus module is used to provide the aux-iliary power supply of the device. It isused to

• Disconnect the main circuit supply,

• Signal the status of the module function via bus,

• Feed in power, loop-through the power at the front using powerconnectors with clip interlocking according to ISO 23570 connectionsystems.

Command and detecting devices as wellas signals from external safety circuitscan be integrated in a safety-relevantapplication with ET 200pro motorstarters using the Safety MotorstarterET 200pro Solution Local. The advan-tages include the low wiring costs andthe high IP65 degree of protection. Thismeans that a safety-relevant applicationcan be directly and optimally implemen-ted in a plant or system.



Fig. 5/5

Safety Motorstarter ET 200pro Solution Local

Technical data


5Mounting dimensions (W x H x D) in mm

• Direct and reversing starters mm 110 x 230 x 170 110 x 230 x 150Permissible ambient temperature• in operation oC -25 ... +55• during storage oC -40 ... +70Permissible position in use AnyVibration strength acc. to IEC 60068, Part 2-6 2 gShock strength acc. to IEC 60068, Part 2-27 Semi-sinusoidal 15 g/11 msCurrent drain • from the auxiliary circuit L+/M (U1) mA Approx. 20• from the auxiliary circuit A1/A2 (U2) –Rated operating current for power bus Io A 25 16Rated operating voltage Vo V 400Approval DIN VDE 0106, Part 101 V to 500CSA and UL-listed V to 600Connection cross-sectionsPower infeed mm2 max. 6 x 4Degree of protection IP 65Shock hazard protection Safe to finger touchDegree of pollution 3, IEC 60664 (IEC 61131)Rated withstand voltage strength Vpulse kV 6Rated insulating voltage VI V 400Rated operating current for starter IoAC-1/2/3 at 40 oC• at 400 V A 25 16• at 500 V A 25 16Rated short-circuit interrupting capacity kA 50 at 400 VCoordination type acc. to IEC 60947-4-1 2Protective separation between main and auxiliary circuits V 400, acc. to DIN VDE 0106. Part 101Switching times at 0.85 ... 1.1 x Vo• Closing delay ms – 25 ... 100• Opening delay ms – 7 ... 10Device functions• Group diagnostics Yes, can be parameterizedDevice displays• Group fault SF-LED (red)

General data Safety Local Isolator Module 400V Disconnecting Module

Safety Motorstarter SolutionPROFIsafe

This solution is the optimum one if thesafety system at the control level (safe-ty-relevant control) is required for espe-cially sophisticated safety-relevant ap-plications that are networked with oneanother. Standard and safety-relevantcommunications are realized through a single bus system - PROFIBUS orPROFINET with the PROFIsafe profile.

As a result of the PROFIsafe profile,safety functions are available through-out the complete network. This meansthat the Safety Motorstarter SolutionPROFIsafe (specifically for ET 200S) per-mit selective and safety-relevant shut-down of individual Motorstarter Fail-safe, safety-relevant shutdown of indi-vidual Motorstarter Failsafe or a safety-relevant shutdown of a group of Stan-dard or High Feature motor startersdepending on the plant or system re-quirements. It is not important to knowwhich I/O station the safety-relevantcommand devices were connected.Within the scope of the DistributedSafety concept, all sensors and actua-tors can be freely programmed inStep7. This means that this solutionoffers a previously unknown degree offlexibility and reduced wiring for appli-cations in plants or systems extendingover a wide area or where it is neces-sary to sporadically modify the assign-ment of the safety segments.

The Safety Module PM-DF PROFIsafereceives the shutdown signal from theET 200S interface module and safelyshuts down between 1 and 6 shutdowngroups. Whereby, each individual Mo-torstarter Failsafe can be freely as-signed. For PROFIsafe applications, thissafety module can be used, when re-quired, to selectively shut down motor

starters or fail-safe frequency invertersin a safety-relevant fashion.

The interface between PROFIsafe andsystems utilizing conventional safety

technology is established through theFailsafe Contact Multiplier (F-CM) with4 floating contacts. This F-CM can befreely used in the station.



Fig. 5/6

Safety Motorstarter ET 200S Solution PROFIsafe

Safety Motorstarter SolutionPROFIsafe for PROFINET

PROFINET - the open and innovativeIndustrial-Ethernet standard fulfills allof the requirements in the automationenvironment. The acceptance ofPROFINET in the market is continuallyincreasing as a result of a wide rangeof advantages (e.g. real-time capability,deterministic mechanism, simple net-work administration, safety-relevantcommunication, ...).

With PROFINET, cyclic communicationsare realized between an IO controllerand its IO devices just the same as forPROFIBUS. Together with its IO devicesor systems, a controller forms aPROFINET IO system.

These IO devices - as distributed I/O -allow, just the same as for PROFIBUS,the use of motor starters ET 200S(IP20) or ET 200pro (IP65) for safety-relevant applications. The existing Ger-man Technical Inspectorate certificates

(TÜV) apply specifically to the ET 200 SI/O system for safety modules (with ex-isting PROFIsafe driver adaptation) andfor fail-safe motor starters independentof the bus system for safety levels upto SIL 3 of IEC 61508 and Category 5of EN 954-1.


5

ET 200 Configurator software

The ET 200 Configurator software is listedin Catalog CA01 and can also be down-loaded from the Internet at no charge:

http://www.siemens.de/sirius-startenorhttp://www.siemens.de/ET200S

Crushing edges at many machines andother pieces of equipment represent a risk of hazard. In situations such asthese, the best form of security is rub-ber switching strips, that stop the po-tentially hazardous motion in a fail-safefashion. They can also prevent injury byacting as a buffer.

The rubber profile (signal transmitter)is optically monitored using a fail-safesend/receive sensor, that is inserted inthe profile from the outside. It can becut to size on-site so that it can be usedfor applications of any length.

Electro-sensitive light barriers are espe-cially suitable if there is little spacewhen securing access to hazardouszones, dangerous locations or accesspoints. These light barriers have anIP65 degree of protection and in Cate-gory 2 have a range of up to 150 m.The light barriers, Category 4 with arange of 60 m are equipped with infra-red light whose frequency is modulatedand have an integrated dust monito-ring function. In conjunction with addi-tional evaluation units, start/restart in-hibit, contactor monitoring or mutingfunctions are possible.

The LS4 laser scanner is an optical dis-tance sensor to flexibly secure hazar-dous zones. It emits safe laser pulses and by evaluating reflections, the scan-ner detects persons and objects and responds corresponding to the pro-grammed protective fields.


6.1 Switching stripsSIMATIC FS100

6 – Fail-safe optical sensors

6 Fail-Safe Optical Sensors

6.2 Light barriers SIMATIC FS200

6.3 Laser scanners SIMATIC FS600

The electro-sensitive and active opto-electronic light curtains and light gridsfor Category 2 and 4 acc. to EN 954-1 protect operating personnel at or closeto operational machines and equipment.They are especially immne to noise anddisturbances and have a high availabili-ty as a result of the specially developedintegrated circuits (ASICs) and a paten-ted, intelligent evaluation technique. A wide range of functions, such as start/restart inhibit, contactor monitoring, muting, cyclic control and blanking per-mit an extremely wide range of applica-tion to be addressed. Whether for pro-tecting fingers and hands, to horizon-tally secure hazardous zones or to secu-re access points. Versions are availablethat can be connected to ASIsafe. A light curtain or light grid comprises a transmitter and a receiver that are mounted opposite to one another. Depending on the resolution and length, a specific number of transmit-ting and receiving diodes are located one above the other. The infrared LEDsof the transmitter send short light pul-ses that are received by the associated receiver diodes.

Light curtainsSIMATIC FS400

Benefits

Integrated functions

• Start/restart inhibit• Contactor monitoring• “Blanking” function package with

fixed blankingfloating blankingreduced resolution

• “Muting” function package• Multi-scan function• Cycle control

Configuration

• Using an opto-magnetic teach-in key• Configuration data is transferred

using a plug-in configuration card• 2 data transfer channels• Host and guest devices can be

cascaded• Extended display (2 x 7 segments)

Outputs/connections:• Local interface• Cable gland• Hirschmann connector• Brad-Harrison connector• Transistor outputs• Relay outputs• Connection to ASIsafe

Design

A light curtain or light grid comprises a transmitter and a receiver that are mounted opposite to one another. De-pending on the resolution and length,a specific number of transmitting and receiving diodes are located one abovethe other. The infrared LEDs of the transmitter send short light pulses that arereceived by the associated receiver dio-des.

Light curtains and grids 3RG78 42and 3SF78 42 for Catgory 4 acc. toEN 954-1

• Resolutions 14, 30, 50 and 90 mm,• Protective field heights from 150

to 3000 mm,• 2, 3 or 4-beam light grids.• Host and guest devices can be

cascaded for higher protectivefield heights or lengths - or forangled arrangements

Light curtains and grids 3RG78 44 and 3SF78 44 with integrated evalu-ation for Category 4 acc. to EN 954-1

• Resolutions 14, 30, 50 and 90 mm,• Protective field heights from 150 mm

to 3000 mm,• 2, 3 or 4-beam light grids,• Transceiver, 2-beam with deflecting

mirror• Host and guest devices can be



66.4 Light curtains andlight grids SIMATIC FS400

Light curtains 3RG78 41 for Cate-gory 2 acc. to EN 954-1

• Resolution 30, 55 and 80 mm,• Protective field heights from 150 mm

to 1800 mm,• Host and guest devices can be


Light curtains 3RG78 43 with inte-grated evaluation for Category 2 acc. to EN 954-1, developed acc. to EN 61508 (SIL 2), suitable for risk assessment acc. to prEN ISO 13489

• Resolutions 20, 30, 40 and 90 mm• Protective field heights from 150 to

1800 mm


6 – Fail-safe optical sensors

6.5 Technical data

Integrated Integrated Integrated Integrated External standard blanking muting cycle control evaluation

Transistor output Resolutions Resolutions Resolution Resolutionswith Brad-Harrison- 14 mm, 30 mm, 14 mm, 30 mm, 30 mm 14 mm, 30 mm,connector 50 mm 50 mm 50 mm, 90 mm(MIN series)Transistor Resolutions Resolutions Resolution Resolutionsoutputs with cable 14 mm, 30 mm, 14 mm, 30 mm, 30 mm 14 mm, 30 mm,gland 50 mm 50 mm 50 mm, 90 mmRelay output Resolutions Resolutions Resolutions Resolutionswith Hirschmann 14 mm, 30 mm 14 mm, 30 mm 30 mm and 30 mm 14 mm, 30 mmconnector with integr. LEDASIsafe Resolutions Resolutions Resolutions Resolutions

14 mm, 30 mm 30 mm and 30 mm 14 mm, 30 mm 14 mm, 30 mm,with integr. LED 50 mm, 90 mm

Connection Light curtains 3RG7844/3SF7844, Category 4 Light curtains

3RG7844/3SF7844,

Category 4

Integrated Integrated Integrated Integrated External standard blanking muting cycle control evaluation

M12 Resolutions Resolutionsconnection 20 mm, 30 mm, 30 mm, 55 mm,

40 mm, 90 mm 80 mm

connector Light curtains 3RG7843, Category 2 Light curtains

3RG7841

Category 4


6Integrated Integrated Integrated Integrated External standard blanking muting cycle control evaluation

Transistor output Range Rangeswith Brad-Harrison 18 m 18 m, 60 mconnector(MIN series)Transistor Ranges Ranges Rangesoutputs with cable 18 m, 70 m 18 m, 70 m 18 m, 60 mglandRelay output Range Rangeswith Hirschmann 18 m 18 m, 70 mconnector and 18 m with

integr. LED and transceiver(range 6.5 m)

ASIsafe Ranges Ranges18 m, 70 m 18 m, 60 mand 18 m withintegr. LED and transceiver(range 6.5 m)

Connection Light curtains 3RG7844/3SF7844, Category 4 Light curtains

3RG7844/3SF7844,

Category 4

Resolution Protective field heights Beam number Beam clearance Resolution Protective field heights

14 mm 150 to 1800 mm Light grid, 500 mm 20 mm 150 to 1800 mm2-beam



90 mm 750 to 3000 mm Transceiver, 500 mm 50 mm 300 to 1800 mm2-beam

80 mm 450 to 1800 mm90 mm 150 to 1800 mm

Light curtains, Category 4 Light grid, Category 4 Light curtains, Category 2

Fail-safe SIMATIC controls fulfill allimportant Standards and regulationsand are certified by the GermanTechnical Inspectorate (TÜV).

Production automation

• IEC 61508 (up to SIL 3)• IEC 62061• EN 954 (up to Category 4)• NFPA 79-2002 and NFPA 85• UL 1998, UL 508 and UL 991

Certificate under:http://www.siemens.com/f-cpu

Factory automation

• IEC 61508 (up to SIL 3) • EN 954 (up to Category 4)• NFPA 72• ANSI/ISA S84, API 14C, BLRBAC

Certificate under:http://www4.ad.siemens.de/WW/view/en/17968956

PROFIBUS and PROFINET with PROFIsafeare also part of SIMATIC Safety Integra-ted and are certified acc. to IEC 61508(up to SIL 3), EN 954 (up to Category 4),NFPA 79-2002 therefore fulfilling thehighest requirements for the productionand process industries. Not only this,PROFIBUS DP expanded by the datatransmission version PA (IEC 1158-2),means that distributed automation canbe seamlessly implemented in an inte-grated fashion down to the field level.The I/O modules comply with SIL 3 (acc. to IEC 61508) and Category 4(acc.to EN 954). They are UL listed as well as certified by the GermanTechnical Inspectorate (TÜV).

The previous range of fail-safe CPUshas been expanded by two new S7-300 CPUs with integrated PROFINETinterface.

The fail-safe PROFINET-CPUs 317F-2PN/DP and 315F-2 PN/DP offer a com-bined PROFIBUS DP/MPI and a PROFINETinterface for 100 Mbit/s, based on theEthernet communications standard.This means that they can also be usedas network transition between Ethernetand PROFIBUS.

Further, they allow distributed fielddevices to be controlled that are direct-ly connected to Industrial Ethernet(PROFINET IO).

Communications are established throughEthernet-TCP/IP using PROFINET andthe S7 protocol.

The CPUs can be programmed withSTEP 7 or also via the PROFINET inter-face.

I/O

The table is used as a selection tooland indicates which ET 200 distributedI/O system supports• which functions • which bus systems with which

interface modules.


7 Fail-Safe ControlsSIMATIC Safety Integrated

7.1 Standards 7.2 PROFINET-CPUs

Fig. 7/1

CPU 317F-2 PN/DP


7

Table:

Comparison of the various families of I/O

Data transfer rate, PB 12 Mbit/s

Data transfer rate PN 100 Mbit/s

I/O ET 200S ET 200M ET 200pro ET 200eco

Features Finely modular I/O Modular I/O for Modular, Favorably-pricedwith up to 8 fail-safe applications with multifunctional block I/O in high channels per module a high number of I/O in high degree degree of protection

channels with up of protection IP65/67 IP65/67to 24 fail-safe channels per module

No. of modules 63 8 16 1 basic moduleDI q q q qDO q (up to 2 A) q (up to 2 A)DI/DO qAI qMotor starters q qDrive inverters qUsed in hazardous zones Zone 2,22 Zone 2,22PROFIBUS q q q qInterface module IM 151-1 HF IM 153-2 HF IM 154-2 DP HF Via connector block

IM 153-2 HF FO with connection mo-dules for direct connection, ECOFAST and M12 or 7/8"

Main Order No. 6ES7 151-1BA. 153-2BA. 154-2AA. 194-3AA.153-2BB.

PROFINET q qInterface module IM 151-3 PN HF IM 154-4 PN HF

with connection modulefor M12 or 7/8"

Main Order No. 151-3BA. 154-4AB.

PROFIBUS q q q q

PROFINET q q

SIMATIC ET 200pro

SIMATIC ET 200pro is an especiallysmall, extremely rugged and powerfuldistributed I/O system with an IP65/67degree of protection. It does notrequire a control cabinet and can bemounted directly on or at the machine.Thanks to its modular time-saving con-figuration, it allows flexible distributedautomation solutions to be implement-ed in-line with specific customer speci-fications.

ET 200pro can be connected to well-proven fieldbuses such as PROFIBUS orPROFINET, the open Industrial EthernetStandard for company-wide automa-tion. ET 200pro offers extensive diag-nostics to reduce downtimes in yourplant.

Fail-safe electronic modules and High-Feature interface modules are availablefor automation tasks with the highestdemands placed on safety. The electronic modules (EM 8/16 F-DIand EM 4/8 F-DI/4 F-DO) can be usedalone in one station or combined withstandard modules.


7 – Fail-safe SIMATIC Safety Integrated controls

Fig. 7/2

SIMATIC ET 200pro

Technical data


7

1) with CP 443-1 Advanced

Bus systemPROFINET (PN) PROFINET (PN) PROFINET (PN) 1)

Packaging technology ET 200S S7-300 with central and/or distributed fail-safe S7-400 withI/O distributed

fail-safeI/O

Range of applications Distributed Medium performance range Medium to upper Top performanceapplications performance range rangein the lower per-formance range

RAM 64 KB 192 KB 256 KB 512 KB 1.4 MB data1.4 MB code

Load memory 64 KB - 8 MB 256 KB integr.(plug-in) 64 KB - 8 MBFlag bits 2 KBit 16 KBit 64 KBit 128 KBitFB/FC/DB 512/512/511 2048/2048/1023 2048/2048/2047 2048/2048/4095Fail-safe I/O Up to 28 Up to 320 > 500 > 1000I/O address 244 Byte / 2 KB / 2 KB 8 KB / 8 KB 16 KB / 16 KBrange I/O 244 ByteProcess image I/O 128 Byte / 384 Byte / 384 Byte 1 KB / 1 KB 16 KB / 16 KB

128 ByteInterfaces MPI / DP MPI and MPI / MPI / DP and MPI / DP and MPI / DP and MPI / DP and

DP PN DP PN DPNo. of bus devices 32 125 124 and 128 125 124 and 128 125Dimensions 60 x 120 x 75 40 x 125 x 130 80 x 125 x 130 25 x 290 x 219Main Order No. 151-7FA.. 315-6FF.. 315-2FH.. 317-6FF.. 317-2FJ.. 416-2FK..6ES7

CPU IM 151-7 CPU 315F-2 CPU 315F-2 CPU 317F-2 CPU 317F-2 CPU 416F-2F-CPU DP PN/DP DP PN/DP

PROFIBUS (DP)PROFINET (PN) PROFINET (PN) PROFINET (PN) 1)


7 – Fail-safe SIMATIC Safety Integrated controls

Power at 500 V 7.5 kW

Rated operating current IE 16 A

Short-circuit-breaking capacity 50 kA at 400 V

Coding Can be assigned to 1 of 6

Shutdown groups

Main Order No., motor starters 3RK1301-0.B13-.AA2

Main Order No., terminal module 3RK1903-3A...

Failsafe Contact Multiplier F-CM

Contacts 4 NO

Diagnostics Power failure, device error

Switching capacity 1.5 A / 24 V

Main Order No. 3RK1 903-3CA..

Failsafe Power Module PM-D F X1

(input terminal module)

Operation Standalone with external

safety system

Double terminals for shutdown groups 6

Diagnostics Power failure

Main Order No. 3RK1 903-3DA..

Failsafe Motor Starter

Power rating Up to 4.0 kW

Main Order No. 6SL3 244-OS..-....

Fail-safe frequency converter

No. of 4 (2-channel for 4 for 24 V/2 A 6 shutdown groups 2 relays Up to 2 SIL 3 outputs

inputs/outputs SIL 3 sensors) each 3A (total current 10 A) for 24 V/2 A,

8 (1-channel for (total current 5 A) 2 relays (total current 10 A)

SIL 2 sensors)

Input or 24 V DC 24 V DC 24 V DC 24 V DC 24 V DC

output voltage

Main Order No. 6ES7 138-4FA..-.... 6ES7 138-4FB..-.... 3RK1903-3BA..-.... 6ES7 138-4CF4.-.... 6ES7 138-4CF..-....

Shared I/O

Fail-safe Digital input Digital output Power module PM Power module PM Power module PM

ET 200S modules 4/8 F-DI 24 V DC 4 F-DO 24 V DC PM-D F 24 V DC PM-E F pp 24 V DC PM-E F pm 24 V DC


No. of inputs 4 (2-channel for SIL 3 sensors)

8 (1-channel for SIL 3 sensors)

Input voltage 24 V DC

Main Order No. 6ES7 148-3FA..-....

Digital block I/O ET 200eco

No. of inputs Up to 24 (1-channel 8 (1-channel) 10 8 6 (2-channel for

and outputs for SIL 2 sensors) 4 (2-channel) SIL 3 sensors)

up to 12 (2-channel 13 bit

for SIL 3 sensors)

Input or 24 V DC NAMUR 24 V DC 24 V DC --

output voltage P-M switching

Alarms Diagnostic alarm Diagnostic alarm Diagnostic alarm Diagnostic alarm --

Input current/ -- -- 2 A per channel for 2 A per channel for 4-20 mA

output current signal “1" signal ”1"

Main Order No. 6ES7 326-1BK..-.... 6ES7 326-1RF..-.... 6ES7 326-2BF..-.... 6ES7 326-2BF4.-... 6ES7 336-1HE..-....

Fail-safe Digital input Digital input Digital output Digital output Analog input-

S7-300 signal- SM 326 F SM 326 F SM 326 F SM 326 F module SM 336 F

modules DI 24 x 24 V DC 8 x (NAMUR) DO 10 x 24 V DC/2A DO 8 x 24 V DC/2A

No. of inputs

2-channel for SIL 3 sensors 8 4

1-channel for SIL 2 sensors 16 8

Input voltage 24 V DC

No. of outputs – 4 P/M switching SIL3

Output current – 24 V DC / 2 A

Main Order No. 6ES7 148-4FA..-.... 6ES7 148-4FC..-....

Fail-safe Digital input Digital input/output

ET 200pro modules EM 8/16 F-DI EM 4/8 F-DI/4 F-DO

7

Overview

The new SINUMERIK 840D sl offers ahigh degree of modularity, openness,flexibility, a standard and unified struc-ture for operator control, programmingand visualization. No only this, it alsoprovides a system platform with lead-ing-edge functions for almost all tech-nologies.

SINUMERIK 840D sl is integrated in theSINAMICS S120 drive converter systemand is supplemented by the SIMATICS7-300 automation system. It is a new,digital complete system admirably suit-ed for the medium and upper perform-ance ranges.

SINUMERIK 840D sl distinguishes itselfas a result of its flexibility, highest dy-namic performance, precision and thefact that it can be optimally integratedinto networks.


8 Fail-Safe Motion Control Systems

8.1 SINUMERIK 840D sl /SINAMICS S120

Fig.8/1

SINUMERIK 840D powerline with SIMODRIVE 611 digital, SINUMERIK 840D sl with SINAMICS S120

CNC control SINUMERIK 840D sl

On a SINUMERIK NCU (NCU 710.1 /NCU 720.1 / NCU 730.1) SINUMERIK840D sl combines CNC, HMI, PLC,closed-loop control and communica-tion tasks.

Equipped with an NCU 710.1, SINU-MERIK 840D sl can control up to 6 axes.Equipped with the NCU 720.1 and theNCU 730.1, the number of axes and/orthe performance of the closed-loopdrive control can be increased up to 31axes.

Servo control drive systemsSINAMICS S120

SINAMICS S120 is a truly modular sys-tem and addresses sophisticated drivetasks for an extremely wide range ofapplications. Users select from a wholerange of components and functionsthat are harmonized with one anotherto precisely obtain the combinationthat best addresses their particularrequirements.

All of the SINUMERIK 840D sl / SINAM-ICS S120 components - including themotors and encoders - are connectedwith one another via the common seri-al DRIVE–CLiQ interface.

Motors

SINAMICS S120 is supplemented by awide range of synchronous and induc-tion motors.

Additional information on theSINUMERIK 840D sl / SINAMICS S120system and the associated motors, isprovided in Catalogs NC 61 and D21.2.

Safety-relevant functions

The safety-relevant functions of theSINUMERIK 840D sl / SINAMICS S120system are integrated in the four sub-systems, NC, PLC, drive controller andMotor Modules. The safety-relevantfunctions are implemented using 2channels; crosswise data comparison is made between the two channels.

Safe standstill (SH)

Safe standstill (SH) is used to safely dis-connect the torque-generating energyfeed to the motor when a fault occursor in conjunction with a specific func-tion. This is realized for each axis andthe power is disconnected contactless-ly. However, there is no electrical isola-tion in the Motor Module and in theLine Module. The safety-relevant pulsecancellation, integrated in the MotorModules, forms the basis of this function.

The “safe standstill” function is just in-tegrated in the drive and can thereforebe activated on an axis-for-axis basisvia terminals without requiring a high-er-level control and without the “safetyintegrated” option. In conjunction withSINUMERIK 840D sl and the “Safety In-tegrated” option, “safe standstill” is acti-vated on an axis-for-axis basis viaPROFIsafe.

Safe operating stop (SBH)

Using the safe operating stop (SBH)function, drives are monitored to ensurethat they are stationary (zero speed).However, the drives are at the sametime fully functional in the closed-loopcontrol mode.

Safely reduced speed (SG)

Using the safely reduced speed (SG)function, configurable speed limit val-ues are monitored in a safety-relevantfashion. This function is used, for in-stance, when setting-up without usingan agreement button.

Safe software limit switches (SE)

Using the safe software limit switches(SE), a working area/protective area de-marcation can be made or traversingranges limited.

Safe software cams (SN)

Using safe software cams (SN) a safety-relevant range detection can be imple-mented on an axis-for-axis basis.

Safety-relevant input/output sig-nals (SGE/SGA)

The safety-relevant input/output sig-nals (SGE/SGA) form the interface tothe process. Digital signals can be en-tered into the system through 2 chan-nels or also be output from the system.

Safe programmable logic (SPL)

Safe programmable logic (SPL) allowssafety-relevant sensors and actuatorsto be directly connected and internallylogically combined.


8

Safety-relevant communicationsvia a standard bus

The distributed I/O for the safety-rele-vant input and output signals are al-ways connected via PROFIBUS with thePROFIsafe profile. Safety modules fromthe ET 200S, ET 200pro and ET 200ecorange of products can be used as I/Omodules.

Safe brake management

The safe brake management comprisesthe safe brake test and the safe brakecontrol.

The safe brake control is implementedin the drive and is initiated togetherwith the “safe standstill” function. Thecommand to open or close the brake istransferred to the Motor Modules viaDRIVE-CLiQ. The brake is controlled in a safety-relevant fashion when thepulses are canceled using a special,safety-relevant, P/M switching outputon the Motor Modules.

Integrated acceptance test

The partially automated acceptancetest offers, in addition to the time sav-ing, a prompted test sequence andautomatic configuration of trace func-tions. The automatically generatedacceptance protocol is a clear proof ofquality for the functional safety of themachine - both for the machinery con-struction OEMs as well as for companyactually operating the machines.


8 – Fail-safe motion control systems

Fig. 8/2

Connecting sensors/ actuators with the fail-safe PROFIsafe I/O

Overview

The SINAMICS G120 drive inverter is a modular system for standard drives.

Every SINAMICS G120 comprises aPower Module (PM), a Control Unit(CU) and a Basic Operator Panel (BOP).

By suitably combining the variousControl Units with the wide range of Power Modules, a drive solution is obtained that is optimized both forthe application and in terms of cost.

The PM240 Power Module (with inte-grated braking chopper, prepared forresistor braking) as well as the PM250Power Module (suitable for regenerat-ing into the line supply) are suitablefor use in safety-relevant applications.

In conjunction with a Safety ControlUnit (this is identified by the “-F” typesupplement), a drive is transformedinto a Safety Integrated Drive.

This has a fail-safe closed-loop controlfunction for induction motors in variouscontrol modes (V/f, FCC, vector controlwith and without encoders).

The fail-safe drive inverter has foursafety-relevant functions certifiedaccording to EN 954-1, Cat. 3 and IEC 61508, SIL 2.

• Safe Torque Off (STO); the drive tor-que is safely disabled to prevent the drive actively moving.

• Safely-Limited Speed (SLS); to pro-tect against potentially hazardousmotion when a limit frequency is exceeded. 1)

• Safe Stop 1 (SS1); Safe Stop 1 to continuously monitor a safe brakingramp.

• Safe Brake Control (SBC); safe brake control to safely control an external brake.


9 Fail-Safe Drives

9.1 G120 drive inverter

Fig. 9/1

SINAMICS G120 drive inverter, frame size B

1) Only in non-regenerative operation

(loads that drive the motor are not permissible).

These safety functions can either becontrolled using safety-relevant digitalinputs (FDIs) or directly using PROFIsafe.The CUs of the G120 product familyoffer two safety-relevant digital inputsas well as also a PROFIBUS interfacethat can be parameterized correspon-ding to the actual configuration.

The G120 drive inverter is parameter-ized and commissioned using “Starter”- a screen form oriented engineeringtool that users can order at no charge.

Benefits

In conjunction with the fail-safe ControlUnit and Power Module, SINAMICSG120 offers a transparent and efficientsafety solution:

When compared to conventional solu-tions, the safety acceptance procedurein the machine is significantly simpli-fied:

• The integration of the safety systemallows safety-relevant concepts in-linewith those required in practice but atthe same time simplifies the installa-tion.

• As a result of the integrated functio-nality, less space is required in the electrical cabinet when compared to “classic” safety systems utilizing con-ventional components.

• The “Safe Stop 1" and ”Safely-LimitedSpeed" functions are implemented inthe drive inverter so that an encoder is not required (sensorless solution).This means that they can be realized with minimum costs.

• Flexibility:The modularity of SINAMICS G120 allows both fail-safe as well as stan-dard components to be simultane-ously used.

• Cost reduction:In may cases, external switchingdevices and relays can be eliminatedby using “Safe Torque Off”.

• Reliability: The “Safe Torque Off” function is a pure electronic function and there-fore has no contacts.This results in the shortest and reliable response times (e.g. light curtains used for personnel protection.

• Simple engineeringThese functions are engineeredwith the “Starter” engineering toolthat is used for the other drive units.

• High availability:Parameters can be easily copied to other drive inverters (e.g. when drivesare to be replaced) as an external memory medium (MMC - Micro Memory Card) is used.


9

Fig. 9/2

SINAMICS G120 drive inverter, frame size A-F, with or without CU or Basic Operator Panel

(BOP)

Applications

The G120 drive inverter can be usedfor numerous variable-speed driveapplications. It can be used for a widerange of applications as a result of itsflexibility.

The wide range of applications includescranes and lifting devices, applicationsin conveyor technology, in pumps, fansand compressors, punches and presses,high-bay racking systems, machines forthe food & beverage industry, packag-ing machines, regenerative power con-version etc. This means applicationsthat require a higher degree of func-tionality and dynamic performancefrom drive inverters than is generallythe case. The drive inverter is distin-guished as a result of its especially highperformance and by the fact that it isespecially easy to use.

Design


9 – Fail-safe drives

Fig. 9/3

Modular concept: SINAMICS G120 comprises the Control Unit, Power Module and

Basic Operator Panel

Fig. 9/4

By combining it with an F-CU, a Power Module becomes a safety-relevant drive

Functions

1. Safe Torque Off (STO) - thetorque is safely disabled to pre-vent the drive actively moving

The safety function “Safe Torque Off ”interrupts the power supply (shutdownpath A) that transfers the pulses in thepower unit and additionally cancels thepulses (shutdown path B). As a resultof the appropriate feedback signals(feedback signal A, feedback signal B),the drive is in a safety-relevant no-tor-que condition and is prevented fromrestarting.

Safe Torque Off can be selected bothvia PROFIBUS/PROFINET (PROFIsafe) as

well as via fail-safe digital inputs. ForPROFIsafe, the appropriate data integri-ty is achieved using a checksum (CRC).For the safety-relevant digital input,this is achieved as a result of redun-dancy (Channel A, Channel B).

The safety-relevant shutdown is alsorealized through two channels usingtwo processors (processor 1 and pro-cessor 2). They verify their expectedsignal responses using a crosswise data comparison.

A brake is automatically applied with“Safe Torque Off”. The brake is alsoapplied through two channels whereby

the expected signal response is verifiedusing a feedback signal. Safety-rele-vant brake control is therefore obtained.

In addition, for shutdown via the indi-vidual shutdown paths, a forced check-ing procedure is applied by checkingthe expected signal responses via thefeedback signals from the particularswitching actions.


Fig. 9/5

Function architecture for Safe Torque Off (STO)

9

2. Safe Stop 1 (SS1); Safe Stop 1to continually monitor a safe brak-ing ramp

The “Safe Stop 1” safety function (safebraking ramp) monitors the drive whileit brakes to ensure that it finally comesto a stop.

The drive is braked along a braking rampthat can be parameterized. During brak-ing, the frequency setpoint is continu-ally compared with the feedback signalof the actual frequency detection.

If the frequency for the zero speedmonitoring is fallen below, a safestop is initiated in the drive.

If the braking function fails, then a safestop is immediately initiated and thedrive goes into an error state.



Fig. 9/6

Function architecture for Safe Stop 1 (SS1) and Safely-Limited Speed (SLS)

3. Safely-Limited Speed (SLS) toprotect against potentially haz-ardous motion when a limit fre-quency is exceeded.

The safety function “Safely-LimitedSpeed” monitors the actual frequency toensure that an upper limit frequency thatcan be parameterized is not exceeded.

The response in the drive inverter whenthe upper limit frequency is exceededalso depends on the SLS mode that canbe parameterized:

• SLS mode 0:An error is immediately output if, wheninitiating the safely-limited speed, theactual frequency is higher than theupper limit value. As a result, the driveinverter is stopped using the safetyfunction “Safe Stop 1”.

If the actual frequency lies below theupper limit frequency, the monitoringfunction becomes active and the actualspeed is frozen.

• SLS mode 1:If, when initiating the safely-limitedspeed, the actual frequency is higherthan the upper limit value, then initial-ly the frequency is reduced using the“Safe Stop 1” function. A value that canbe parameterized below the upper limitfrequency is set as the target speedand not zero speed.

• SLS mode 2:If, when initiating the safely-limitedspeed, the actual frequency is higherthan the upper limit value, an error is immediately output and the driveinverter is stopped using safety func-tion “Safe Stop 1”.

If the actual frequency lies below theupper limit frequency, the monitoringbecomes active. The actual speed canstill be changed. When the SLS safetyfunction is activated, and the actualfrequency is exceeded, then an errorcondition is immediately signaled andthe drive inverter is brought into a safecondition.


9

Fig. 9/7

Frequency characteristics for Safe Stop 1

Fig. 9/8

Frequency characteristics for Safely-Limited Speed (SLS)


Integration

These drive inverters can be easily inte-grated into a SIMATIC environment.The drive inverter and its safety func-tions can be controlled either usingfail-safe digital inputs as well as alsovia PROFIsafe.

G120 drive inverters therefore offerthree basic possibilities when it comesto configuring fail-safe systems and inturn for controlling integrated safetyfunctions.

A central fail-safe CPU is used to evalu-ate the safety-relevant signals and con-trol the integrated safety functions ofthe G120 drive inverter via PROFIBUSDP using PROFIsafe.

When appropriately parameterized andconfigured, the integrated safety func-tions of the G120 drive inverter can becontrolled via fail-safe digital inputs.However, the drive inverter can still beintegrated into a PROFIBUS environmentwithout PROFIsafe.


Fig. 9/9

Controlling the safety functions via PROFIsafe

Fig. 9/10

Controlling the safety functions via fail-safe digital inputs with connection to the bus

A conventional, local solution to con-trol the integrated safety functions ofthe G120 drive inverter is also possible.In this case, it is only necessary to para-meterize the fail-safe digital inputs ofthe drive inverter.

Technical data


9

Fig. 9/11

Control via fail-safe digital inputs

Safety classes that can be achieved • Category 3 acc. to EN 954-1• Up to SIL 2 acc. to IEC 61508

(Specifying: PFH (probability of failuresper hour, SFF (safe failure fraction)

Safety functions • Safe Torque Off (STO)• Safe Stop 1 (SS1)• Safely-Limited Speed(SLS)• Safe Brake Control(SBC)

Degree of protection IP20Additional features • Fail-safe coupling through safety-rele-

vant digital inputs and PROFIsafe• Modular design• Energy recovery with regenerative

feedback into the line supply - withoutchopper resistor (PM250)

• Standard and fail-safe frequency inverter• V/f open-loop control• Closed-loop vector control with and

without an encoder• Closed-loop torque control

Fail-safe G120 drive inverter

Terminology

Requirement Class (AK)

Measure of the safety-related perfor-mance of control equipment. Definedin DIN V 19250 and DIN V VDE 0801.

Actuator

An actuator converts electrical signalsinto mechanical or other non-electri-cal quantities.

Failure/fault

Failure

When a piece of equipment or a devi-ce is no longer capable of executing aspecific function.

Fault

Unintentional status of a piece ofequipment or device which is charact-erized by the fact that it is not capa-ble of executing a specified function.

Note: "Failure" is an event and "Fault"is a condition.

Blanking

Using blanking, a specified section orarea is suppressed from a protectivefield, e.g. a light curtain or light grid,i.e. it is disabled. There are two typesof blanking: Fixed and floating blan-king.

Fixed blanking

For fixed blanking, the selected area orrange is fixed. This function is used, forexample, if fixed objects protrude intothe protective field.

Floating blanking

Floating blanking permits that normal-ly one or two light beams in a protecti-ve field are interrupted without a stopsignal being output from a light cur-tain. This function is required if the"permissible" interruption of the lightbeams does not refer to a fixed posi-tion in the protective field, e.g. if amoving cable enters the protectivefield.

Fault

Refer to "Failure / fault".

Fail-safe

The capability of a control to maintaina safe condition of the controlledequipment (e.g. machine, process), orto bring this into a safe conditionwhen faults occur (failures).

Fault tolerance

Fault tolerance N means that a pieceof equipment or device can still exe-cute the specified task even when N faults are present. For N+1 faults, the piece of equipment or device failswhen executing the specified function.

Danger

Potential source of damage. (from EN 292-1 and ISO 12100-1)

for example, hazard as a result ofelectric shock, hazard due to crus-hing, ...

Jitter

Deviation between consecutive clockcycle signals that should have a con-stant distance between them (iso-chronous or equidistant). Jitter isused to evaluate the time synchro-nism for clock-cycle synchronous datatransfer.

With response times of less than 1 msand a jitter below 1 ms, almost allmulti-axis applications can be control-led using Ethernet.

Channel

Element or group of elements thatexecutes a function independently.

2-channel structure

Structure that is used to achieve faulttolerance.


11 Appendix

11.1 Terminology andabbreviations

For example, a 2-channel contactorcontrol can be achieved if at least twoenable circuits are available and themain current can be redundantly swit-ched-off or a sensor (e.g. EmergencyStop switch) is interrogated using twocontacts that are then separately con-nected to evaluation unit.

Category

In EN 954-1 (prEN ISO 13849-1) thisis used to "classify the safety-relatedparts of a control with reference totheir immunity to faults and theirbehavior under fault conditions whichis achieved as a result of the structu-ral arrangement of the parts and/ortheir reliability."

Load group

A group of motor starters that is supp-lied through a power bus. A loadgroup can be located within a potenti-al group or can include parts of twopotential groups.

Motor starter (MS)

Motor starters include direct andreversing starters. Starting and direc-tion of rotation are determined usinga motor starter.

Direct starter

A direct starter is a motor starter forone direction of rotation, whichdirectly powers up or powers down amotor. It comprises a circuit-breakerand a contactor.

Reversing starter

A reversing starter is a motor starter fortwo directions of rotation. It comprisesa circuit-breaker and two contactors.

Muting

Muting disables one or several safetyfunctions for a limited time in linewith specifications

EMERGENCY SWITCHING-OFF

Emergency Switching-off equipment

Arrangement of components that areused to implement EmergencySwitching-Off function (EN 418 andISO 13850). (Note: Today, a differenti-ation is made between "Stopping inan emergency" and "Power off in anemergency".

Stopping in an emergency

A function which either avoids orminimizes impending or existing dan-ger for persons, damage to the machi-ne or when carrying out work;

– initiated by a single action of a person. (EN 291-1 and ISO 12100-1)

Power off in an emergency

Power off in an emergency is achie-ved by disconnecting the machinefrom the power supply as a conse-quence of a Category 0 Stop

(EN 60204 1997). Power off in anemergency should be provided, incompliance with EN 60204-1 1997,where there is the possibility of dan-ger due to electricity (electric shock).

Emergency Stop

An operation in an emergency that isdesigned to stop a process or move-ment that is potentially dangerous(from EN 60204-1 Annex D).

Potential group

A group of motor starter and/or elec-tronic modules which is supplied froma power module.

Proxy

A proxy or proxy server is a serviceprogram for computer networks thatcommunicates through data transfer.It makes data transfer more efficient(lower network load when high dataquantities are being transferred) andfaster - it can also increase the level of safety.

Communication is established bet-ween computers or programs in so-called computer networks. From theperspective of the server, a proxybehaves like a client - as far as theclient is concerned like a server.

Redundancy

Availability of resources or equipmentto execute a specific function.


Risk

Combination of the probability of theoccurrence of damage and the extentof the damage.

Feedback circuit

Circuit to monitor controlled contac-tors.

The function of contactors can bemonitored by reading back the positi-vely driven auxiliary contacts using anevaluation unit. If the contactor con-tacts are welded, the evaluation unitprevents a restart.

Safety Integrity Level (SIL)

In IEC 61508, this is defined as themeasure for the safety performanceof electrical or electronic controlequipment (-> Chapter 1 of the Safety Integrated System Manual, 5th Edition).

Safety

Freedom from unacceptable risk.

Functional safety

Part of the safety of a piece of equip-ment or device (e.g. machine, plant,which depends on the correct func-tion.

Safety function

Function (e.g. of a machine or a con-trol) whose failure (or breakdown)can increase the risk(s).

Safety functions of EN 954 con-trols

"A function, initiated by an input sig-nal and processed by safety-relatedparts of controls that allows themachine to achieve a safe condition(as system)."

Safety-related control function(IEC 62061)

Control function that is executed by asafety-related control system in orderthat a system goes into a safe condi-tion (e.g. machine) or to avoid hazar-dous conditions occurring.

Safety-related control function

Slightly differing definitions are provi-ded in the various Standards.

Safety goal

To keep the potential hazards for manand the environment as low as possi-ble without restricting industrial pro-duction, the use of machines or theproduction of chemicals as far asabsolutely necessary.

Stop

This is a function that is intended toavoid or minimize hazards to person-nel, damage to the machine or theexecution of operational processes. It has priority over every other opera-ting mode.

Stop Category

A term which is used in EN 60204-1to designate three different stoppingfunctions.

Partial potential group

A partial potential group exists, if withina potential group, the auxiliary voltagecan be partially switched out.

Enabling device

Additional manually actuated controldevice that permits a specific functionof a machine if it is continually actua-ted.

Two-hand circuit

Control device, which requires that itis simultaneously actuated by bothhands in order to activate hazardousmachine functions and also maintainthem.


11 – Appendix

Abbreviations

ANSI American National StandardsInstitute

BIA German BG Institute for Safety and Health

BWS Electrosensitive devices

CNC Computerized Numerical Control

CPU Central Processing Unit

DMS Direct Measuring System

FTS Driverless transportation system

HMI Human Machine Interface

IBS Commissioning

IMS Indirect Measuring System

KDV Cross-checking

MRPD Machine Readable ProductDesignation: Order No. of Siemens components

NC Numerical Control

NCK Numerical Control Kernel

NCU Numerical Control Unit

NFPA National Fire Protection Association

OP Operator Panel

OSHA Occupational Safety and Health Administration

PLC Programmable Logic Controller

PM Positive-ground switching

PP Positive-Positive switching

S5 SIMATIC S5

S7 SIMATIC S7


German English

Sicherer Halt (Stop A) Safe standstill (Stop A) SH (---)

Stop B Stop B ---

Stop C Stop C ---

Stop D Stop D ---

Stop E Stop E ---

Sichere Bremsrampe Safe braking ramp SBR

Sicherer Betriebshalt Safe operating stop SBH

Sicher reduzierte Safely reduced speed SG

Geschwindigkeit

SG-spezifische Sollwert- Safely reduced speed- ---

begrenzung specific setpoint limiting

Sichere Software-Endschalter Safe software limit switch SE

Sicheres Bremsenmanagment Safe brake management SBM

Sichere Bremsenansteuerung Safe brake control SBC

Sicherer Bremsentest Safe brake test SBT

Sichere Software-Nocken Safe software cam SN

n<nx n<nx ---

Sichere programmierbare Logik Safe programmable logic SPL

Sicherheitsgerichtete Safety-relevant I/O SGE / SGA

Ein-/Ausgangssignale

Sicheres Software Relais Safe software relays ---

Name Abbr.

German English

Sicher abgeschaltetes Moment Safe Torque Off STO

Sicherer Stillstand 1 Safe Stop 1 SS1

Sicherer Stillstand 2 Safe Stop 2 SS2

--- --- ---

Sicherer Betriebshalt Safe Operating Stop SOS

Sicher begrenzte Safely-Limited Speed SLS

Geschwindigkeit

--- --- ---

Sicher begrenzte Lage Safely-Limited Position SLP

--- --- ---

Sichere Bremsenansteuerung Safe Brake Control SBC

--- --- ---

Sichere Nocken Safe Cam SCA

Sichere Drehzahlüberwachung Safe Speed Monitor SSM

--- --- ---

--- --- ---

--- --- ---

Name Abbr.

Previously used function designation Function designation according to IEC 61800-5-2 (draft)

[1] Position paper DKE 226.0.3:Safety-related functions electric drive systems in machines. Status 1/98.

[2] Schaefer, M.; Umbreit, M.: Drive systems and CNCcontrols with integrated safety. BIA Report No. 4/97

[3] Categories for safety-related controls acc. to EN 954-1. BIA Report 6/97.

[4] ZH1/419. Testing and certificationregulations of the testing andcertification bodies in BG-Prüfzert.Edition 10/1997.

[5] Reinert, D.;Schaefer, M.; Umbreit, M.: Drives and CNC controls with integrated safety. In: ETZ-Heft 11/98

[6] Safety-related data transfer; Requirements as well as deter-ministic and probabilistic techni-ques; 1998, Uwe Jesgarzewski, Rainer Faller – TÜV Product Service

Internet address:

General information

http://www.siemens.de/safetyhttp://www.siemens.de/automation/mall

AS-Interface

http://www.siemens.de/as-interface

SIRIUS

http://www.siemens.de/sirius

SIMATIC

http://www.siemens.de/simatic-controllerhttp://www.siemens.de/simatic-dp

SIMATIC Sensors

http://www.siemens.de/simatic-sensors/fs

SIMODRIVE 611, SIMODRIVE POSMO,SIMOVERT MASTERDRIVES

http://www.siemens.de/simodrive

SINUMERIK

http://www.siemens.de/sinumerik

SINAMICS

http://www.siemens.de/sinamics

Hotlines:

Technical Support

phone: +49(0)180-5050222 fax: +49(0)180-5050223 mailto: [email protected]

Technical Assistance

phone: +49(0)911-8955900 fax: +49(0)911-8955907 mailto: [email protected]

Online-Support

http://www.siemens.de/automation/support-request


11 – Appendix

11.2 References 11.3 Contact – Internet,Hotlines

Because training is decisive foryour success

SITRAIN® - the Siemens Training forAutomation and Industrial Solutions -is there to support you in masteringall of your tasks.

With training from the market leaderin automation, plant erection andsupport, you can certainly win whenit comes to feeling comfortable inmaking the right decision. Especiallywhen it involves optimally using pro-ducts and efficiently using plants andsystems. You can eliminate perfor-mance issues and problems in existingplants and systems and reliably exclu-de expensive planning mistakes fromthe very start.

When all is said and done, thissignifies enormous benefits foryour operation: Shortened start-up times, optimized plant and sys-tem sections, fast troubleshoo-ting, lower downtimes. The result- a higher degree of profitabilityand lower costs.

Top trainers

Our trainers have in-depth experiencein the field and also extensive didacticexperience. Personnel that developthese training courses have a directlink to our product developmentgroups and they directly pass on theirknowledge to the trainers.

In-line with that required in practice

Because our trainers are very much intouch with what is required in practi-ce, means that they can really com-municate theoretical knowledge. Butas everyone knows, theory can besomewhat dull, and this is why weplace the highest significance onpractical training - that represents upto halve of the course time. Thismeans that you can immediatelyimplement what you have learned inyour day-to-day business. The trainingcourses use training equipment thathas been specifically developed forthis purpose so that you feel absolute-ly confident in our training courses.

Wide variety of courses

We have a total of approximately 300courses and provide training for the

complete range of A&D products and toa large extent, plant solutions from I&S.Off-site training courses, self-learningsoftware and moderated seminars inthe web complement our classic rangeof courses.

Close to the customer

We are never far away. We are repres-ented in approximately 60 times inGermany and worldwide in 62 coun-tries. Would you like personalized trai-ning instead of participating in our300 courses? Our solution: We cantailor the training to your personalrequirements.

We provide training courses in ourtraining centers or also in your facility.


11.4 Seminars availablefor safety technology,Standards and Directives

The right combination: BlendedLearning

Blended Learning means a combina-tion of various learning/trainingmedia and sequence of courses. Forinstance, a course in a training-centercan be optimally supplemented byself-learning programs to prepare fora course or after a course. As a sup-plement, SITRAIN utilizes moderatedonline training in order to providecourses at agreed time live in theInternet.

The combination makes it allworthwhile. This is the reasonthat Blended Learning can wellcommunicate complex subjectsand train networked thinking.Spin-off: Lower travel costs andnon-productive times using trai-ning sequences that are indepen-dent of the training location andtime.

The international learning portal

www.siemens.de/sitrain

All of the training possibilities at aglance! You can comfortably scan ourglobal portfolio of courses, you cancall-up all of the course dates online,and courses where there is still spaceavailable are listed, updated on a dailybasis, so that you can directly registerfor the course you wish to participatein.


11 – Appendix

Safety Integrated Decision makers, sales personnel, 2 days ST-SIUEBF

overview in the project managers, project team

production industry members, programmers, com-

missioning engineers, application

engineers

Engineering and Programmers, commissioning 3 days ST-PPDS

programming with engineers, application engineers

Distributed Safety

Engineering and Programmers, commissioning 3 days ST-PPFS

programming with engineers, application engineers

F systems in STEP7/

PCS7 environment

SIMATIC S7, S7-400 H Programmers, commissioning 3 days ST-7H400H

system course engineers, application engineers

SINUMERIK 840D, Service personnel, maintenance 3 days NC-84DSIS

Safety Integrated personnel

service course

SINUMERIK 840D, Commissioning engineers, 5 days NC-84DSIW

Safety Integrated application engineers,

engineering and service personnel

commissioning

Electromagnetic Programmers, commissioning 3 days MP-EMVPRA

compatibility in engineers, application engineers,

the field service personnel, maintenance

personnel

Explosion protection, Decision makers, sales personnel, 1 day MP-EX-GRU

basics commissioning engineers,

application engineers, service

personnel, maintenance personnel

Explosion protection Decision makers, sales personnel, 1 day MP-EX-EIG

intrinsic safety commissioning engineers,

application engineers, service


New standards for Decision makers, sales personnel, 1 day ST-NSST

Safety technology in Projects managers, project

the production industry personnel

Testing, using and Operators, users, 2 days SE-FSZERT

handling electro- decision-makers, sales personnel,

sensitive protective commissioning engineers, engi-

equipment neers, programmers, service

personnel

Subjects Target group Duration Code


Actuator-sensor Decision-makers, sales personnel, 3 days IK-ASISYS

interface Project manager, project personnel,

System course programmers, commissioning

engineers, engineers, service


SINUMERIK 840D, Commissioning engineers, engi- 3 days NC-84DSIR

Safety Integrated neers, service personnel

Refresher

Safety Integrated in EMR engineers, 2 days ST-SIUEBPV

process automation EMR technicians, EMR foreman,

Employees in EMR planning,

System developers, operations

managers, Operations assistants,

operations engineers, operations

technicians

EMC from the very start, Project managers, project 3 days MP-EMVLP

Focus on plants personnel, Commissioning

and machines engineers, engineers, service

personal

Commissioning and Commissioning engineers, 2 days DR-G120-EXP

engineering SINAMICS engineers, programmers

G120

Subjects Target group Duration Code


11 – Appendix

This course provides you with the cur-rent situation - as far as standards areconcerned - in production technology.You will also get to know how to cor-rectly apply it in practice using selectedexamples. The objective of this course isto merge theory and practice. You willsecure a high production quality andachieve competitive advantages bycompetently implementing this know-ledge in your own operation.

Contents

• EC Machinery Directive- Basics, definitions, requirements,

implementation, application on new machines and new machine equipment

- Applying when making modifica-tions and upgrading

Safety Integrated, Overview in Production Technology (ST-SIUEBF)

- Evaluating conformity• EC Directive

- Basic, definitions,requirements, implementation

• Overview of the Standards- EN ISO 12 100 (EN 292),

EN 1050 (ISO 14121)- EN 60204-1- EN 954-1, (prEN ISO 13849-1),

EN ISO 13849-2, (EN 954-2)- EN 62061, IEC 61508

• Example from the field - automobileindustry (painting shop, subsequenthandling with transport using a rail-based system)- Standards and use- Applications- Configuration/design and implemen-

tation of the risk analysis usingconventional wiring and bus-basedsolutions.

Target groups

Decision makers, sales personnel, project managers, project team members, programmers, commissio-ning engineers, users

Duration

2 days

Course fee

€ 680We reserve the right to revise prices

Course locations

Nuremberg, Mannheim

Participants learn how to handle, engi-neer, program, commission, diagnoseand troubleshoot distributed safety sys-tems. This includes the fail-safe CPUs315F-2DP, CPU 317F-2DP, CPU 416F DPand the IM151-F CPU. The fail-safe pro-gramming is realized in the program-ming languages F-FBD or F-LAD.

Contents

Overview, Standards and Directives• AS S7-300F (principle, system

design and I/O)• Engineering fail-safe I/O with distri-

buted safety• Programming a safety-related user

program

Engineering and programming with Distributed Safety (ST-PPDS )

• Fail-safe communications PROFIsafe(CPU-CPU communications,Master-slave communications)

• Diagnostic capability (CPU diagnos-tics, I/O diagnostics, other diagnos-tic tools)

• Exercises on configuring the I/O, communications, troubleshooting

• Examples for programming (Emergency Stop, protective door, safety-related shutdown, passiva-tion, special programming issues)

Target groups

Programmers, commissioning engineers, application engineers

Duration

3 days

Course fee


Course locations

Essen, Hanover, Mannheim,Nuremberg, Stuttgart


Participants learn how to handle, confi-gure engineer, program, commissionand troubleshoot F-systems. Theseinclude fail-safe CPUs 414-4 H and CPU417-4 H that are optionally available ashigh availability versions. The CFC pro-gramming language is used to programin a fail-safe fashion the safety-relatedapplications that these CPUs control.

Contents

• Overview, redundant systems (H/F differences, availability, redundant systems, regulations)

• AS S7-400F (principle, system de-sign and I/O)

• Engineering fail-safe I/O with F-Systems

Engineering and programming F systems in the STEP7 / PCS7 environment (ST-PPFS)

• Programming a safety-relevant user program using CFC

• Fail-safe communications Profisafe• Exercises to configure I/O, commu-

nications, fault-finding• Programming example, special

programming issues

Target groups


Duration

3 days

Course fee


Course locations

Essen, Mannheim, Nuremberg

Participants learn how to handle,engineer, commission and trouble-shoot the fault-tolerant SIMATIC S7-400H automation systems.

Contents

• Overview, redundant systems (H/F difference, availability, redundant systems)

• AS S7-400H (principle, system configuration and I/O, synchroni-zation, coupling and updating the reserve, self-test, principle mode of operation, fault/error processing)

SIMATIC S7, S7-400 H system course (ST-7H400H)

• Configuring with STEP7/HSys (system parameterization, system handling, fault diagnostics, docu-mentation)

• Exercises to configure the I/O, troubleshooting, programming examples

Target groups


Duration

3 days

Course fee


Course locations

Essen, Nuremberg


11 – Appendix

This course shows participants how toengineer and commission the SafetyIntegrated functionality with a SINUME-RIK 840D. After the course, participantscan engineer, test and commission theSafety Integrated function and a SINU-MERIK 840D special system configura-tion with safety-relevant functions.

Contents

• General information on safety-relevant systems

• System prerequisites• Description of the basic relevant

function• Safe programmable logic

SINUMERIK 840D, Safety Integrated engineering and commissioning (NC-840DSIW)

• Connecting sensors/actuators• Test stop• Safety-related communications

with PROFIsafe• Safe brake management• Description of the machine data

and interface signals• Procedure when commissioning

and troubleshooting• Evaluation of diagnostic and alarm

displays• Circuit examples for Safety Integra-

ted• Acceptance report• Practical exercises to engineer, com-

mission and service equipment on training models equipped with digital feed and main spindle drives

Target groups

Commissioning engineers, application engineers, service personnel

Duration

5 days

Course fee


Course location

Nuremberg-Moorenbrunn

This course provides participants withthe knowledge and skill sets that arerequired to service and maintain amachine equipped with SINUMERIK840D and Safety Integrated. After par-ticipating in the course, course partici-pants can troubleshoot and resolvefaults. After repair/software upgrades,course participants can check the safe-ty-related functions and accept them.

Contents

• General information on safety-rela-ted systems

• System prerequisites• Description of the basic relevant

function• Safe programmable logic

• Connecting sensors/actuators• Test stop• Description of the machine data

and interface signals• Procedure when commissioning

and troubleshooting• Evaluating diagnostic and alarm

displays• Circuit examples for Safety Integrated• Acceptance report• Practical fault finding exercises and

service at training models equippedwith digital feed and main spindle drives

Target groups

Service personnel, maintenance personnel

Duration

3 days

Course fee


Course locations

Chemnitz, Düsseldorf, Nuremberg-Moorenbrunn

SINUMERIK 840D, Safety Integrated maintenance course (NC-84DSIS)


This course addresses all employees indevelopment, mechanical design, pro-duction and service that require practi-cal know-how and skill sets regardingEMC for their day-to-day work. The indi-vidual subjects will be highlighted usingvideo films. The effects of EMC pheno-mena with effects that are manifestedin practice with the appropriate measu-res to prevent them and counter-mea-sures will also be demonstrated. Theobjective of this training course is tolearn how to avoid or resolve EMC faults.

Contents

• What you have to especially observewhen planning plants and systems

• How an EMC-correct electrical cabi-net looks like, especially with varia-ble-speed drives, background infor-mation on the individual cabinet design rules

• How is a differentiation made bet-ween software, hardware and EMC disturbances

Electromagnetic compatibility in practice (MP-EMVPRA)

• Which measuring equipment makessense for fault finding and how is it used

• Tips and tricks when fault-finding, how you can subsequently increase the noise immunity

• Causes and effects of static dischar-ge and the appropriate counter-measures

• The advantages and disadvantages of different grounding techniques, what causes potential differences, how is potential bonding implemen-ted

• Causes, effects and avoiding harmo-nics, resonance effects in the line supply, filter circuits, blocking cir-cuits etc.

• When and how can filters be effec-tively used

• Everything about cable shield connec-tions

• Motor bearing currents, cause, effects, counter-measures

• Aspects related to lightning protec-tion, identifying hazards up to the use of protective elements

• Introduction into Standards, CE caution, new EMC directive!

Target groups

Programmers, commissioning engineers, application engineers, service personnel, maintenance personnel

Duration

3 days

Course fee


Course locations

Erlangen, Mannheim, Munich,Chemnitz, Stuttgart, Frankfurt,Hanover


11 – Appendix

This course provides manufacturersand users of electrical equipment -that is operated in hazardous zones -basic theoretical and practical infor-mation on electrical explosion protec-tion. This includes the underlyingphysics, basic legal issues, possibleprotective measures for electricalequipment and information on theiruse. Presentations and excerpts fromvideo films will show how explosionsoccur and the associated hazards.

Contents

• Explosion, conditions for explosion• Sources of ignition• Primary and secondary explosion

protection

Basics of explosion protection (MP-EX-GRU)

• Safety-related parameters• Temperature classes, explosion

groups, zone classification• Basic legal issues regarding explo-

sion protection• Classes of protection for electrical

equipment• Construction regulations for equip-

ment according to EN 50 014-50 028• Coding of electrical equipment• The special explosion protective

measures implemented for this equipment will be discussed using a specific piece of equipment as an example

Target group

Decision-makers, sales personnel,commissioning engineers, project engineers, service personnel, maintenance personnel

Duration

1 day

Course fee

€ 335We reserve the right to revise the prices

Course location

Mannheim

This course provides participants thatdevelop, construct and support explo-sion-protected electrical equipmentand intrinsically safe systems a morein-depth analysis of the class of pro-tection, intrinsic safety and the designof equipment with intrinsically safecircuits. The use of intrinsically safeequipment is explained using applica-tion examples. Further, when combi-ning intrinsically safe with the associ-ated equipment, the necessary proofof intrinsic safety is explained usingthe appropriate examples.

Contents

• Construction regulations for equip-ment according to DIN EN 50 014 and 50 020

• Basic information about the class ofprotection, intrinsic safety

Explosion protection, intrinsic safety (MP-EX-EIG)

• Minimum ignition curves• Intrinsically safe and the associated

electrical equipment• Properties of special, intrinsically

safe equipment, coding• Requirements when erecting equip-

ment in the individual zones acc. toDIN 0165

• Connecting-up equipment to create intrinsically safe plants/systems (DIN EN 50 039)

• Erection of intrinsically safe plants/ systems according to VDE 0165

• Operation, repair, and testing of equipment

Target group

Decision-makers, sales personnel,commissioning engineers, project engineers, service personnel, maintenance technicians

Duration

1 day

Course fee


Course location

Mannheim


As machinery and plant constructor -as well as company operating suchplants/systems - you are legally obli-ged to guarantee the safety of manand the environment. At first glance,new standards and regulations repre-sent a barrier - but also open-up manypossibilities. This seminar will provideyou with an overview regarding prac-tically applying standards and regula-tions and you will be able to ensurethat the safety technology of yourmachine or plant will be in complian-ce with the appropriate legislation.

New Standards for safety technology in the production industry (ST-NSST)

Contents

• Overview regarding the require-ments and Standards for functional safety.

• Current developments and new issues (e.g. ISO 12100, ISO 14121, IEC 62061, ISO 13849 (rev), …).

• Procedure when engineering, accepting and operating plants and machines – previous approach – future approach.

• Requirements placed on the system and components, system design (qualitative and quantitative analysis).

• Acceptance• Export

Target group

Decision-makers, sales personnel, project managers, project personnel

Duration

1 day

Course fee


Course location

On request

In this workshop you will learn how to check/test, use and handle electro-sensitive protective equipment anddevices (light curtains, light grids andlaser scanners) from the SIMATIC sen-sor series. You will receive a certifica-te that entitles you to carry-out theannual device check according toParagraph 2 Section 7 BetrSichV.

Inhalte

• European Directives.• Safety-relevant parts of controls

according to EN 945-1• Safety light curtains • Safety laser scanners • Calculating safety clearances

according to EN 999• Evaluation units

Testing, using and handling electro-sensitive protective equipment - (SE-FSZERT)

• Checking/ testing electrosensitive devices

• Diagnostics• Obtaining the capability certificate

for SIMATIC sensor devices

Note

Course participants must bring theirown notebook (laptop PC). It shouldhave the following basic features: CPU Intel Pentium with min. 500 MHzor comparable, min. 16 Mbyte RAM,minimum free space on the hard diskof 10 Mbyte, Windows 98, 2000, NT,XP. When the course starts, the para-meterizing software will be installedon the notebook (laptop PC) of thecourse participant at no charge. This is the reason that you must haveadministrator rights to install pro-grams under Windows.

Target group

Operating personnel, users, decision-makers, sales personnel,commissioning engineers, project engineers, programmers, service personnel

Duration

2 days

Course fee


Course location

On request


11 – Appendix

The course provides system know-howabout the standard AS-Interface networ-king system. After you have participatedin this course you will understand thefunctions of the system componentsand the standard and expanded opera-tion of SIMATIC S7 master modules.You will be able to design, configureand commission AS interface for yourautomation system. The course will alsoinclude information on the DP/AS-Interface Link 20E network transitionand will provide basic knowledge aboutPROFIBUS DP. The AS-Interface compo-nents for Safety at Work (safety moni-tor, Emergency Stop switch, positionswitch etc.) are connected to an AS-Interface network.

Actuator-Sensor Interface system course (IK-ASISYS)

Contents

• Basic information about the Actuator-Sensor Interface (AS-Interface)

• Design and engineering• Introduction into the system

components• AS-Interface, master• AS-Interface, slaves, A/B technology• AS-Interface, power supplies, cables

and accessories• Commissioning, testing and

diagnostic capabilities• Addressing device• Network transitions, PROFIBUS DP /

AS-Interface (DP/AS-i Link 20E)• Safety at Work• Practical exercises

Target group

Decision-makers, sales personnel, project managers, project personnel,programmers, commissioning engineers, design engineers, service personnel, service technicians

Duration

3 days

Course fee


Course location

Mannheim

This course will provide informationabout the new functions of SafetyIntegrated that are available with soft-ware version 6 of SINUMERIK 840D.After the course, participants will beable to engineer, test and commissionthe new functions of Safety Integratedfor special machine configurationswith safety-relevant functions.

Prerequisites

Participation in course NC-84DSIW up to December 2002 or NC-84DSIS

Contents

• Overview of the new safety functionsof SW release 6.X

• Acceptance report with SinuCom NC

• Pulse cancellation in the NC• Safety-relevant communications

with PROFIsafe• Safe brake management• Extended diagnostic functions• Extended configuring of alarm texts• Practical exercises on engineering,

commissioning and service carried-out on training models with digital feed and main spindle drives

Target group

Commissioning engineers, project engineers, service personnel

Duration

3 days

Course fee


Course location

Nuremberg

For additional dates, course locations and prices, please go to the followingInternet address:

www.siemens.de/sitrain

SINUMERIK 840D, Safety Integrated refresher course (NC-84DSIR)


This seminar is intended to providecourse participants with information oncurrently active developments in natio-nal and international technical regula-tions and provide them with methodsand tools so that these regulations canbe complied with in practice. Thesesubjects will be then discussed in moredepth using examples from the field.

Contents

• Plant safety for process plants• Technical regulations and rules,

explanation of the associated termi-nology, hierarchy of the regulations,legislation, ordinances, ensuring plant safety using process control technology, explanation and in-depth discussion of such issues as BlmSchG, GPSG, fault regulations, UVV, BGR,BGV, EU legislation, EU Directives

• Machine and plant safety• Possibility and limits of process

control technology for tasks relatingto plant safety, design, mode of

Safety Integrated in process automation (ST-SIUEBPV)

operation and fault behavior of PLT protective devices

• NE 97 fieldbus for safety technology• Company-specific safety manage-

ment according to IEC 61511-1• Experience of a specialist safety

evaluator when carrying-out checks• CE marking for machines and plants• Integration of safety technology –

pros and cons• Example for implementing interna-

tional rules regarding machines / process-related plants

• Implementation of safety-relevantapplications in the process industry

with Siemens products/systems using a practical example involving SIMATIC S7-400FH / SIMATIC PCS7

Target group

EMR specialist engineers, EMR techni-cians, EMR supervisors, employeesinvolved in EMR planning, systemdevelopment personnel, operationsmanagers, operations assistants, operations engineers, technicians

Duration

2 days

Course fee


Course locations

Frankfurt, Mannheim


11 – Appendix

The objective of this course is to provi-de basic know-how and more in-depthinformation about ElectromagneticCompatibility (EMC). It starts with thebasics up to the application and inclu-des practical exercises on measuringtechniques and EMC measures toupgrade equipment and plants. At thebeginning of the course, participantswill learn about the physical basics andinterrelationships of EMC. Based onthis, some of the usual customer requi-rements will be discussed as well aslegal and standards-related issues.Measures and methods will be provi-ded to realize an EMC-correct designand configuration of plants and machi-nes. The material learnt will be discus-sed in more detail using exercises at acertified testing laboratory (SiemensEMC Center, Erlangen). More than 10specialists with many years of expe-

rience in EMC-correct developmentand engineering as well as the EMCtesting of industrial plants and deviceswill provide a comprehensive overviewabout basics, requirements and measu-res to be applied.

Contents

• EMC basics• Filter technology• Plant and system planning• Simulation of systems• Cables and signal interfaces• Cabinet design and wiring• Legislation and Standards• Measurements in plants and on

machines• EMC-correct configuration of plants

and machines using drive conver-ters as an example

• Magnetic fields

• Practical tests carried-out in a test laboratory

Target group

Project managers, project personnel,commissioning engineers, engineers,service personnel

Duration

3 days

Course fee


Course location

Erlangen

EMC from the very start, focus on plants and machines (MP-EMVLP)

This course provides the basis for fastand successful commissioning - evenfor sophisticated applications. In addi-tion to the basic information about themotor and drive converter, specialattention is played to subjects such asclosed-loop control structures, free sig-nal interconnection (BICO technology)and integrated safety functions (SafetyIntegrated).

Target group

Commissioning engineers, engineers,programmers

Duration

2 days

Course fee


Course location

Nuremberg

Commissioning and engineering SINAMICS G120 (DR-G120-EXP)


Term Page

315F-2 PN/DP 7/2317F-2 PN/DP 7/2400 V-Disconnecting Module 5/26

asimon V2+ 4/5

Cable-operated switch 5/8

ET 200 Configurator Software 5/29Ethernet-TCP/IP 7/2

Hinge-mounted switch 5/5

Jitter 11/2

Magnetically operated switch 5/5

Power Module PM240 9/2Power Module PM250 9/2PROFIBUS 4/3PROFINET 4/2PROFINET IO 4/3PROFIsafe 4/2Proxy 4/2, 11/3

Safety Local Isolator Module 5/25Safety functions 8/3SBC 9/2Signaling columns 5/8SIMATIC ET 200pro 7/4SINAMICS S120 8/2SINUMERIK 840D sl 8/2SLS 9/7SS1 9/6Standard switch 5/4Starter 9/3STO 9/5Switch with separate actuator 5/4

TCP/IP 4/2

Zero sequence detection 4/6Zero speed monitor 4/6

11.5 Index


11 – Appendix

Impressum:

Safety Integrated System ManualThe Safety Portfolio for Global Industries5th Edition Supplement

Published by:Siemens AGAutomation and Drives GroupPostfach 4848, D-90327 Erlangen

Authors responsible for the contents:Georg Becker (A&D PT7)Andreas Diepgen (A&D SD)Christian Hansel (A&D CD)Maximilian Korff (A&D CD)Guillaume Maigret (A&D CD)Uwe Schade (A&D CD)Carsten Schmidt (A&D CD)Jürgen Strässer (A&D MC)Thomas Winkovich (A&D SD)Bernhard Wöll (A&D AS)

Concept, support, coordination and editing:Wolfgang Kotitschke (A&D SE)Sybill von Hofen (A&D GC)

Design:NEW ORANGE DESIGN, Obernzenn

Printing:Farbendruck Hofmann, Langenzenn

© 2006 by Siemens AGBerlin and Munich

All rights reservedFee, € 2

Subject to change without prior notice

Siemens Aktiengesellschaft

Automation and DrivesLow Voltage Controls and DistributionP.O. Box 3240, D-91050 Erlangen

Automation and DrivesIndustrial Automation SystemsP.O. Box 4848, D-90327 Nürnberg

Automation and DrivesMotion Control SystemsP.O. Box 3180, D-91050 Erlangen

www.siemens.de/safety

Order No. 6ZB 5000-0AB01-0BA0Printed in GermanyDispostelle 06 345 / SEK 30 296

Documents

5th Edition Supplement - Paragraf 34Safety-relevant functions 8/3 9 Fail-Safe Drives 9.1 G120 drive inverter 9/2 Overview 9/2 Benefits 9/3 Applications 9/4 Functions 9/5 Integration