Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Embedded Networking Solutions www.twincomm.nl
Safety communication over Industrial Ethernet for embedded systems
Kurt van Buul Twincomm
Embedded Networking Solutions
Embedded Networking Solutions www.twincomm.nl
Safety
Risk = Chance of a damaging event x Expected damage
Safety = Reduction of dangers for people and environment
Safety - Some basics
Risk
Remaining Risk
Risk Reduction Methods
System Risk
Danger
Tolerated Risk
Embedded Networking Solutions www.twincomm.nl
Safety - Some basics
EN 61508
Functional
Safety
EN 13849-1
Safety of Machinery
EN 50128
Safety for Railway
EN 60601
Safety for Medical devices
EN 62061
Safety of Machinery –
Electrical control systems
EN 61511
Safety for Process Industry
IEC 61800-5-2
Safety for Drives
IEC 61496
Safety for protective
equipment
EN 61784-3
Safety fieldbus profiles
Sector Standards Product Standards
Embedded Networking Solutions www.twincomm.nl
SIL Danger failure per hour1
1 ≥ 10-6 to < 10-5
2 ≥ 10-7 to < 10-6
3 ≥ 10-8 to < 10-7
Safety - Some basics
Safety Integrity Level (SIL) - EN 61508
1 High demand or continuous mode
One failure in ~1100 years
Embedded Networking Solutions www.twincomm.nl
SIL Danger failure per hour1 Assessment
1 ≥ 10-6 to < 10-5 Independent Person
2 ≥ 10-7 to < 10-6 Independent Departement
3 ≥ 10-8 to < 10-7 Independent Organisation
Safety - Some basics
Safety Integrity Level (SIL) - EN 61508
1 High demand or continuous mode
One failure in ~1100 years
Embedded Networking Solutions www.twincomm.nl
Safety - Some basics
Safety Lifecycle (EN 61508)
Field of Application
Danger and Risk
analysis
Specification of
safety requirements
for the safety system
Overall safety
requirements
Design of • overall operation and
maintenance
• overall validation
• installation and
putting into service
Installation and
putting into service
Overall validation
Overall operation,
maintenance
and repair
End of life /
decommissioning
Concept
Modification and
retrofitting
Embedded Networking Solutions www.twincomm.nl
Safety - Some basics
Redundancy Safe State
Homogeneous
Divers
Power interrupt
Safe operation
Embedded Networking Solutions www.twincomm.nl
Safety communication
Example
Node
Safety-PLC
Node
Emergency Stop
Lightcurtain
Main
Contactors
Embedded Networking Solutions www.twincomm.nl
Safety communication
Safe communication ≠ Always available
Safety
Application
Standard
Application
Safety Stack
Safety
Application
Standard
Application
Safety Stack
Ethernet Interface Ethernet Interface
Protocol Stack Protocol Stack
Safe communication via a non-safe bus
Black Channel
Embedded Networking Solutions www.twincomm.nl
Safety communication - Telegram
Mixed mode: Safety Telegram between Standard telegrams
DA SA End Start
Consec.
number
Safety
Source
address
Safety
Dest
address
Time
stamp
Safety
Application data
CRC
Std-Telegram Std-Telegram Std-Telegram Safety Telegram
DA SA End Start Encrypted Safety Data
Embedded Networking Solutions www.twincomm.nl
Safety communication - Protocols
Safety protocols on top of communication protocols
Embedded Networking Solutions www.twincomm.nl
General embedded design-in
2nd CPU
CPU
Non-safe Safe
Safety design
Application
Safe
Safe
Ethernet
Prot
Certification
Power
Supply
Embedded Networking Solutions www.twincomm.nl
General embedded design-in
Tech
no
log
y
Pro
cess
& O
rgan
isati
on
Protocol certification Safety certification
Embedded Networking Solutions www.twincomm.nl
A set of documents describing the safety system and its development is required:
Safety Requirement Specification
Functional Safety Management (FSM) or Safety Plan collates all structural
and technical activities during the different development phases
• Responsibilities and competences
• Communication / information flows
• Definition of product lifecycle
• Documentation (In- and Output documents for each lifecycle phase)
• Planning of methods and techniques to avoid errors
• Rating of the (achievable) functional safety
• Dealing with modifications
• Configuration management
General embedded design-in
Safety Development Process
Embedded Networking Solutions www.twincomm.nl
Verification and validation plan
shows the fulfillment of the goals and requirements that
were defined for the different safety lifecycle phases
• Summary of used methods and techniques
(e.g. described by IEC EN 61508-2 and -3)
• List of used tools (e.g. Compilers, CAD-Systems etc.)
Hardware- and Software Design Documents
• Tracking of requirements shall be possible
• Documented Reviews necessary
User manual or Safety Manual
• User obligations and terms of use
• Restrictions to the appliance of the safety functions
• Description of the safety functions and their API
General embedded design-in
Safety Development Process (cont)
Embedded Networking Solutions www.twincomm.nl
Modular Safety Design-in
Connector Connector
Standard Control Data
E
X
T
Internal
PWR
Supply
M
Fail safe
Control
Data
Pre-certified
Safety module
Data
stream
OUT IN
PWR
Host Application System
MCU FLASH
Peripherals
Motor
Control
Power
Circuit
RAM
Pre-certified
Internet &
Protocol Module
NW NW
Embedded Networking Solutions www.twincomm.nl
Technical design-in
• Power Supply (SELV/PELV): Logic and Safe I/O
• Environmental operating conditions (EMC, temperature, humidity)
• Routing of safe I/O signals to external connectors
• Mechanical dimensions and clearances
• Electrical connection to non-safe communication controller
• Shielding and housing to achieve enhanced EMC requirements
Functional and technical testing
Adapt/provide Device Description-file & Product Safety Manual
Product Validation
Product Safety Approval e.g. by TÜV
Modular Safety Design-in
Integration & Certification
Embedded Networking Solutions www.twincomm.nl
IXXAT Safe T100 Module
T100 Board connector
(Safe I/O, Channel, Power)
Safe I/O board
Safe CPU board
(safety protocol handling)
Anybus CompactCom
Industrial Ethernet Module
Example system set-up
Black Channel
Embedded Networking Solutions www.twincomm.nl
IXXAT Safe T100 Module
Example system set-up
Embedded Networking Solutions www.twincomm.nl
IXXAT Safe T100 Module
Design-in and Certification Steps
Pre-Certified IXXAT Safe T100
Thanks for your attention!
Twincomm
de Olieslager 44 T +31-40-2301.922
5506 EV Veldhoven E [email protected]
the Netherlands I www.twincomm.nl
Please visit us at booth 15