TwinSAFE –

Scalable Safety Solutions

Dr. Guido Beckmann

Technology Marketing

TwinSAFE – Integration of Functional Safety

From Safety Relais Logic…

From Safety Relais Logic… to Modern Safety Concepts

Fast reaction

applicable for high dynamic drive architecture

Simplified System

better clarity

simple cabling

simple extension of the system

better diagnosis

and therefore: higher safety

Pre-tested safety functions within the devices according to the

legal standards

Lower costs

Advantages of Safetybus systems

Safe data exchange

Communication must be finished

within the watchdog time

Copying data in

TwinCAT

Safe Logic

Safe input Safe Output

Safe Drive

Safety-over-EtherCAT protocol / FSoE - Frame

TwinSAFE

CMDSafe

DataCRC_0

Safe

DataCRC_1 Conn ID

Ethernet

Header

EtherCAT

Header

1. Data-

gram

2. Data-

gramFSC

FSoE Frame

Safety-over-EtherCAT Frame is integrated in standard communication

Communication between machines with TwinSAFE

Machine A Machine B Machine C

Safety over

EtherCAT

Safety over

EtherCAT

Safety over EtherCAT – Open Technology

Safety

Input

Safety

Logic

Safety

Output Sensor(s) Actuator(s)

TwinSAFE

TwinSAFE PLC

Drives

Compact Controller

TwinSAFE In TwinSAFE Out

TwinCAT Safety PLC

Safety Function

TwinSAFE System

TwinSAFE I/O

TwinSAFE I/O

TwinSAFE

EL1904 Configuration

Operational Modes:

Digital

Logic of Channels:

Single logic

OSSD signals (dual-channel)

asynchronous pulses, inactive

sensor testing

OSSD signals (dual-channel) any

pulse repetition, inactive sensor

testing

Short circuit detection does not

cause a module error

EL1904 operation modes

EP1908 Configuration

Logic of Channels:

Single logic

OSSD signals (two channel)

asynchronous pulses

OSSD signals (two channel) any

pulse repitition

Cross-circuit detection

cause no module fault

Standstill monitoring/

Overspeed detection (1-channel, 2-

channel, Encoder, synchron,

asynchron)

Frequency limit 2 – 500 Hz

EP1908 operation modes

EL2904 Configuration

Standard outputs active:

- Standard outputs are logically AND

connected with the safety outputs

Current measurement active:

- Setting allows the user to use a

common ground for the safety

outputs

Testing of outputs active:

- Test pulses of the safety outputs can

be deactivated

EL2904: Safety output terminal

0,5 A, 24 V DC

EK1914 Configuration

Inputs:

Single logic

OSSD

(async./sync.)

Short circuit does

not cause a module

fault

Outputs:

- Standard outputs active

- Testpulses active

EK1914: TwinSAFE bus coupler

TwinSAFE I/O

TwinSAFE PLC

TwinSAFE

EL6900: TwinSAFE logic terminal

Logic terminal (no local outputs)

Developed

and certified

according to

EN 61508 SIL3

DIN EN ISO 13849-1 PL e

NRTL, UL508, UL1998, UL991

EN 81 (as applicable)

EN 13243 (as applicable)

2006/42/EC Machinery Directive

TwinSAFE

configura-

tion

255 Function blocks

128 Connections

14 FB types

Min. WD Time 1ms

Complete diagnosis in EtherCAT process-

image (configurable)

High Performance

Short reaction times

High

diagnostic

coverage

Communication error

Terminal error

Processor error

Under-/Overvoltage

Temperature monitoring

EL6910: TwinSAFE logic terminal

Logic terminal (no local outputs)

Developed

and certified

according to

IEC 61508:2010 SIL3

EN13849-1 (Cat.4 / PL e)

2006/42/EC Machinery Directive

TwinSAFE

configura-

tion

512 function blocks

212 connections

14 FB types Bool + 14 FB types analog

Min. WD Time 1ms

Complete diagnosis in EtherCAT process

image (configurable)

High performance

Short reaction times

Support of TwinSAFE SC

Support of analog processing

High

diagnosis

coverage

Communication error

Controller error

Processor Error

Temperature monitoring

Upgrade

21.06.2016 24

TwinSAFE – TwinSAFE Logic terminal EL6910

TwinSAFE

TwinSAFE

TwinSAFE SC

analogStandard

analog / digitalDrives

3rd party encoder

3rd party drive

3rd party drive

XCAD Interface Safety

Customization

TwinSAFE Loader

EtherCAT Box

Boolean Function Blocks

EL6900

Integer Function Blocks

with EL6910

Function Blocks for TwinSAFE PLC

TwinSAFE

New

Example: Function Block Compare

Comparison of integer values

• Up to 5 integer values can be

connected

• Evaluation 1oo2, 2oo3, 3oo5

• Maximum tolerance configurable

• tolerance-time configurable. In case of

deviation, the error reaction is delayed

by the tolerance time.

• CompOut contains the „voted“ value

TwinSAFE Customization of projects

TwinSAFE

Group 1

Group 2

Group 3

Group 4

Group 5

EK1960: TwinSAFE Compact Controller

NEW

EK1960: TwinSAFE Compact Controller

TwinSAFE Compact Controller

Developed

and certified

according

to

EN 61508 SIL3

DIN EN ISO 13849-1 PL e

2006/42/EC Machinery

Directive

TwinSAFE

configura-

tion

512 function blocks

127 connections

20 safe inputs

24 safe outputs 2A

(simultaneity factor 50%)

Complete diagnosis in

EtherCAT process image

(configurable)

Short reaction times

Support of TwinSAFE SC

Support of analog values

Use cases Stand alone

(Logic and I/O only local)

Decentral safe I/O

(additional I/Os)

Decentral Logic and safe I/O

(additional I/Os)

TwinSAFE I/O

TwinSAFE Motion

TwinSAFE

AX5805 Integrated Safety in the Drive

AX5805 Safety Option Card for AX5xxx-0000-0200

Certified to PL e

(ISO13849-1) for all

safety functions!

Stopping Functions:

STO – Safe torque off

SS1 – Safe Stop 1 -> STO

Limiting Functions:

SS2 – Safe Stop 2 -> SOS

SOS – Safe Operating Stop

SSM – Safe Speed Monitor

SLx – Safe Limited …

SLS – speed

SLP – position

SxR – Safe … Range

SAR – acceleration

SSR – speed

SMx – Safe maximum …

SMA – acceleration

SMS – speed

SDI – Safe Direction

No additional contactors required!

TwinSAFE

AX8xxx-0100: TwinSAFE axes modules

Safety-Integration

Pre-configured safety digital inputs (STO – default)

Safety over EtherCAT according to IEC 71684-3-12

Safety functions with PLe according to EN ISO 13849-1:2008

Safety Drive Functions according to EN IEC 61800-5-2: 2008

Support of ETG.6100 Safety Drive Profile

Safe Brake Control (SBC)

Safely-limited Torque (SLT)

TwinSAFE

NEW

Servo terminal with STO

NEWUltra-compact Servo Terminal

• EL7201-9014: 50V DC, 2,8A

EL7211-9014: 50V DC, 4,5 A

• Safe Torque Off (STO) via digital input

according to DIN EN ISO 13849 Cat 3, PL d

Servo terminal with STO –

drastically simplifies installation

STO with

standard

Servo Terminal

STO integrated

in Servo Terminal

TwinSAFE SC

TwinSAFE SC

Single Channel components

TwinSAFE

TwinSAFE SC – making use of standard signals

TwinSAFE SC (Single Channel) approach

Using standard input terminals

+ data validation/monitoring with TwinSAFE SC protocol

+ multi-channel processing in Safety Logic

---------------------------------------------------------------------------

= Safety processing

up to PL d / Cat.3 acc. EN ISO 13849-1

or SIL 2 acc. EN62061

Upgrade of standard terminals with TwinSAFE SC

functionality

For safety reasons at least one TwinSAFE SC component

is required

Full flexibility: standard sensors can be used

TwinSAFE

Motor

Encoder EL5021 PCBlackChannelEncodersignal

AktorEL2904EL6910

Antrieb

Motorwelle

MotorleitungStandard Feldbus

Ist-Geschwindigkeit

TwinSAFE SC – Example Safely-limited Speed SLS

position signal of a

TwinSAFE SC terminal

speed signal of a drive

Safely-limited Speed

SLS

safeSpeed

safeScaling

safeCompare safeLimit

Safely-limited Speed

SLS

TwinSAFE SC terminals

EL5021-0090 sin/cos

EL6224-0090 IO-Link

EL3314-0090 Thermocouple

EL3124-0090 4-20mA diff.

EL3214-0090 PT100

EL5101-0090 Incremental encoder RS422

EP3174-0092 ±10 V or 0/4…20 mA

TwinSAFE SC

TwinSAFE

Safety Editor – integrated in TwinCAT/VisualStudio

TwinSAFE –

Scalable Safety Solutions

Dr. Guido Beckmann

Technology Marketing