Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Safety Application Example
Using the MSR57P Relay in a Safety Architecture to Monitor Machine Motor Speed
TUIntroduction UT ..............................................................................................1 TUImportant User Information UT.....................................................................2 TUGeneral Safety Information UT .....................................................................2 TUControl of Hazardous EnergyUT .................................................................3 TUDescriptionUT ...............................................................................................3 TUExample Bill of MaterialUT...........................................................................8 TUSetup and WiringUT .....................................................................................9 TUConfigurationUT .........................................................................................10 TUSmartGuard 600 Logic...........................................................................14 TUAdditional Resources UT ............................................................................19
TIntroduction TThe MSR57P is a speed monitoring safety controller. This application
example describes how to connect and configure the MSR57P Speed
Monitoring Relay in an application where the MSR57P only monitors the
speed of a motor. The safety functions are performed by another safety
controller, the SmartGuard 600 controller.
2 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
TImportant User InformationT Solid state equipment has operational characteristics differing from those
of electromechanical equipment. Safety Guidelines for the Application,
Installation and Maintenance of Solid State Controls (publication
HTUSGI-1.1 UTH available from your local Rockwell Automation sales office or
online at HTUhttp://literature.rockwellautomation.comUTH) describes some
important differences between solid state equipment and hard-wired
electromechanical devices. Because of this difference, and also because
of the wide variety of uses for solid state equipment, all persons
responsible for applying this equipment must satisfy themselves that
each intended application of this equipment is acceptable.
In no event will Rockwell Automation, Inc. be responsible or liable for
indirect or consequential damages resulting from the use or application
of this equipment.
The examples and diagrams in this manual are included solely for
illustrative purposes. Because of the many variables and requirements
associated with any particular installation, Rockwell Automation, Inc.
cannot assume responsibility or liability for actual use based on the
examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect
to use of information, circuits, equipment, or software described in this
manual.
Reproduction of the contents of this manual, in whole or in part, without
written permission of Rockwell Automation, Inc., is prohibited.
TGeneral Safety InformatioTTnT Throughout this manual, when necessary, we use notes to make you
aware of safety considerations.
Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss.
Identifies information that is critical for successful application and understanding of the product.
Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.
Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 3
This application example is for advanced users and assumes that you are trained and experienced in safety system requirements.
A risk assessment should be performed to make sure all task and hazard combinations have been identified and addressed. The risk assessment may require additional circuitry to reduce the risk to a tolerable level. Safety circuits must take into consideration safety distance calculations which are not part of the scope of this document.
Contact Rockwell Automation to find out more about our safety risk
assessment services.
TControl of Hazardous Energy T The primary method for the control of hazardous energy is
through a process known as lockout/tagout. Power is removed by
mechanical means and locked in the off state. The primary method
must be used when servicing and maintaining a machine. Refer to
the standards ANSI Z244.1, EN1037, or ISO 14118 for information on
lockout/tagout.
Users should always follow appropriate lockout/tagout standards when using this equipment.
The secondary method for the control of hazardous energy is through a
process known as safeguarding. Power is removed temporarily by
electromechanical or electronic means. Safeguarding can be used when
access to the hazard is integral to the production process. This
application example describes the safeguarding method for tasks that are
integral to the manufacturing process.T
Description
A machine, conveyor, or other type of hazard is enclosed with perimeter
guarding. Access to the machine is through one safety gate that has a
guardlocking interlock to control access. Personnel must perform certain
tasks periodically on the machine to assist in the manufacturing process.
During some of these tasks, the machine must be moving, and the speed
of the machine must be maintained within a specified, limited range.
Publication SAFETY-AT025A-EN-P – March 2010
4 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
The machine can be placed in two modes of operation, assist and
production, by the means of a selector switch. Selection of the mode is
through a key-operated selector switch. If assist mode is selected, the
operator should remove the key to prevent someone else from returning
the machine to the production state.
In assist mode, personnel can access the machine. To verify the success
of the assist tasks, the motor can run at a limited speed provided the
operator uses an enabling device, such as a GripSwitch to start and stop
the machine.
In production mode, the safety gate must be closed and locked for the
motor to accelerate beyond a ‘standstill’ speed. Access to the machine is
allowed only when the motor is running below a ‘standstill’ speed. The
standstill speed is a speed greater than zero but slow enough to be
considered ‘safe’ while operators are present.
The user must perform a risk assessment to determine the standstill speed and the upper limit of the safe operating speed (safe limited speed) during assist mode.
The MSR57P speed monitoring safety relay is used to monitor the motor
speed. The MSR57P issues one safety output when the motor has
achieved a standstill speed and a second safety output when the motor
has exceeded the safe limited speed used during assist. The SmartGuard
600 controller receives the safety signals from the MSR57P relay and
determines when to use these signals to achieve the safety function.
The MSR57P is set to the operating mode called Safe Limited Speed –
Status Only. In this mode, the MSR57P plays a supporting role in that it
monitors the speed of a motor (or other device) and reports the status to
another controller. The status signals are safety-rated signals in that they
are redundant and designed to fail to a safe state in the presence of faults.
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 5
Safety Function
The safety functions described below must apply.
Mode Selection
• Changing mode selection shall command the motor to stop if
running.
• Changing mode selection shall not command the motor to run if
stopped.
Production Mode
The Production/Assist switch is set to production. The following
conditions must exist:
• The safety gate must be closed and locked for the motor to run faster
than the standstill speed.
• When the safety gate closes, the motor does not start.
• The start and stop switches on the control panel are active and the
GripSwitch is inactive.
• The motor can run at any speed.
• When the motor speed drops below the standstill speed, the safety
gate lock release becomes enabled. The gate can be unlocked by the
rotary switch. The gate can then be opened.
Assist Mode
The Production/Assist switch is set to assist. The following conditions
must exist:
• The start and stop switches on the control panel are inactive.
• The safety gate lock release is enabled; the gate can be unlocked by
the rotary switch. The gate can be opened.
• The motor cannot be run at a speed faster than 600 revolutions per
minute.
• An audible warning shall be provided for 3 seconds before the motor
starts.
Publication SAFETY-AT025A-EN-P – March 2010
6 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
Block Diagram
TThe block diagram below shows the components that make up this
application example. The MSR57P relay, operating in Status Only mode
reports the speed of the motor to the SmartGuard 600 controller. The
SmartGuard 600 controller receives inputs from the gate interlock, the
GripSwitch, and the start/stop controls. Under the proper conditions, the
SmartGuard controller enables the PowerFlex 70 drive to turn the motor
on under full production control or under a limited speed during assist
operations. The SmartGuard 600 controller also turns on the audio
warning just prior to the motor starting in assist mode.
An illuminated lock release switch is used to notify the user when the
gate can be unlocked.
T Note that this application does not describe the control function that
controls the speed of the motor under production conditions.T
T
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 7
Timing Diagram
The MSR57P relay’s safety mode is set to Safe Limited Speed –Status
Only. To achieve the desired safety functionality, the MSR57P safety
status signals are used by the SmartGuard 600 slightly different than
illustrated in the MSR57P user manual, publication HTU440R-UM004UTH.
When the MSR57P relay plays a primary role in speed control, it can be
configured to use the GripSwitch while the speed is below the Safe
Limited Speed (SLS) value. In this application example, the SmartGuard
600 lets the GripSwitch be used when the speed exceeds the Safe
Limited Speed value. The Safe Limited Speed parameter is used to
indicate standstill, a condition that does not require a GripSwitch.
The MSR57P user manual describes the use of the Safe Maximum Speed
(SMS) parameter as a production maximum speed. In this application
example, it is used as the safe maximum assist speed.
The timing diagram shows the relation of the input and output signals of
the MSR57P relay as a function of the motor speed.
The motor starts at zero speed�. The Safe Limited Speed (SLS) and
Safe Speed (SS) outputs are both high – meaning it can be run in both
assist and production modes. When the speed exceeds 50 RPM�, the
SLS_Outputs go low, while the SS_Outputs remain high. In this case, if
the mode were set to assist, the GripSwitch would be required to run the
motor.
When the motor speed exceeds the Safe Maximum Speed (SMS) set
value�, the SS_Outputs go low. In this case, if the mode were set to
assist, the motor would stop. While the speed exceeds the SMS value, a
pulse generator in the SmartGuard starts cycling the SS_Inputs� to try
to reset the MSR57P relay.
When the motor speed drops below the SMS value�, the MSR57P relay
resets and the SS_Outputs go high. As the motor speed drops and falls
below SLS�, the SLS_Outputs go high. The SLS signals indicate the
machine is at standstill, and the SmartGuard 600 controller enables the
safety gate to be unlocked. If the motor speed increases beyond SLS
(50RPM)�, the SLS signal goes low, and the SmartGuard controller
disables the lock on the safety gate.
Publication SAFETY-AT025A-EN-P – March 2010
8 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
Example Bill of Material This application example uses these components Catalog Part Number Description Quantity
440R- S845AER-NNL MSR57P Speed Monitoring Safety Relay 1
1752-L24BBB SmartGuard 600 Safety Controller 1
20AB-2P2A3AYNNNG1 PowerFlex 70 AC Drive with Safe-off 1
1585J-M8R-2M5 RJ45 Encoder Cable to MSR57P 1
440J-N2NTMPC 889D-F4AC-10
GripSwitch with 4 Pin M12 Connector Cordset, 4 Pin, M12, 10m
1 1
440G-T27181
TLS3-GD2 Guardlocking Gate Interlock Switch with fully flexible actuator, 24VAC/DC solenoid
1
845T-DZ42PEN-1 Incremental Encoder, 3000PPR, 11-20VDC 1
800FM-LSM23 800F-MX02V
Two position, illuminated, green, rotary switch, with 2NC low voltage contacts for lock release
800FP-KM23 800F-MX02V
Two position eject key operated rotary switch with 2NC low voltage contacts for mode select
1
800FP-SM22 800F-PX11
Two position rotary switch, 1NC + 1NO for Fed/Rev
1
800FM-F3MQ10V
Push button, Flush, Metal, Green, 1NO, Low Voltage, Spring Clamp for Start Switch
1
800FM-E4MQ10V
Push button, Extended, Metal, Red, 1NO, Low Voltage, Spring Clamp for Stop Switch
1
855H-BD30AD Horn, 24VDC, Range B, Standard Base 1
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 9
Setup and Wiring The following diagram shows the wiring required for this application.
Publication SAFETY-AT025A-EN-P – March 2010
10 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
Configuration This section describes the configuration required for the MSR57P relay
and the SmartGuard 600 controller.
TMSR57P Parameter Settings T
The parameters of the MSR57P are set by using DriveExplorer or
DriveTools software or by using a HIM module. Refer to the
Guardmaster Speed Monitoring Safety Relay user manual, publication
HTU440R-UM004UTH for details. The table below shows the parameter settings
for this application example.
Parameter # Description Values
1 Password 0
2 Reserved 0
3 Reserved 0
4 Reserved 0
5 Lock State Unlock
6 Operating Mode Run
7 Reset Defaults No Action
8 Reserved 0
9 Reserved 0
10 Signature ID 3317762599
11 Reserved 0
12 Reserved 0
13 New Password 0
14 Reserved 0
15 Reserved 0
16 Reserved 0
17 Password Command No Action
18 Security Code 256
19 Vendor Password 0
20 Cascaded Config Single
21 Safety Mode Lim Spd Stat
22 Reset Type Automatic
23 Reset Loop Disable
24 OverSpd Response 42
25 Language Code English
26 Max Display Spd 1800
27 Fbk Mode Single Fbk
28 Fbk 1 Type Incremental
29 Fbk 1 Units Rev
30 Fbk 1 Polarity Normal
31 Fbk 1 Resolution 3000
32 Fbk 1 Volt Mon 0
33 Fbk 1 Speed 0.0
34 Fbk 2 Units Rev
35 Fbk 2 Polarity Normal
36 Fbk 2 Resolution 0
37 Fbk 2 Volt Mon 0
38 Fbk 2 Speed 0
39 Fbk Speed Ratio 0
40 Fbk Speed Tol 0
41 Fbk Pos Tol 0
42 Direction Mon Disable
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 11
Parameter # Description Values
43 Direction Tol 10
44 Safe Stop Input 2 OSSD 3s
45 Safe Stop Type Torque Off
46 Stop Mon Delay 0
47 Max Stop Time 0
48 Standstill Speed 0.001
49 Standstill Pos 10
50 Decel Ref Speed 0
51 Stop Decel Tol 0
52 Lim Speed Input 2 OSSD 3s
53 LimSpd Mon Delay 0
54 Enable SW Input Not Used
55 Safe Speed Limit 50
56 Speed Hysteresis 80
57 Door Out Type 2Ch Sourcing
58 DM Input Not Used
59 Lock Mon Enable Disable
60 Lock Mon Input Not Used
61 Max Speed Enable Enable
62 Safe Max Speed 600
63 Max Spd Stop Typ Torque Off
64 Max Accel Enable Disable
65 Safe Accel Limit 0
66 Max Acc Stop Typ Torque Off
67 Fault Status –
68 Guard Status –
69 IO Diag Status –
70 Config Flt Code –
71 MP Out Mode No Pulse Test
72 SS Out Mode Pulse Test
73 SLS Out Mode Pulse Test
74 Door Out Mode Pulse Test
SmartGuard 600 Configuration
The SmartGuard 600 controller performs the primary safeguarding
functions. The following sections show the input, test output and output
settings.
Publication SAFETY-AT025A-EN-P – March 2010
12 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
Local Input Settings
Test Output
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 13
Local Output Settings
PowerFlex 70 Configuration
The PowerFlex 70 has several hundred parameters. The table below
shows the essential parameters for this application example.
Parameter #
Description Values Comment
1:0.93 Speed Ref B Sel Preset Spd1 Sets the safe limited speed
1:0.94 Speed Ref B Hi 60.0 Hz Sets the maximum level of the speed reference – must be greater than 10Hz
1:0.95 Speed Ref B Hi 0 Hz Sets the maximum level of the speed reference – must be less than 10Hz
1:0.101 Preset Speed 1 10 Hz Sets the safe limited speed, which must be determined by a risk assessment.
1:0.361 Digital In1 Sel 8 Run Forward
1:0.362 Digital In2 Sel 9 Run Reverse
1:0.363 Digital In3 Sel 15 Speed Sel 1 Terminal 3 is the input for Safe Limit Speed
1:0:366 Digital In6 Sel 1 Enable Terminal 6 is the Enable Signal
1:0.380 Digital Out1 Sel 4 Run Signal that Drive is running.
Publication SAFETY-AT025A-EN-P – March 2010
14 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
SmartGuard 600 Logic This section shows the logic required for the various functions that make
up this application example.
Start/Stop Logic
The machine can be started in either production mode (P_Start) or assist
mode (A_Start).
The production start and stop push buttons have momentary operators
and normally open contacts. The production buttons are mounted on the
main control panel. The heart of this logic is the RS-Flip Flop logic block
[33]. Pressing the start button sets the flip-flop and turns the motor on.
Pressing the stop button resets the flip-flop and turns the motor off.
Blocks 6 and 7 are needed as an electrical interlock to turn the P_Start
signal on only when the mode is set to production. Block 32 turns P-Start
off when either the production stop button is pressed or when the
operator switches the mode selection to assist.
During assist, the motor can start only when all three conditions listed
below exist [25]:
• The mode must be set to assist.
• The operator must hold the 3-position GripSwitch in the center
position.
• The motor cannot be running too fast; that is, it may not exceed
the limited speed.
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 15
Enable Drive Logic
In this application, a TLS3-GD2 guardlocking interlock is installed on
the safety gate. To check for potential shorts that would otherwise
compromise the integrity of the safety system, the gate and lock signals
are connected to pulsed outputs from the SmartGuard 600 controller.
Mode selection is accomplished by a key-operated, dual-channel, rotary
switch that is connected to pulsed outputs of the SmartGuard controller
(to check for potential shorts). The operator should place the machine in
assist mode and remove the key from the switch to prevent someone
from inadvertently placing the machine back into production mode
during the assist function.
The PowerFlex 70 drive is enabled by two signals: Safe-off and Drive
Enable. The drive is enabled by Block 22 in three cases.
• The gate interlock is closed and locked (during production
mode).
• The motor speed is at standstill (the gate can be opened).
• The mode is set to assist and the motor is not turning too fast
(faster than the allowed speed).
Under all of these conditions, the EDM block [23] requires the Safe-off
signal to be high (feedback circuit closed) before enabling the drive.
Publication SAFETY-AT025A-EN-P – March 2010
16 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
MSR57P Reset Logic
The MSR57P relay monitors the speed of the motor. If the motor exceeds
the safe maximum speed, then its safety outputs (SS_Ch1 and SS_Ch2)
turn off, going from 24V to 0V. In order to turn these safety outputs back
on, the Safe Stop (SS) input must be cycled off and then back on. This is
accomplished in the SmartGuard controller by using a pulse generator
block [19]. The parameters of the pulse generator are set to
500 ms on and 500 ms off.
The pulse generator turns the To_SS_Input signals on and off
continuously until the MSR57P relay determines that the motor is
running below the safe maximum speed. With the MSR57P relay set for
automatic reset, it continuously tries to reset itself. Once the speed drops
below the safe maximum speed limit, the pulse generator turns off.
When the speed is below the safe maximum speed limit, a NotToFst (Not
Too Fast) signal is generated. This signal is used to enable the drive
during assist mode.
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 17
Drive Start Power and Warning
In assist mode, we want an audible warning for 3 seconds before the
motor starts. If multiple people are performing assist tasks on the
conveyor, and one person wants to run the machine, the person starting
the machine must notify everyone else that the machine is going to start.
In case everyone is not informed, an audible signal announces that the
machine is going to start, and personnel can get out of harms way. In
production mode, the warning is not needed, as no one should be in the
cell.
Blocks 31 and 37 let the motor start in production mode with no delay. In
assist mode, the AsstStrt (assist start) signal sets an RS-FF [30] that turns
on the audible alarm. At the same time, it starts a delay timer [29] that
waits 3000 ms before starting the motor. After the motor starts, Digital
Output 1 of the PowerFlex 70 drive resets the
flip-flop and turns the audible alarm off.
Publication SAFETY-AT025A-EN-P – March 2010
18 Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed
Motor Start
The application requires the motor to start in both production mode and
assist mode. By inverting the assist mode in block 9, a production mode
signal is created. This signal is ANDed in block 35 with the P_Start
(production start) signal. Similarly, the assist mode signal is ANDed with
the A_Start (assist start) signal in block 27. Both signals are ORed in
block 36 to create the MtrStrt (motor start) signal.
Standstill
The application requires access through the guardlocking gate when the
conveyor is at standstill (very low speed) or in assist mode.
The MSR57P relay generates the Safe Limited Speed (SLS) signals when
the speed of the motor is below the SLS limit. In this application
example, the SLS signals are 24V when the speed is below 50 rpm. This
is considered standstill for this application example and the gate can be
unlocked.
When the Assist/Prod switch is set to assist, the gate can also be opened.
Publication SAFETY-AT025A-EN-P – March 2010
Using the MSR57 in a Safety Architecture to Monitor Machine Motor Speed 19
Additional Resources For more information about the products used in this example, refer to
these resources.
Resource Description
HTU440R-UM004UTH
Guardmaster MSR57P Speed Monitoring Safety Relay User Manual
HTU1752-UM001UTH SmartGuard 600 Controllers User Manual
HTU1752-RM001UTH SmartGuard 600 Controllers Safety Reference Manual
HTU20A-UM001UTH PowerFlex 70 AC Drives User Manual
HTUS116-CA001UTH
Safety Products Catalog provides information on TLS-GD2 Guardlocking Interlocks and Enabling Grip Switches
You can view or download publications at
HTUhttp://literature.rockwellautomation.comUTH. To order paper copies of
technical documentation, contact your local Rockwell Automation
distributor or sales representative.
Publication SAFETY-AT025A-EN-P – March 2010
Rockwell Automation, Allen-Bradley, Guardmaster, DriveTools, DriveExplorer, PowerFlex, and SmartGuard are trademarks of Rockwell Automation, Inc.
Trademarks not belonging to Rockwell Automation are property of their respective companies.
Publication SAFETY-AT025A-EN-P – March 2010
Copyright © 2010 Rockwell Automation, Inc. All rights reserved. Printed in U.SA