Tuesday, November 07, 2006
Servo drives take control of machine safety
Drive-based safety is a further evolution of the concept of drive-based automation, in which intelligence is built into decentralised drives.
In the past, developments in machine safety have added to machine complexity and cost. Now the tide has turned and safety functionality related to drives can actually reduce costs. One of the main requirements for machine safety is to control the potential hazards from moving parts.
If these movements are controller by servo drives - as is often the case with high speed precision machinery - the technology now exists to implement drive-based safety.
This philosophy, for which products fully approved by TUV are available, is a further evolution of Lenze's concept of drive-based automation, in which intelligence is built into decentralised drives, enabling them to perform many of the functions traditionally handled by motion controllers and/or PLCs (programmable logic controllers) or other control systems.
With drive-based safety, the drive is additionally able to perform safety functions that would otherwise require multiple safety relays, monitoring units and a dedicated speed/position sensor.
Starting with the machine builder or system integrator (SI), there is no longer a need to specify a number of different safety relays and monitors for use with emergency stop switches, safety light curtains and similar safety components, as all of these can be connected directly to the drive.
Furthermore, if a Profibus DP industrial fieldbus network is employed and the Profisafe option is selected, wiring can be simplified as well.
With the elimination of multiple safety relays and monitors, the requirement for cabinet space is reduced and, ultimately, so is the need for factory floor space.
If the designer also has to make provision for slow-speed running, hold-to-run or single-cycle operation, these are all far easier to implement using drive-based safety than by traditional methods, as the engineering is carried out largely in software instead of hard-wiring safety relays and monitors.
Machine builders and system integrators working on complex machinery are increasingly conforming to IEC/EN61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems), rather than the simpler BS EN954-1 (Safety of machinery, Safety related parts of control systems, General principles for design) - which in fact does not permit the use of programmable safety systems.
IEC/EN61508 is soon to be complemented by a daughter standard for machinery (IEC62061 - Safety of machinery, functional safety of safety-related electrical, electronic and programmable electronic control systems), and both of these standards require the designer of the safety-related electrical control system (SRECS) to calculate the safety integrity level (SIL).
These calculations take account of factors such as the mean time to failure (MTTF) and, inevitably, the overall reliability of a system is adversely affected by high numbers of components.
In extreme cases, a complex safety system will require individual components of a higher SIL rating (which are therefore more expensive) than comparable components performing the same role within a less complex system, simply in order to achieve the required overall SIL rating.
However, by using drive-based safety and replacing numerous discreet safety relays and monitors with a single programmable module within the drive, the SIL calculations are simplified and there is a reduced possibility that higher integrity safety components will be called for - thereby potentially saving cost for the machine builder.
Other savings during the design phase accrue from a faster, easier design cycle, and simplified design verification and documentation.
Many of the major advantages of drive-based safety, however, are enjoyed by the end user.
With manufacturers today needing to optimise production, any saving in machine cycle time, however small, has a finite value.
When the safety functions are integrated within the drive, the safety system response time is faster than for a comparable circuit using conventional safety technology.
Stopping times are therefore shorter and, for example, safety light curtains can be positioned closer to the hazard; if an operator needs access via the light curtain for every machine cycle, the resultant time saving can amount to a considerable increase in throughput.
Furthermore, a facility for slow-speed operation can enable an operator to enter an area that would normally be classified as hazardous in order to rectify a problem without halting production.
In complex manufacturing systems - such as automotive production lines - it is hugely beneficial to keep the line running, even if one section is temporarily operating at reduced speed.
Whether the line is running at reduced speed or stopped altogether, drive-based safety also enables a faster startup to be achieved once the cause of the interruption has been removed.
A particular advantage of drive-based safety is that the power is not disconnected from the drive during a stop; this is important because it avoids having to wait for the drive's capacitors to recover and for the drive to be ready for use again.
Again, for plants where downtime is very expensive, seconds or even milliseconds saved on each interruption can add up to a substantial saving in the long term.
Another benefit for the end user is the extended life of the drive.
Disconnecting and reconnecting power causes premature aging of some internal components, but drive-based safety avoids this problem because the power is not routinely disconnected.
Currently Lenze is offering drive-based safety on the L-force 9400 series of servo drives that are rated from 0.37 to 11kW, and the intention is to launch models rated up to 400kW by the end of 2006.
All L-force 9400 series drives can have the safety modules installed, and there is scope to introduce more safety modules with additional or alternative functionality in the future.
Because the servo drives will operate with suitable motors from any manufacturer, the concept of drive-based safety is equally applicable to machine upgrades and new-builds.
Already DaimlerChrysler in Germany, a Technology Product Partner with Lenze, has installed a number of L-force 9400 drives with safety modules, and the benefits have been clearly demonstrated.
By implementing drive-based safety within a bodyshell manufacturing plant to achieve a 'safe torque off', the station cycle time has been reduced by an astonishing 46s.
Clearly drive-based safety offers major advantages for machine builders, system integrators and end users, but interested readers will want to know how this is achieved.
With the Lenze L-force 9400 servo drive, one of the beauties of the system is the simple plug-in module that delivers the safety functionality.
There are currently two types of module available, the SM 100 that provides a 'safe torque off' function and the SM 300 that is far more capable.
For applications that simply require 'safe torque off' (previously referred to as 'safe standstill') activated via a single emergency stop switch or other passive sensor - or multiple sensors connected in series - the SM 100 is a highly cost-effective module that delivers many of the advantages of drive-based safety.
It is suitable for use with safety related control systems conforming to the requirements of BS EN954-1 Category 4 or IEC/EN61508 SIL 3.
In addition to the safety input, this module has a single-channel output (for signalling to a PLC, for example) and two diagnostic LEDs.
The 'safe torque off' function of the SM 100 and SM 300 modules simply enables the torque to be removed from the motor so that it runs down to zero speed.
In fact control of the motor is retained by the intelligence within the drive at all times, and the safety module acts as a monitor to check that both the drive and motor are behaving as expected.
Should any deviation from the norm be detected, both gate drivers for the power stage of the drive are switched off by the fail-safe logic within the safety module.
Greater functionality is provided by the SM 300 safety module, which is approved for use in safety related control systems meeting the requirements of BS EN954-1 Category 3 or IEC/EN61508 SIL 3.
In addition to a 'safe torque off', the module also provides a Type 1 safe stop (in which the motor is ramped down to a controlled stop and the torque is then removed) and a Type 2 safe stop (in which the motor is ramped down to a controlled stop and the torque is then used to actively maintain zero speed - which also enables immediate resumption of an interrupted operation).
Other functions provided by the SM 300 are a 'safely limited speed' (reduced speed) operation, a 'safe tip' (hold-to-run) mode, a 'safe direction' mode (the motor is permitted to turn in one direction only) and a 'safely limited increment' mode.
In this last mode the motor moves in response to an input signal, but only for a limited increment before a safe stop (Type 1 or 2) is applied; after the predefined incremental move has been completed, another input signal is required before the next predefined incremental move is performed.
Programming the safety functions is a matter of setting the relevant parameters using the Lenze L-force Engineer windows-based programming software, and security measures are built in to ensure that the safety parameters are correctly transferred from the PC to the drive.
When the parameters have been entered on the PC, they are assembled into a frame with checksums; the values are then transferred to both the drive memory module and the safety module.
User-friendliness is becoming a major factor for machine builders today, and there are other patterns emerging in the field of drive technology.
Dr Erhard Tellbuscher, Chief Executive Officer at Lenze, comments: 'We are seeing a new trend towards safety being integrated within drive products for two reasons: the technical and economical benefits'.
'DaimlerChrysler, for example, will use our drive-based safety products on their production lines'.
In the past, developments in machine safety have added to machine complexity and cost. Now the tide has turned and safety functionality related to drives can actually reduce costs. One of the main requirements for machine safety is to control the potential hazards from moving parts.
If these movements are controller by servo drives - as is often the case with high speed precision machinery - the technology now exists to implement drive-based safety.
This philosophy, for which products fully approved by TUV are available, is a further evolution of Lenze's concept of drive-based automation, in which intelligence is built into decentralised drives, enabling them to perform many of the functions traditionally handled by motion controllers and/or PLCs (programmable logic controllers) or other control systems.
With drive-based safety, the drive is additionally able to perform safety functions that would otherwise require multiple safety relays, monitoring units and a dedicated speed/position sensor.
Starting with the machine builder or system integrator (SI), there is no longer a need to specify a number of different safety relays and monitors for use with emergency stop switches, safety light curtains and similar safety components, as all of these can be connected directly to the drive.
Furthermore, if a Profibus DP industrial fieldbus network is employed and the Profisafe option is selected, wiring can be simplified as well.
With the elimination of multiple safety relays and monitors, the requirement for cabinet space is reduced and, ultimately, so is the need for factory floor space.
If the designer also has to make provision for slow-speed running, hold-to-run or single-cycle operation, these are all far easier to implement using drive-based safety than by traditional methods, as the engineering is carried out largely in software instead of hard-wiring safety relays and monitors.
Machine builders and system integrators working on complex machinery are increasingly conforming to IEC/EN61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems), rather than the simpler BS EN954-1 (Safety of machinery, Safety related parts of control systems, General principles for design) - which in fact does not permit the use of programmable safety systems.
IEC/EN61508 is soon to be complemented by a daughter standard for machinery (IEC62061 - Safety of machinery, functional safety of safety-related electrical, electronic and programmable electronic control systems), and both of these standards require the designer of the safety-related electrical control system (SRECS) to calculate the safety integrity level (SIL).
These calculations take account of factors such as the mean time to failure (MTTF) and, inevitably, the overall reliability of a system is adversely affected by high numbers of components.
In extreme cases, a complex safety system will require individual components of a higher SIL rating (which are therefore more expensive) than comparable components performing the same role within a less complex system, simply in order to achieve the required overall SIL rating.
However, by using drive-based safety and replacing numerous discreet safety relays and monitors with a single programmable module within the drive, the SIL calculations are simplified and there is a reduced possibility that higher integrity safety components will be called for - thereby potentially saving cost for the machine builder.
Other savings during the design phase accrue from a faster, easier design cycle, and simplified design verification and documentation.
Many of the major advantages of drive-based safety, however, are enjoyed by the end user.
With manufacturers today needing to optimise production, any saving in machine cycle time, however small, has a finite value.
When the safety functions are integrated within the drive, the safety system response time is faster than for a comparable circuit using conventional safety technology.
Stopping times are therefore shorter and, for example, safety light curtains can be positioned closer to the hazard; if an operator needs access via the light curtain for every machine cycle, the resultant time saving can amount to a considerable increase in throughput.
Furthermore, a facility for slow-speed operation can enable an operator to enter an area that would normally be classified as hazardous in order to rectify a problem without halting production.
In complex manufacturing systems - such as automotive production lines - it is hugely beneficial to keep the line running, even if one section is temporarily operating at reduced speed.
Whether the line is running at reduced speed or stopped altogether, drive-based safety also enables a faster startup to be achieved once the cause of the interruption has been removed.
A particular advantage of drive-based safety is that the power is not disconnected from the drive during a stop; this is important because it avoids having to wait for the drive's capacitors to recover and for the drive to be ready for use again.
Again, for plants where downtime is very expensive, seconds or even milliseconds saved on each interruption can add up to a substantial saving in the long term.
Another benefit for the end user is the extended life of the drive.
Disconnecting and reconnecting power causes premature aging of some internal components, but drive-based safety avoids this problem because the power is not routinely disconnected.
Currently Lenze is offering drive-based safety on the L-force 9400 series of servo drives that are rated from 0.37 to 11kW, and the intention is to launch models rated up to 400kW by the end of 2006.
All L-force 9400 series drives can have the safety modules installed, and there is scope to introduce more safety modules with additional or alternative functionality in the future.
Because the servo drives will operate with suitable motors from any manufacturer, the concept of drive-based safety is equally applicable to machine upgrades and new-builds.
Already DaimlerChrysler in Germany, a Technology Product Partner with Lenze, has installed a number of L-force 9400 drives with safety modules, and the benefits have been clearly demonstrated.
By implementing drive-based safety within a bodyshell manufacturing plant to achieve a 'safe torque off', the station cycle time has been reduced by an astonishing 46s.
Clearly drive-based safety offers major advantages for machine builders, system integrators and end users, but interested readers will want to know how this is achieved.
With the Lenze L-force 9400 servo drive, one of the beauties of the system is the simple plug-in module that delivers the safety functionality.
There are currently two types of module available, the SM 100 that provides a 'safe torque off' function and the SM 300 that is far more capable.
For applications that simply require 'safe torque off' (previously referred to as 'safe standstill') activated via a single emergency stop switch or other passive sensor - or multiple sensors connected in series - the SM 100 is a highly cost-effective module that delivers many of the advantages of drive-based safety.
It is suitable for use with safety related control systems conforming to the requirements of BS EN954-1 Category 4 or IEC/EN61508 SIL 3.
In addition to the safety input, this module has a single-channel output (for signalling to a PLC, for example) and two diagnostic LEDs.
The 'safe torque off' function of the SM 100 and SM 300 modules simply enables the torque to be removed from the motor so that it runs down to zero speed.
In fact control of the motor is retained by the intelligence within the drive at all times, and the safety module acts as a monitor to check that both the drive and motor are behaving as expected.
Should any deviation from the norm be detected, both gate drivers for the power stage of the drive are switched off by the fail-safe logic within the safety module.
Greater functionality is provided by the SM 300 safety module, which is approved for use in safety related control systems meeting the requirements of BS EN954-1 Category 3 or IEC/EN61508 SIL 3.
In addition to a 'safe torque off', the module also provides a Type 1 safe stop (in which the motor is ramped down to a controlled stop and the torque is then removed) and a Type 2 safe stop (in which the motor is ramped down to a controlled stop and the torque is then used to actively maintain zero speed - which also enables immediate resumption of an interrupted operation).
Other functions provided by the SM 300 are a 'safely limited speed' (reduced speed) operation, a 'safe tip' (hold-to-run) mode, a 'safe direction' mode (the motor is permitted to turn in one direction only) and a 'safely limited increment' mode.
In this last mode the motor moves in response to an input signal, but only for a limited increment before a safe stop (Type 1 or 2) is applied; after the predefined incremental move has been completed, another input signal is required before the next predefined incremental move is performed.
Programming the safety functions is a matter of setting the relevant parameters using the Lenze L-force Engineer windows-based programming software, and security measures are built in to ensure that the safety parameters are correctly transferred from the PC to the drive.
When the parameters have been entered on the PC, they are assembled into a frame with checksums; the values are then transferred to both the drive memory module and the safety module.
User-friendliness is becoming a major factor for machine builders today, and there are other patterns emerging in the field of drive technology.
Dr Erhard Tellbuscher, Chief Executive Officer at Lenze, comments: 'We are seeing a new trend towards safety being integrated within drive products for two reasons: the technical and economical benefits'.
'DaimlerChrysler, for example, will use our drive-based safety products on their production lines'.
# posted by Medical Information : 1:24 AM
Subscribe to Posts [Atom]
