Abstract: This paper introduces the basic information of fail-safe functions, the fail-safe functions of Siemens' new generation motion control CPU S7-1500TF with fail-safe functions, the built-in fail-safe functions of servo drives, and a method for quickly implementing fail-safe functions of motion equipment based on the S7-1500TF CPU.
Fail-safe function overview
With the rapid development of modern manufacturing, the demand for automation in production machinery is constantly increasing. As the complexity of motion control grows, equipment safety becomes increasingly important. Manufacturers and distributors of machinery have a growing responsibility to ensure the safety of their equipment and products. This means they should design equipment, machinery, and automated control systems that meet safety standards, with fail-safe functions being particularly crucial for motion-controlled production machinery.
Beyond exported equipment, domestic automation manufacturers and related users are also beginning to focus on and raise safety requirements for machinery and equipment. Machinery manufacturers and equipment installers must ensure that the safety of machinery and equipment complies with the laws and regulations of the place of use. For example, the control systems of machinery used in the United States must comply with the regulations of OSHA (Occupational Safety and Health Administration).
Only by adhering to these relevant standards can it be reasonably presumed that the equipment has reached a safe technical level, thereby ensuring that the equipment installers and machinery/equipment manufacturers have fulfilled their relevant obligations.
To create a device that complies with safety standards, the following main steps are typically required.
In the field of motion control, safety features are of paramount importance. The newly launched S7-1500TFCPU, which integrates fail-safe and motion control functions, not only possesses complete motion control capabilities but also integrates fail-safe functions within the same CPU. It can quickly implement safety functions with Siemens' SINAMICSS120/S210 servo drives. For communication, it adopts the PROFIsafe safety protocol based on PROFINET communication, which greatly facilitates the implementation of fail-safe functions in equipment, thereby accelerating the realization of motion safety features in production machinery.
S7-1500TF CPU Fail-Safe Function
Siemens offers a full range of fail-safe products for customers to choose from. The motion control CPU S7-1500TF can be combined with the SINAMICSS120/S210 servo drives with built-in safety functions to form a safety PLC + safety drive automation control system. The fail-safe feature of both products is a highlight of this product. They control the fail-safe functions of the SINAMICSS120/S210 drive through PROFINET communication and PROFIsafe safety protocol messages, enabling basic and extended safety functions of the drive. The drive safety functions listed in this document comply with the following safety standards:
DIN EN 61508 Safety Integration Level (SIL) 2
DIN EN ISO 13849-13
Performance class (PL)d of DIN EN ISO 13849-1, safety functions conform to DIN EN 61800-5-2.
Figure 1 shows the basic and extended safety features of the SINAMICSS120/S210 servo drive.
Figure 1. Basic and Extended Security Functions of the Driver
Rapid Implementation of S7-1500TFCPU+S210 Fail-Safe Functions
Safety PLCs are a crucial component of the overall safety functionality. Integrating safety functions into the S7-1500TF PLC for motion control can significantly reduce overall equipment costs and complexity. To implement safety-related functions, it is first necessary to prepare safety detection components, such as emergency stop buttons, that meet the required level and are suitable for the application. These are then connected to the safety input module of the safety PLC via wiring. Subsequently, relevant safety programs are written, and the various safety functions of the drive are controlled through PROFIsafe communication messages.
In PROFIsafe communication, the S210 communicates with the safety PLC via the PROFINET interface, as shown in Figure 2.
Figure 2 shows how the S7-1500TF+S210 implements safety functions via PROFINET/PROFISafe communication.
The configuration of security features mainly involves the following steps:
S210 Security Configuration
Complete the secure communication configuration of S7-1500TF and S210
Complete the security program development for S7-1500TF
Configure the desired security features in the webpage of S210 using a browser, as shown in Figure 2.
Figure 2. S210 security function configuration
Complete the secure communication configuration and security program development for S7-1500TF and S210.
When configuring the network connection between the S7-1500T and the S210 driver in TIA Portal, the security message of the driver is configured. The most commonly used security message is 30, as shown in Figure 3, which can meet the common security function requirements.
Figure 3. Driver security message configuration
To simplify safety programming for PLCs, Siemens has introduced the Fail-safe SIMATIC library LDrvSafe, which enables safety functions for S7-1500TF integrated SINAMICS drives. This library complies with SIL2 (DIN EN 62061) and PLd Category 3 (EN ISO 13849-1) safety standards. Using Siemens' safety library not only simplifies programming but also improves the reliability of safety programs.
The LDrvSafe_CtrlT30SinaS function block in the Fail-safeSIMATIC library LDrvSafe is used to easily control the safety functions of SINAMICSS210 via PROFIsafetelegram30. The function block is shown in Figure 4.
Figure 4. LDrvSafe_CtrlT30SinaS Function Block
The input pins of the function blocks are connected by the user and are signals related to safety functions (such as emergency stop, safety gate, etc.). To prevent accidental triggering of monitoring functions, the speed, position, or direction of the axes needs to be limited by the user program. The safety functions in the drive unit need to cooperate with the S7-1500T to ensure fault-free operation of the equipment. Speed axes, positioning axes, synchronization axes, and path axes—these process objects—directly support the drive unit's "basic integrated safety functions." The process object will detect whether the basic safety function is triggered and display the corresponding warning message (Process Alarm 550 - Alarm Response: Track Setpoint) or (Process Alarm 421 - Alarm Response: Cancel Enable).
Conclusion
With the continuous development of the manufacturing industry, the performance and functional requirements of automatic control products are also increasing. From the earliest programmable logic controllers (PLCs) that focused on logic control, to the integration of motion control functions into PLCs due to the continuous development of production machinery, fail-safe functions for production machinery are now particularly important. The safety functions in drive devices need to work together with motion controllers that integrate safety functions to quickly and easily solve the system's safety control requirements.
The combination of S7-1500TF and S120/S210 driver systems allows for the use of authentication libraries for common security functions, enabling users to quickly and easily implement the security functions they need, making it a good solution for system integrators.
