The benefits of using Safety over EtherCAT in your next machine design project

With the development of Safety over EtherCAT in PLCs and drive controllers, powerful new tools are available for machine builders to put to use in their next machine design project, which can help provide their machines with a valuable technological edge, say Mark Checkley and Mike Keefe of KEB Automation.

Modern communication systems not only realise the deterministic transfer of control data, they also enable the transfer of safety-critical control data through the same medium. EtherCAT utilises the Safety over EtherCAT (FSoE = FailSafe over EtherCAT) protocol for this purpose.

The safe operation of machines often requires safety functions to limit speeds, directions of rotation or axis positions. With traditional safety solutions, dangerous operating states are detected and avoided using external safety modules. However, this only serves to increase the complexity of the machine’s safety concept. In contrast, drive controllers with integrated safety functions and safety PLCs including certified function blocks can be used today.

The benefits of using FSoE in machine design projects are numerous, but here are five key benefits to consider:

Reduced and simplified wiring

One simple yet key benefit of FSoE is the reduction of the discrete safety wiring. It is no longer necessary to wire all the discrete safety I/Os back to the safety PLC. The advantages of reduced wiring become most evident in applications that have longer cable runs or where many safety devices are required.

FSoE enables the evaluation of discrete safety inputs and even safe encoder signals (position) in the case of KEB’s COMBIVERT S6 or F6 drive controllers. This information can then be communicated from the drives to the safety PLC over the SIL3 certified FSoE protocol. Both the safety information and regular machine data can be transferred via a standard Ethernet cable, which means the wiring and terminations are quick and easy with little chance of wiring mistakes.

With this simple connection (see Fig.1) all safety functionality on the FSoE and standard EtherCAT drive control can be acheived. This allows for more complex machine safety design without worrying about the cost and time involved with wiring. Resulting in the time spent on wiring and testing I/Os can be saved or put to better use with more comprehensive machine commissioning.

Fig 1: Example of traditional safety wiring vs. networked FSoE wiring (copyright: EtherCAT Technology Group).

Flexibility of safety functions

With FSoE, there is also more flexibility in the selected Safe Motion functions available in KEB EtherCAT drive controllers. It is no longer just about implementing the dual-channel STO (Safe Torque Off). The sixth generation of KEB Automation drives offers scalable safety functions directly in the drive controller. The device variants are Compact, Application and Pro for the COMBIVERT F6 and S6, enabling selectable functions according to the requirements. A number of Safe Motion functions offer advanced functionality and handling, which carry a safety certification up to SIL3.

Fig 2: Safe Motion in KEB drive controllers

For example, a robotic controller may utilise ‘Safe Acceleration Range’ to monitor the acceleration rates of the robotic arms. Detecting an abnormal acceleration can provide a faster error response than waiting to reach a limit switch or torque limit.

Another example is a machine or process that may require a motor shaft to spin in only one direction. Spinning the motor in an unintended direction could cause catastrophic damage to the machine such as damaging a screw or special bearings. A design engineer might utilise the ‘Safe Direction’ function to ensure that the motor only rotates in the intended direction.

Detailed state machine

Each FSoE slave device is built on a state machine backbone. On start up, the state machine must be incremented through sequentially before it is possible to transmit the process data. In combination with the log in KEB’s Combivis Studio 6 programming environment, tracking EtherCAT and FSoE statuses or troubleshooting errors is much simpler.

For example, if an FSoE configuration is used that is dependent on encoder data such as ‘Safe Limited Speed’ (SLS), but no encoder has been configured within the drive safety setup, a bus configuration error will display on the log. The state machine utilised by FSoE and the detailed log functionality within Combivis Studio 6 can be a powerful tool in the commissioning of new machines or troubleshooting existing machines with functional safety.

Configurable process data

Utilising FSoE and the wizards built into Combivis Studio 6 allow for the simple and easy setup of dozens of different configurations of process data. On the simple side, configurations with six FSoE frame elements can be used to control the safety functionality and to read back the statuses. On the more complex side, configurations with 15 FSoE frame elements can be used to support additional safety functionality. This allows for more flexibility when setting up the FSoE and allows the user to select as many or as few safety functions as needed.

The actual configuration of the KEB Safety Drives is carried out using the certified Safety Editor, within COMBIVIS Studio 6. This is where the safety functionality and limits can be configured. These safety-related settings can be saved and downloaded to other drives via COMBIVIS or via the controller. Current parameters and the error history can be used for system diagnosis. The export function makes it easy to create the required documentation.

Safety function blocks

With the number of safety functions available in the KEB S6 and F6 drive controllers that can be transmitted via the process data of FSoE, it could be overwhelming to start the programming of the safety PLC. However, KEB’s Combivis Studio 6 provides pre-certified safety function blocks according to the PLCopen Safety standard. These pre-prepared function blocks minimise the programming time of the safety PLC to allow for easy startup while also enabling more complex programs if needed. In addition, Combivis Studio 6 clearly identifies safe and unsafe variables, making it clear which variables can and cannot be used with safety function blocks. Utilising these tools allows for almost limitless options when programming the safety functionality within FSoE and the safety PLC.

Conclusion

With the increasing desire and requirement of functional safety in new machine designs, FSoE can be a powerful tool for machine builders. Utilising KEB’s range of FSoE devices (drive controllers and safety PLCs) can save time and money in all stages of the machine lifecycle, from initial design through to commissioning and servicing.

For more information on KEB drive controllers or advice on how FSoE can be implemented in your application, please visit www.keb.co.uk

Automation Update