GE VersaSafe VersaPoint Series User Manual
  1. Manuals
  2. Brands
  3. GE Manuals
  4. Security Sensors
  5. VersaSafe VersaPoint Series
  6. User manual
GE VersaSafe VersaPoint Series User Manual

GE VersaSafe VersaPoint Series User Manual

Safety logic modul , safe output 24vdc, 8pt
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
GE
Intelligent Platforms
Programmable
VersaSafe
VersaPoint* Module: IC220SDL953
SAFETY LOGIC MODUL , SAFE OUTPUT 24VDC, 8PT
User's Manual, GFK-2731
September 2011
Control Products
E

Advertisement

Table of Contents
loading

Related Manuals for GE VersaSafe VersaPoint Series

Summary of Contents for GE VersaSafe VersaPoint Series

  • Page 1 Intelligent Platforms Programmable Control Products VersaSafe VersaPoint* Module: IC220SDL953 SAFETY LOGIC MODUL , SAFE OUTPUT 24VDC, 8PT User‘s Manual, GFK-2731 September 2011...
  • Page 3 User‘s manual VersaPoint module with integrated safety logic and safe digital outputs 2011-09-29 Catalog No.: GFK-2731 Revision: This user manual is valid for: Catalog No. Revision IC220SDL953 HW/FW/FW: 00/100/100 HW/FW/FW: 00/101/100...
  • Page 4 GE Intelligent Platforms accepts no liability for erroneous handling or damage to products from GE Intelligent Platforms or third-party products resulting from disregard of information contained in this user manual.
  • Page 5 Features may be described herein which are not present in all hardware and software systems. GE Intelligent Platforms assumes no obligation of notice to holders of this document with respect to changes subsequently made.
  • Page 6 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 7: Table Of Contents

    Table of contents For your safety.......................... General safety notes ..................1-1 Electrical safety ....................1-2 Safety of the machine or system ................ 1-3 Safety for starting applications ................1-4 Directives and standards..................1-4 Correct usage..................... 1-4 Documentation ....................1-5 Abbreviations used ................... 1-5 Product description........................
  • Page 8 Electrical installation................... 4-6 4.2.1 Electrical installation of the VersaPoint station ........4-6 4.2.2 Electrical installation of the safety module .......... 4-6 Parameterization of the safety module ..................Parameterization of the safety module in a VersaSafe system......5-1 Parameterization of the safe outputs ..............5-2 Behavior of the outputs in the event of enabled switch-off delay for stop category 1....................
  • Page 9 10 Technical data and ordering data ................... 10-1 10.1 System data ..................... 10-1 10.1.1 VersaPoint ..................10-1 10.1.2 VersaSafe system ................10-1 10.2 IC220SDL953....................10-1 10.3 Conformance with EMC Directive ..............10-6 10.4 Ordering data ....................10-7 10.4.1 Ordering data: Safety module ............10-7 10.4.2 Ordering data: Accessories ..............
  • Page 10 A 10 Safe state ....................... A-27 A 11 Time response in the VersaSafe system............A-28 A 11.1 Typical response time ..............A-28 A 11.2 Shutdown times ................A-29 A 12 Achievable safety depending on the modules used ........A-30 A 13 Behavior in the event of an error ..............

  • Page 11: For Your Safety

    For your safety Purpose of this manual The information in this document is designed to familiarize you with how the IC220SDL953 safety module works, its operating and connection elements, and its parameter settings. This information will enable you to use the module within a VersaSafe system according to your requirements.

  • Page 12: Electrical Safety

    Repair work may not be carried out on the safety module. repairs In the event that an error cannot be removed, please contact GE Intelligent Platforms immediately, engage a service engineer, or send the faulty module directly to GE Intelligent Platforms.

  • Page 13: Safety Of The Machine Or System

    Insulation rating When selecting the operating equipment, please take into consideration the contamination and surge voltages, which may occur during operation. The IC220SDL953 module is designed for surge voltage category II (according to DIN EN 60664-1). If you expect surge voltages in the system, which exceed the values de- fined in surge voltage category II, take into consideration additional measures for voltage limitation.

  • Page 14: Safety For Starting Applications

    For the standards observed by the module, please refer to the certificate issued by the approval body and the EC declaration of conformity. These documents are available on the Internet at www.ge-ip.com. Correct usage Only use the VersaSafe system in accordance with the instructions in this section.

  • Page 15: Documentation

    Latest documentation Make sure you always use the latest documentation. Changes or additions to this document can be found on the Internet at http://support.ge-ip.com. VersaSafe system When working on the VersaSafe system and its components, you must always keep this user manual and other items of product documentation to hand and observe the information therein.
  • Page 16 Table 1-2 Abbreviations used Abbrevia- Meaning tion PELV Protective extra-low voltage A circuit in which the voltage does not exceed 30 V AC, 42.4 V peak value or 60 V DC under normal conditions or single-fault conditions, ex- cept in the event of grounding errors in other circuits. A PELV circuit is like a SELV circuit, but is connected to protective earth ground.

  • Page 17: Product Description

    Product description Note about the system description The VersaSafe system is described in "Appendix: VersaSafe system" on page A-1. In the description of the IC220SDL953 safety module, it is assumed that you are familiar with the VersaSafe system. If this is not the case, please refer to "Appendix: VersaSafe system"...

  • Page 18: Structure Of The Safety Module

    Structure of the safety module 79690002 Figure 2-1 Structure of the safety module Data jumpers (local bus) Electronics base with labeling including version designation hardware/firmware/firmware (not shown) Switch for setting the transmission speed and operating mode Switch for setting the address Potential jumper Diagnostic and status indicators;...

  • Page 19: Safe Digital Outputs

    Safe digital outputs The safety module has safe positive switching digital outputs, which can be used as fol- lows: – For two-channel assignment: – Four two-channel outputs – For single-channel assignment: – Eight single-channel outputs Technical data For the technical data for the safe outputs, please refer to page 10-4. Parameterization The individual safe digital outputs of a safety module can be parameterized differently.
  • Page 20 Requirements for con- The error detection of the module varies depending on the parameterization. This results trolled devices/actuators in specific requirements for the actuators. – If the outputs are parameterized with test pulses, the output circuits are tested by test pulses at regular intervals.

  • Page 21: Connection Options For Actuators Depending On The Parameterization

    Connection options for actuators depending on the parameterization Actuators that meet various safety requirements depending on the parameterization can be connected to the outputs. For connection examples, please refer to Section 6, "Connection examples for safe outputs". The maximum achievable SIL/SIL CL/Cat./PL is specified in the table. In order to achieve this: –...

  • Page 22: Local Diagnostic And Status Indicators

    Local diagnostic and status indicators LPSDO8 79690003 Figure 2-3 Local diagnostic and status indicators of the IC220SDL953 module Table 2-1 Local diagnostic and status indicators Green LED Diagnostics OFF: Communications power is not present Flashing at 0.5 Hz: Communications power present, local bus not active Flashing at 4 Hz: Communications power present, error at the interface between previous and flashing terminal (the terminals after the flashing terminal cannot be addressed).
  • Page 23 Table 2-1 Local diagnostic and status indicators (continued) Green LED Monitoring the supply voltage U OFF: Communications power is not present Flashing at 1 Hz: below the permissible voltage range (undervoltage) present Green LED Status indicator for communication OFF: IC220SDL953 not parameterized Flashing at 0.5 Hz: IC220SDL953 is parameterized, but safe communication is not running to at least one satellite Communication OK...

  • Page 24: Safe State

    Safe state The safe state for the module is the low state at the output terminals (see "Safe digital outputs" on page 2-3). The safe state can be entered in the following cases: Operating state Error detection in I/O devices Device errors Parameterization errors 2.8.1...

  • Page 25: Device Errors

    2.8.3 Device errors Outputs If a hardware fault in the internal circuit is detected at an output, all module outputs are disabled ("0" = OFF = safe state). The relevant diagnostic message is transmitted to the controller (see "Safe digital output errors"...

  • Page 26: Process Data Words

    Process data words The module uses 8, 16, or 24 words in the VersaPoint system. How these words are mapped is described in "Process image" on page A-13. The input data only indicates the actual status of the outputs if no bus errors or device errors are present.

  • Page 27: Versapoint Potential And Data Routing, And Versapoint Connectors

    VersaPoint potential and data routing, and VersaPoint connectors VersaPoint potential and data routing For operation, the safety module must be integrated in a VersaPoint station within the Ver- saSafe system. The bus signals are transmitted via the VersaPoint data jumpers. The required supply volt- ages are transmitted via the VersaPoint potential jumpers.

  • Page 28: Supply Voltage U M

    Supply voltage U Feed in the supply voltage at a bus coupler or a power terminal. It is made available to the safety module via the VersaPoint potential jumper U WARNING: Loss of the safety function when using unsuitable power supplies For the voltage supply at the bus coupler or power terminal, please note: Only power supplies according to EN 50178/VDE 0160 (PELV) may be used.

  • Page 29: Terminal Point Assignment

    NOTE: Damage to module electronics in the event of surge voltage Do not use a DC distribution network. DC distribution network according to IEC 61326-3-1: A DC distribution network is a DC power supply network, which supplies a complete industrial hall with DC voltage and to which any device can be connected. A typical system or machine distribution is not a DC distribution network.
  • Page 30 Table 3-1 Terminal point assignment for connector 1 Terminal point Signal Channel assignment Channel 1 and channel 0 V (GND) Table 3-2 Terminal point assignment for connector 2 Terminal point Signal Channel assignment OUT1_Ch1 Output 1, channel 1 OUT1_Ch2 Output 1, channel 2 Not used Not used Channel 1 and channel...
  • Page 31 Table 3-4 Terminal point assignment for connector 4 Terminal point Signal Channel assignment 0 V (GND) Channel 1 and channel 2 0 V (GND) Channel 1 and channel 2 WARNING: Loss of functional safety due to parasitic voltages Connect the ground of the actuator to the ground terminal point of the corresponding output on the VersaPoint connector.
  • Page 32 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 33: Assembly, Removal, And Electrical Installation

    Assembly, removal, and electrical installation Assembly and removal 4.1.1 Unpacking the module The module is supplied in an ESD box together with a package slip with installation instructions. Please read the complete package slip carefully. The module may only be installed and removed by qualified personnel. NOTE: Electrostatic discharge The safety module contains components that can be damaged or destroyed by electrostatic discharge.

  • Page 34: Setting The Dip Switches

    4.1.3 Setting the DIP switches Set the DIP switches accordingly for your application before assembling the module in a VersaPoint station. The switches cannot be accessed when the safety terminal is in- stalled in the VersaPoint station. The module has a 2-pos. and a 10-pos. DIP switch. The DIP switches are located on the left-hand side of the safety module.
  • Page 35 10-pos. DIP switch: The operating mode and the island number are set via the 10-pos. DIP switch. Address NOTE: Malfunction in the event of incorrect addressing Make sure that in an overall system comprising the VersaSafe system and any higher-level PROFIsafe system, the addresses (address within the VersaSafe sys- tem and F-Address of the PROFIsafe system) are unique.

  • Page 36: Assembly And Removal Of The Safety Module

    4.1.4 Assembly and removal of the safety module For general information about assembling and removing VersaPoint terminals, please refer to the GFK-2736 user manual. Assembly – Set the DIP switches prior to assembly (see "Setting the DIP switches" on page 4-2). The DIP switches cannot be accessed when the safety module is installed in the VersaPoint station.
  • Page 37 Removal • Disconnect the power to the station. • Remove the connectors from the safety module and the adjacent connector from the neighboring VersaPoint terminal on the left. – Remove connectors • Remove the connector by pressing the back shaft latching (A) and levering off the connector (B).

  • Page 38: Electrical Installation

    Push a screwdriver into the slot of the appropriate terminal point (Figure 4-6, detail 1), so that you can insert the wire into the spring opening. GE Intelligent Platforms recommends the SZF 1 - 0.6X3.5 screwdriver. • Insert the wire (Figure 4-6, detail 2). Remove the screwdriver from the opening. This clamps the wire.
  • Page 39 6 4 5 2 B 0 3 2 Figure 4-6 Connecting unshielded cables • Insert the assembled connectors in the corresponding module slot (see "Terminal point assignment" on page 3-3). • Label all connections to prevent connections to the VersaPoint connectors being mixed up (see GFK-2736 user manual).
  • Page 40 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 41: Parameterization Of The Safety Module

    Parameterization of the safety module Parameterization of the safety module in a Versa- Safe system For information about the configuration and parameterization of the VersaSafe system, please refer to "Configuration and parameterization using the VersaConf Safety tool" on page A-26. Parameterization includes the following: –...

  • Page 42: Parameterization Of The Safe Outputs

    Parameterization of the safe outputs The individual outputs of a safety module can be parameterized differently and thus achieve different safety integrity levels (SIL, SIL CL, Cat., PL). Two-channel If the outputs are operated via two channels, the following fixed assignment applies: –...
  • Page 43 Table 5-1 Parameterization of outputs (continued) Parameterization Value range Remark OUT0 - OUT3 Value range of switch-off Value x 10 in ms Value range/unit for the parameterization of the "Switch-off delay for delay for stop category 1 Value x 100 in ms stop category 1"...

  • Page 44: Behavior Of The Outputs In The Event Of Enabled Switch-Off Delay For Stop Category 1

    Behavior of the outputs in the event of enabled switch-off delay for stop category 1 Depending on the event that causes the outputs to be switched off, and on the parameterization of the switch-off delay, the time until the outputs are actually switched off can vary. Table 5-2 Switching off of the outputs according to the trigger event and the parameterization Switching off of outputs...

  • Page 45: Connection Examples For Safe Outputs

    The following examples only describe the options for the electrical connection of controlled devices/actuators to the safe outputs. Should you have any questions regarding applications to be implemented, please contact the GE Intelligent Platforms. The following are specified for each example: –...

  • Page 46: Notes On The Protective Circuit For External Relays/Contactors (Free Running Circuit)

    For all examples, please also observe the measures specified in the individual tables, which must be taken to achieve the specified SIL/SIL CL/Cat./PL and all measures according to standards EN 61508, EN 62061, EN 954-1, and EN ISO 13849-1 to achieve the specified SIL/SIL CL/Cat./PL.

  • Page 47: Measures Required To Achieve A Specific Safety Integrity Level

    Measures required to achieve a specific safety integrity level The safety integrity level (SIL, SIL CL, performance level, and category) that can be achieved is specified for each connection example. Please also refer to "Achievable safety depending on the modules used" on page A-30. SIL/SIL CL Use the relevant standard to determine the probability of failure in your application according to EN 61508 (SIL) and EN 62061 (SIL CL).
  • Page 48 Cat. 3 – Use proven and basic safety principles according to EN ISO 13849-2. – Use appropriately qualified actuators (see "Requirements for controlled devices/actuators" on page 2-4). – Please note that mechanical failure of the switching device can result in the loss of the safety function.

  • Page 49: Single-Channel Assignment Of Safe Outputs

    Single-channel assignment of safe outputs OUT1_Ch1 K1 (R) K2 (R) 73421005 Figure 6-2 Single-channel assignment of outputs – In order to achieve Cat. 3 or PL d with single-channel assignment of the outputs, a two-channel actuator must be used. The two-channel operation of the actuator with the corresponding connection is represented on a gray background.
  • Page 50 Enable the test pulses to improve device diagnostics. If the test pulses for the actuator are faulty, they can be disabled. In this case, test the switching capability of the outputs at regular intervals. Device diagnostics and behavior of the module in the event of an error Table 6-4 Single-channel: Test pulses enabled Error type...
  • Page 51 Typical parameterization Parameterization Parameterized as Remark Assignment Assigned Output Single-channel Switch-off delay for stop Enabled Or disabled category 1 Switch-off delay for stop Application-specific category 1 Value range of switch-off Value in s Application-specific delay for stop category 1 Test pulses (output disabled) Enabled Or disabled (in software: test impulses...

  • Page 52: Two-Channel Assignment Of Safe Outputs

    Two-channel assignment of safe outputs For two-channel assignment of the safe outputs, two adjacent outputs are always used. This assignment is fixed and cannot be parameterized (see "Two-channel" on page 5-2). OUT1_Ch1 K1 (R) OUT1_Ch2 K2 (R) 73420006 Figure 6-3 Two-channel assignment of outputs K1 (R) and K2 (R) represent the positively driven N/C contacts for monitoring the state of the relay (readback contacts).
  • Page 53 Enable the test pulses to improve device diagnostics. If the test pulses for the actuator are faulty, they can be disabled. In this case, test the switching capability of the outputs at regular intervals. Device diagnostics and behavior of the module in the event of an error Table 6-5 Two-channel Error type...
  • Page 54 Typical parameterization Parameterization Parameterized as Remark Channel 1 Channel 2 Assignment Assigned Assigned Output Two-channel Two-channel Switch-off delay for stop Enabled Enabled Or disabled category 1 Switch-off delay for stop Application-specific category 1 Value range of switch-off Value in s Value in s Application-specific delay for stop category 1...

  • Page 55: Startup And Validation

    Startup and validation Initial startup Parameterization and configuration must already have been carried out Table 7-1 Steps for parameterization and configuration (via VersaConf Safety) Step Relevant section and literature Parameterization and configuration must already have been carried out before commencing startup. Carry out the necessary parameterization.
  • Page 56 Table 7-2 Steps for startup (continued) Step Relevant section and literature Once the operating voltage has been applied: – If possible, measure the wave form of the voltages to ensure that there are no deviations. – Measure the output voltages on the module, as well as the supply voltages, which supply the connected loads (e.g., motor) to ensure that they are in the permissible range.

  • Page 57: Restart After Replacing A Safety Module

    Restart after replacing a safety module 7.2.1 Replacing a safety module WARNING: Unintentional machine startup Do not assemble or remove the module while the power is connected. Before assembling or removing the module, disconnect the power to the module and the entire VersaPoint station and ensure that it cannot be switched on again.
  • Page 58 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 59: Errors: Messages And Removal

    "Acknowledgment" column in the tables below. If diagnostic codes are indicated by the system, which do not appear in the tables below, please contact GE Intelligent Platforms. Error removal To remove the cause of an error, please proceed as described in the "Remedy" column in the tables below.
  • Page 60 Notes on the tables below Diagnostic code The diagnostic register of the module includes both status bits and the diagnostic code (see "Dev-Diag-LPSDO (LPSDO diagnostics)" on page A-18). This diagnostic code, which is shown in bits 10 to 0 of the register, is listed in the tables below starting from Table 8-4). However, it is the code of the entire diagnostic register that is indicated.
  • Page 61 Example: ANDing the Diagnostic code indicated: 0D03 diagnostic code Table 8-3 Relationship between the diagnostic code indicated and the diagnostic code specified in the documentation Assignment of the diagnostic PUR OAR Diagnostic code register (see page A-18) Diagnostic code indicated Mask (07FF Diagnostic code in the documentation...

  • Page 62: Safe Digital Output Errors

    Safe digital output errors Table 8-4 Safe output errors Error cause Diagnostic Remark Effect Remedy Acknow- code (hex) ledgment Hardware X01n The indicated output All module outputs Power up with error- Yes (1) fault OUT: cannot be disabled are in the safe state free selftest X010: OUT0_Ch1 X017: OUT0_Ch2...

  • Page 63: Supply Voltage Errors

    Acknowledgment: Yes (2) Acknowledging the diagnostic message deletes the message and enables a restart. Following successful acknowledgment, the module also expects a positive edge from the application for the output. WARNING: Unexpected machine startup An operator acknowledgment leads to a positive edge and can thus result in the outputs being re-enabled.

  • Page 64: Parameterization Errors

    Parameterization errors Table 8-7 Parameterization errors Error cause Diagnos- Remark Effect Remedy Acknow- tic code ledgment (hex) Incorrect Each output is pa- Module is in the safe Check and correct – parameteriza- Table 8-8 (flash- rameterized individ- state parameterization. tion ing) ually In order to determine what type of parameterization error has occurred, use the...

  • Page 65: Connection Errors To Satellites

    Connection errors to satellites Table 8-9 Connection errors to satellites Error cause Diag- Short description Remedy Acknowledgment nostic code (hex) (hex) Wrong X3FC Island number at IC220SDL953 Check switch position Reload project. island number not set correctly and value in software and adapt accordingly.

  • Page 66: Acknowledging An Error

    Acknowledging an error In the VersaSafe system, the errors of the IC220SDL953 as well as those of the corre- sponding island satellites must be acknowledged via the IC220SDL953. After removing the cause of an error, the diagnostic message must be acknowledged. To do this, set the corresponding bit in the "Dev-Ackn-LPSDO"...

  • Page 67: Maintenance, Repair, Decommissioning, And Disposal

    Repair work may not be carried out on the safety module. In the event of an error, send the module to GE Intelligent Platforms. It is strictly prohibited to open the safety module. In order to prevent the manipulation of the module and to detect the unauthorized opening of the module, a security seal is applied to the module.
  • Page 68 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 69: 10 Technical Data And Ordering Data

    10 Technical data and ordering data 10.1 System data 10.1.1 VersaPoint For system data, please refer to the following user manual: VersaPoint Automation terminals of the VersaPoint product range GFK-2736 10.1.2 VersaSafe system VersaSafe system Shutdown time t 10 ms OUT_LPSDO Maximum number of VersaSafe islands in the system Maximum number of modules within a VersaSafe island...
  • Page 70 General data (continued) Air pressure Operation 80 kPa to 108 kPa (up to 2000 m above sea level) Storage/transport: 66 kPa to 108 kPa (up to 3500 m above sea level) Degree of protection IP20 Housing material Plastic PBT, self-extinguishing (V0) Air and creepage distances According to IEC 60439-1, derived from IEC 60664-1 Protection class...
  • Page 71 Safety characteristics according to DIN EN 62061 Achievable SIL claim limit SIL CL = SIL 2 (single-channel) SIL CL = SIL 3 (two-channel) Depends on the parameterization and wiring (see "Connection options for actuators depending on the parameterization" on page 2-5 and "Connection examples for safe outputs" on page 6-1) Safe failure fraction (SFF) Probability of a dangerous failure per hour for the entire module SIL CL 2: 1 % of 10...
  • Page 72 Supply voltage U (actuators) (continued) Permissible interruption time 10 ms; Within this time, the output voltage for the safe outputs fails as the outputs are not internally buffered. Surge protection Yes (in the bus coupler/power terminal) Protection against polarity reversal Yes (in the bus coupler/power terminal) NOTE: Module damage due to polarity reversal Polarity reversal places a burden on the electronics and, despite protection against polarity reversal, can damage the module.
  • Page 73 Safe digital outputs OUT0 to OUT3 (continued) Maximum capacitive load depending on the current C = 1 s/(R x 1400) Where: Load capacity in F Load resistance in ohms Maximum capacitive load depending on the load current µF 0.50 1.00 1.50 2.00 2.50...

  • Page 74: Conformance With Emc Directive

    7.5 V supply (bus logic)/24 V supply U , FE 500 V AC, 50 Hz, 1 min. Approvals For the latest approvals, please visit http://support.ge-ip.com. 10.3 Conformance with EMC Directive Conformance with EMC Directive 2004/108/EC Noise immunity test according to DIN EN 61000-6-2...

  • Page 75: Ordering Data

    10.4.3 Ordering data: Software Description Name Pcs. / Pkt. Parameterization and configuration tool VersaConf Safety The software can be downloaded free of charge from http://support.ge-ip.com. 10.4.4 Ordering data: Documentation Description Catalog No. Pcs. / Pkt. VersaPoint User manual...
  • Page 76 10-8 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 77: A Appendix: Versasafe System

    VersaSafe technology from GE Intelligent Platforms offers a cost-effective solution. The VersaSafe system works independently of the relevant network and the standard control system used.

  • Page 78: A 1.2 Overview Of Versasafe System Features

    A 1.2 Overview of VersaSafe system features – Network independent – Controller independent – No higher-level safety controller required – Up to five connections to satellites – All data, including parameterizations, is located on the standard controller – Only the IC220SDL953 module is parameterized by the standard controller –...
  • Page 79 Table A-1 VersaSafe system specifications Functionality IC220SDL953 Mirroring of local safe output data Forwarding of safe outputs Satellites supported – IC220SDL543 – IC220SDL753 – IC220SDL752 – IC220SDL840 Permissible revision see Table 10-1 Multiplexer mode Support of partial configurations Table 10-1 Revision as of which a module is permitted for use on the logic module Order No.: Type...

  • Page 80: A 2 System Topology

    System topology A 2.1 General topology A VersaSafe system can be integrated into various bus systems including PROFINET, and PROFIBUS. The standard bus system is thus supplemented by components to achieve safety. MRESET RU N FAIL RUN / PROG 10/100 R UN R OG LN K...

  • Page 81: A 2.2 Network And Controller Requirements

    VersaSafe island Each VersaSafe island comprises one VersaSafe module with integrated safety logic (IC220SDL953) and up to five distributed VersaSafe modules without safety logic (e.g., IC220SDL543, IC220SDL...). The module with integrated safety logic is referred to as the island node, while the modules without safety logic are referred to as remote devices or satellites.

  • Page 82: A 3 Versasafe Address Assignment

    VersaSafe address assignment NOTE: Malfunction in the event of incorrect addressing Make sure that in an overall system comprising the VersaSafe system and any higher- level PROFIsafe system, the addresses (address within the VersaSafe system and F-Address of the PROFIsafe system) are unique. Duplicate address assignment is not permitted.
  • Page 83 Table A-5 Example 2: VersaSafe addresses Island number Satellite number VersaSafe address IC220SDL953 IC220SDL840 Position 1 IC220SDL543 Position 2 IC220SDL752 Position 3 IC220SDL753 Position 4 IC220SDL543 Position 5 GFK-2731 Chapter A...
  • Page 84 Example addresses Figure A-2 and Table A-6 illustrate examples of addresses in the VersaSafe system for three islands. Island 1 (00001xxx; red) and island 2 (00010xxx, green) operate in VersaSafe mode. Island 3 (00011xxx, blue) operates in VersaSafe multiplexer mode. IC220SDL543 IC220SDL543 PSDI8...
  • Page 85 Table A-6 Example addresses for VersaSafe islands Addresses for Addresses for Addresses for Devices island number 1 island number 2 island number 3 (red in Figure A-2) (green in Figure (blue in Figure A-2) A-2) 00001 000 (08 00010 000 (10 00011 000 (18 IC220SDL953 (island node) 00001 001 (09...

  • Page 86: Operating Modes And Setting The Dip Switches In The Versasafe System

    Operating modes and setting the DIP switches in the VersaSafe system A 4.1 Module switch positions For more detailed information about the function of the DIP switches, please refer to "Setting the DIP switches" on page 4-2. The following tables show the settings on the IC220SDL953, IC220SDL543, and IC220SDL...

  • Page 87: A 4.2 Versasafe Multiplexer Mode

    A 4.2 VersaSafe multiplexer mode In this operating mode, the input data of a IC220SDL543 safe input module is output one- to-one to the output terminals of the IC220SDL953. A controller is still required as this copies the data (see also Figure A-5 "I/O image and data flow in multiplexer mode" on page A-16).
  • Page 88 Table A-10 Parameterization of all safe inputs of the IC220SDL543 Parameterization Parameterized as Remark Input Assignment Assigned Evaluation Single-channel Sensor type Standard sensor Filter time (t 5 ms Filter Symmetry Disabled The parameterization is set automatically Clock selection UT1 for inputs of channel 1 and cannot be changed.

  • Page 89: A 5 Process Image

    Process image A 5.1 Structure of the process image Table A-11 Key for Figure A-4 Designation Meaning Explanation Process image of inputs Process image of outputs SATx Satellite x (x = 1 ... 3) PSDI IC220SDL543 PSDO IC220SDL... Number of bytes to be transmitted Prot-x Protocol data On page A-17...
  • Page 90 If a VersaSafe island is made up of a different constellation, the following rules apply for mapping the individual submodules within the IC220SDL953: – The sequence of the satellites within the IC220SDL953 must be determined by the sat- ellite numbers. –...
  • Page 91 Dev-Ack-1 SAT 1 base-addr + 0 Dev-Diag-1 Dev-Ack-1 Dev-Diag-1 Prot-1 Data-1 Prot-1 Prot-1 8 Bytes Prot-1 Prot-1 Prot-1 Prot-1 Prot-1 SAT 1 base-addr + 7 Dev-Ack-2 SAT 2 base-addr + 0 Dev-Diag-2 Dev-Ack-2 Dev-Diag-2 Prot-2 Data-2 Prot-2 Prot-2 8 Bytes Prot-2 Prot-2 Prot-2...
  • Page 92 Dev-Ack-1 SAT 1 base-addr + 0 Dev-Diag-1 Dev-Ack-1 Dev-Diag-1 Prot-1 Data-1 Prot-1 Prot-1 8 Bytes Prot-1 Prot-1 Prot-1 Prot-1 Prot-1 SAT 1 base-addr + 7 LPSDO-base-addr + 0 LPSDO-base-addr + 0 Dev-Diag-LPSDO Dev-Ack-LPSDO LPSDO-base-addr + 1 LPSDO-base-addr + 1 Dev-Diag-LPSDO App-Ack-LPSDO LPSDO-base-addr + 2 LPSDO-base-addr + 2...

  • Page 93: A 5.2 Description Of The Registers

    A 5.2 Description of the registers The register assignment for the IC220SDL953, IC220SDL543, and IC220SDL753 is illustrated below. As the registers are device-specific, the assignment for other modules may differ from the description. Check the register assignment against the device-specific documentation.
  • Page 94 Dev-Diag-LPSDO The diagnostic register of the IC220SDL953 has the following structure and function: (LPSDO diagnostics) Table A-14 Dev-Diag register of the IC220SDL953 PUR OAR Diagnostic code/address Meaning Function Communication IC220SDL953 is not parameterized or at least one of the safe communication relationships is not running without any errors.
  • Page 95 Dev-Ack-LPSDO The register for acknowledging the IC220SDL953 has the following structure and function: (acknowledgment) Table A-15 Dev-Ack register of the IC220SDL953 Meaning Function Operator acknowledge 0 -> 1: Acknowledgment of error message regarding failsafe communication (see also OAR bit in Dev-Diag register). Start LPSDO 0 ->...
  • Page 96 App-Ack-LPSDO The bits in this register can be freely programmed in VersaConf Safety and can be used (application for the safety logic. Implement diagnostics using these bits. acknowledgment for The IC220SDL953 register has the following structure and function: IC220SDL953) Table A-17 IC220SDL953 App-Ack-LPSDO register .
  • Page 97 Table 10-3 Possible indices in the short protocol Index Meaning Note [hex] Project header saved in the IC220SDL953 Read-only, uses short protocol IC220SDL953 status Read-only Loading and starting of the project header Write-only, uses short protocol Address block Write-only, uses short and long protocol Logic block Write-only, uses short and long protocol...

  • Page 98: A 6 Implementation Of Data Flow Between The Standard Controller And The Safety Modules

    Implementation of data flow with a function block A copy function block (COPY FB) to safeguard data flow between the VersaSafe modules is available from GE Intelligent Platforms for certain systems. A 6.2 Implementation of data flow without a function block If a function block (COPY FB) is not available for your controller, you must implement data flow within the VersaSafe system yourself.
  • Page 99 The enable function cannot be used in multiplexer mode. The enable function is not graphically represented in VersaConf Safety in the safety logic editor. Parameterize the enable function when parameterizing the channels. The following figure illustrates the enable principle. IC220SDL953 &...

  • Page 100: A 8 Diagnostics

    Diagnostics In addition to precise diagnostics for the standard bus system, the safe input and output devices also support the detection of I/O errors and device errors. A 8.1 Error detection in I/O devices Safe inputs Depending on the device type and parameterization, the following errors can be detected at safe inputs: –...

  • Page 101: A 8.2 Detection Of Device Errors

    A 8.2 Detection of device errors All serious errors that can result in the loss of or adversely affect the safety function cause the entire device to enter the safe state. The FS LED on the safe device is permanently on. Depending on the device type, the following errors lead to the safe state: –...

  • Page 102: A 9 Configuration, Parameterization, And Download

    Configuration, parameterization, and download An example for configuration, parameterization, and download can be found in the quick start guide for the IC220SDL953 (see "Ordering data: Documentation" on page 10-7). A 9.1 Configuration and parameterization using the VersaConf Safety tool The VersaConf Safety software tool is available to users for configuring the safety logic and parameterizing the channels of the safety modules used.

  • Page 103: A 9.2 Downloading The Configuration And Parameter Data Record Following Power Up

    A 9.2 Downloading the configuration and parameter data record following power up The entire configuration and parameterization can be created offline with VersaConf Safety. A fully installed system is not required until the download stage. Communication must be running when transmitting the data record. WARNING: Loss of safety function Before downloading a data record, check whether the current data record is actually loaded.

  • Page 104: A 11 Time Response In The Versasafe System

    A 11 Time response in the VersaSafe system In the planning phase of the machine/system and the VersaSafe system, specify the required shutdown time for each safety function. This is ascertained on the basis of the safety evaluation of the machine/system, taking into consideration the safety distances and the approach speed.

  • Page 105: Shutdown Times

    A 11.2 Shutdown times The required shutdown time for the safety function is based on the response times of the sensors used, the VersaSafe system, the actuator used, and the stopping time of the system. The required shutdown time of the safety function can be determined from the safety distances or the safety distances are defined based on the determined guaranteed shutdown time.

  • Page 106: A 12 Achievable Safety Depending On The Modules Used

    F-Watchdog time is included in the calculation. A 12 Achievable safety depending on the modules used GE Intelligent Platforms recommends using the SISTEMA software utility to determine achievable safety. The SISTEMA software utility for the safety of control systems on machines can be...

  • Page 107: A 13 Behavior In The Event Of An Error

    A 13 Behavior in the event of an error Error messages Errors that occur on the safe devices can be detected using process data, function blocks, and device LEDs. These error messages can be evaluated in the standard application program or can be displayed by means of a visualization.

  • Page 108: A 13.2 Parameterization Or Configuration Errors

    A 13.2 Parameterization or configuration errors All errors that are detected during the plausibility check of parameters and configuration data are assigned to this class. This check is usually carried out during the initialization phase of the system. Following the detection of an error in this class, the devices enter the safe state and are still able to send diagnostic information or receive new parameter or configuration data.

  • Page 109: A 14 Startup And Restart

    A 14 Startup and restart A 14.1 Startup/restart following power up The module starts up once the configuration and parameterization data record has been downloaded successfully and the internal tests have been completed without errors. WARNING: Unexpected machine startup If you do not want the machine to start up/restart automatically, configure the safety logic accordingly.
  • Page 110 A-34 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 111: B Appendix: Checklists

    B Appendix: Checklists The checklists listed in this section provide support during the planning, assembly and electrical installation, startup, parameterization, and validation of the IC220SDL953 module. These checklists may be used as planning documentation and/or as verification to ensure the steps in the specified phases are carried out carefully. Archive the completed checklists to use as reference for recurring tests.

  • Page 112: B 1 Checklists For The Versasafe System

    Checklists for the VersaSafe system B 1.1 Planning Checklist for planning the use of the VersaSafe system Equipment identification Date Author Test engineer Remark No. Requirement (mandatory) Remark Has a hazard and risk analysis been carried out for the system/machine? SIL, SIL CL, Cat., PL) been Has the corresponding safety integrity level ( derived from the hazard and risk analysis...
  • Page 113 No. Requirement (optional) No Remark Are all measures that are based on applicable standards planned? Have the VersaPoint specifications (e.g., cabling, power supply) been observed? Have the accessories to be used been planned (e.g., cables, connectors)? Is the transmission speed for the individual VersaPoint stations specified? Are the specifications for parameterization, assembly, electrical installation, startup, and validation of the IC220SDL953 described? Are the specifications for parameterization, assembly, electrical installation,...

  • Page 114: B 1.2 Configuration And Parameterization

    B 1.2 Configuration and parameterization Checklist for configuration and parameterization of the VersaSafe system Equipment identification Date Author Test engineer Remark No. Requirement (mandatory) Remark Has the safety logic been configured? Have all inputs and outputs been fully and correctly parameterized? Are standard input signals exclusively used to configure standard operations (e.g., for the enable principle using the EN_OUT block or for acknowledgment)?

  • Page 115: B 1.3 Startup

    B 1.3 Startup Checklist for startup of the VersaSafe system Equipment identification Date Author Test engineer Remark No. Requirement (mandatory) Remark During startup, is it ensured that any person starting hazardous movements intentionally can only do so with a direct view of the danger zone? No.

  • Page 116: B 1.4 Safety Functions

    B 1.4 Safety functions Enter all the safety functions for your application in this checklist. Checklist for checking safety functions Equipment identification Date Author Test engineer Remark No. Safety functions Remark Date Signature (author) Date Signature (test engineer) User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 117: B 1.5 Validation

    B 1.5 Validation Checklist for validating the VersaSafe system Equipment identification Date Author Test engineer Remark No. Requirement (mandatory) Remark Have the mandatory requirements for planning been met? If applicable, have the mandatory requirements for startup been met? Has validation of the safe devices used been carried out and are the results available? Are safety distances that must be observed calculated according to the response and delay times implemented?

  • Page 118: B 2 Checklists For The Ic220Sdl953 Module

    Checklists for the IC220SDL953 module B 2.1 Planning Checklist for planning the use of the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Revision: Has the current module user manual been used as the basis for planning? Does the planned use correspond to the intended use? Has the technical data of the module been observed? Are the actuators approved for connection to the module (according to the...

  • Page 119: Assembly And Electrical Installation

    B 2.2 Assembly and electrical installation Checklist for assembly and electrical installation of the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Was assembly and installation completed according to the specifications (specifications from the planning phase or according to the user manual)? Was the safety module installed in the control cabinet (IP54)? Do the cable cross sections correspond to the specifications? Are requirements for the actuators and cable installation observed according to...

  • Page 120: B 2.3 Startup

    B 2.3 Startup Checklist for startup of the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Was startup completed according to the specifications (specifications from the planning phase or according to the user manual)? During startup, is it ensured that any person starting hazardous movements intentionally can only do so with a direct view of the danger zone? Are safety distances that must be observed calculated according to the...

  • Page 121: B 2.4 Validation

    B 2.4 Validation Checklist for validating the safety module Device type/equipment identification Version: HW/FW/FW Date Author Test engineer Remark No. Requirement (mandatory) Remark Have all the mandatory requirements for the "Planning" checklist been met? Have all the mandatory requirements for the "Assembly and electrical installation"...
  • Page 122 B-12 User manual IC220SDL953 - September 2011 GFK-2731...

  • Page 123: C Index

    C Index Errors Acknowledgment..........8-8 Abbreviations ............. 1-5 General ..............8-7 Acknowledgment ............ A-31 Outputs ..............8-4 Actuators Parameterization..........8-6 Connection options ..........2-5 Removal............... 8-1 Requirements............2-4 Supply voltage ............. 8-5 App-Ack-LPSDO............. A-20 Assembly ..............4-4 Feedback-Data-LPSDO.......... A-20 Feedback-Data-PSDO..........A-20 Configuration error..........
  • Page 124 Response time Typical............... A-28 Output address area ..........2-10 Response time of the actuator........ A-30 Outputs ..............2-3 Response time of the sensor ........A-29 Device errors............2-9 Restart ............. 7-3, A-33 Errors ..............8-4 I/O errors .............. 2-8 Parameterization ..........5-2 Safe state..............

This manual is also suitable for:

Ic220sdl953

Table of Contents