AS-i Safety-at-Work (also known as ASiSafe) is becoming considerably more user-friendly. Safety monitors are becoming intelligent and enable the user to request all safety-related network data locally. All diagnostic data can now be transferred from the safety monitor to the master and the application program, and the user gains a space and expense advantage if using a safety monitor with an integrated gateway to Profibus.
In 1999 AS-Interface introduced 'Safety-at-Work', described as the first bus system capable of simultaneously handling standard and safety-oriented devices on a single network. The goal of this design was to eliminate the previously hard-wired safety-oriented applications by using a bus technology without the need to introduce an additional safety bus. Standard and safety-oriented components should be connected using the simple two-conductor cable that made AS-Interface such a success.
Additionally, the system was not only supposed to be fully compatible with all existing slaves but also, because of the wide-ranging usage possibilities of AS-Interface, with all masters and gateways that were already available and not safety-oriented by themselves. This standard-compliant concept, approved by regulatory agencies for use in applications up to category 4/SIL 3, was implemented by using separate safety contacts and controlling them via a safety monitor. The safety monitor interfaces the safe inputs, supervises their communications, and stops the application if the 'stop' signal is sent. The safety monitor is constructed as a safe device and runs the safety configuration. This configuration is created by the Asimon PC application and then downloaded to the safety monitor. This principal permits the design of safety-oriented applications on the lowest field level without the necessity for master or control system to be implemented as safety-oriented systems by themselves.
Safety-at-Work was proven to be effective in numerous applications but field experience led to requests for new functionalities and the latest AS-Interface specification 3.0 permits the realisation of new ideas. Bihl+Wiedemann reacted to these requests and developed a second-generation safety monitor.
The new safety monitor
The second-generation safety monitor, utilising the same stainless steel housing as many other Bihl+Wiedemann products, stands out due to a whole array of new characteristics:
1. The new monitor has a display and keyboard, enabling the user to execute new and detailed diagnosis possibilities, offering considerable support during the design phase of the system as well as during the maintenance and troubleshooting phase when the cause for a 'stop' must be determined quickly. The previous logical and local separation of information across the system, always considered annoying, is now rendered unnecessary. A PC and the Asimon software are no longer necessary to determine the reasons for a sudden stop of the system. This is especially important if users without detailed background knowledge operate the system.
However, the parallel method of transferring data via the RS232 to a PC is still available and therefore permits the programming of the safety monitor. As before, it is still possible to display the behaviour of all safe slaves graphically.
2. The new safety monitor now supports safety outputs. Safety-at-Work is no longer limited to safety inputs.
3. The safety monitor is implemented as a slave in its network. Due to specification 3.0 enhancements, it is now possible to 'up link' all diagnostic data from the safety monitor to the PLC and application program via the AS-Interface network. All it takes is a master built according to specification 3.0 (independent of the manufacturer). This feature becomes especially important if the data is also needed by the upper level control system.
4. This way all diagnostic data is available at three different locations: locally on the safety monitor display, on the optionally connected PC (providing the option to print the data), and on the (potentially far away) control systems. Hence, the user has the choice of where he/she wants to check the system: at the safety monitor (in the field) or at the central control system. This represents the inclusion of the detailed error diagnostics first introduced by Bihl+Wiedemann into AS-Interface Safety-at-Work.
(The previous safety monitor only displayed status conditions by using LEDs, since it did not make sense to generate diagnostic data that could not be transmitted to the master in its entirety. Consequently, it was often necessary to diagnose a system by using a PC.)
5. The new monitor is able to create a safety message for a second AS-i network. It not only supervises safety devices on its own network, but can also function as a safety slave on a second Safety-at-Work network. Thus it is easy and inexpensive to transmit safety information about the first to a second network.
6. The configurations saved in the monitor can now be changed by replacing memory cards. This simplifies support by the machine builder or system modifications. Service calls are therefore considerably reduced.
7. The additional AS-i diagnostics features, well know from the Bihl+Wiedemann masters, are added: error counter, ground fault detection, double address detection, noise monitoring, and over-voltage indication. These diagnostic methods offer additional support during error diagnostics, operational tests at set-up and service.
8. The new safety monitor can be powered from the AS-Interface network, while the previous safety monitor had to be powered by a (separate) 24V supply. Additionally, it is possible to power the system redundantly from a 24V supply or a second AS-Interface network in such a way that failure (for instance, due to a short circuit) does not lead to a loss of information about the condition and the history of the safety monitor. This facilitates the analysis of the problem causing this fault.
Safety Monitor with integrated Profibus gateway
Especially for Profibus networks, there is now another simplification available: an AS-i 3.0 Profibus gateway with integrated safety monitor, also in a stainless steel housing. This gateway allows access to all application functions, including those that are not safety related, plus it ensures the PC programming at the location of the gateway. The only prerequisite for using this gateway is that it is possible to place master and monitor at the same location without separating them, for instance, by a repeater. If this condition is fulfilled, the gateway represents an elegant solution, offering space and cost advantages in addition to user friendliness.
Interoperability and compatibility
What remains as strong as always are interoperability and compatibility, the well-known foundations of AS-Interface. Naturally, the new safety monitor in its stainless steel housing and the new gateway with integrated monitor can be used with all safety-related slaves and modules, independent of their manufacturers. However, interoperability includes more than the hardware: both devices can load and execute any already existing configuration running on a first-generation safety monitor.
During normal operation, the stainless steel safety monitor operates as a specification 3.0-compliant slave with the profile 'combined transactions' and is interoperable with any 3.0 master and, therefore, any control system interfaced via an upper-level network. However, it is downward-compatible as well: it can operate as a safety monitor in networks with older masters according to specification 2.0 or 2.1. If used as a replacement component in such network or for its easy error evaluation, the safety monitor can be configured as a simple 2.1 slave. In this case the PLC application runs as before, without modifications of the master or application program. Only the transmission of data using the new profile is not possible.
Both interoperability and compatibility are considered important factors with respect to protecting the user's investment in previously developed safety technology solutions.
Diagnosis data available from the new safety monitor
- RUN / Stop / Offline phase
- Number of the released circuit during a stop condition
- Address of the initiating slave
- Detailed information concerning the cause of the stop: Operational-related stop (stop without a null sequence); Error-related stop = stop because of an error (code error, slave failure, etc); Internal device error
- History (last stop cause) retrievable
- Condition of the network: Earth fault; Supply voltage interruption; Over-voltage; Double address detection; Failed (standard) slave; Error counter per slave retrievable; Actual slave conditions retrievable
- Restart conditions: Restart; Reset of error condition; Check necessary