E-stop over Ethernet

rpoet said:

As an example, attached is a picture of the control rack for the automation in one of our theater spaces.

Click to expand...

Wow. I wonder what the controls for that thing they did at Met Opera for Wagner's "Ring" look like.

I was looking at the system that Geospark showed - it might be ok for that industry - it looks like if you unplug the USB lead the E/Stop no longer functions is that right?

iant said:

I was looking at the system that Geospark showed - it might be ok for that industry - it looks like if you unplug the USB lead the E/Stop no longer functions is that right?

Click to expand...

That is my understanding as well. I'm trying for something a little more robust.

After looking at the available options, it appears more and more like this may need to be another in-house designed solution. Nothing quite meets our requirements. Entertainment is an odd duck to be sure. We use components from industrial controls and automation in ways that manufacturers never conceived of. When I call Parker or AutomationDirect, they always seem fascinated by what we do. Our gear is usually running a packaging plant or welding cars together on an assembly line.

We use it to make art and help tall a story.


-rpoet

I spent 16 years at Toyota (stamping Plant Altona) so I do understand
I was interested in the details from Geospark.
mainly because the system looks like it is a huge risk and I would be worried about the silent readers who may think it is OK.
-
As I mentioned earlier contact PILZ
the programable Safety relay and its additional remote I/O modules.
This would be a system that uses easy graphics to program - I will post a snapshot for you later.

very easy to expand - or reduce for your application.
I think I understand you want to be able to change for different applications.
remember other MFG's have similar equipment

From what I have read you can do this pretty safely. The way I would break it down is to have each module (elevator, sliding doors, etc) have an ANET drop. On this drop I would locate my Safety inputs and my safety outputs for that module. Then in the PLC I would have a way to add or remove a modules to the system. You can do this via an HMI If you are not using a particular module you dont activate it. That is one of the cool things you can do with a safety PLC versus a standard safety relay. You write the code so you have a lot of flexibility in how it works. You will want to put your PLC in one place and leave it. Also different E-stops can be programmed to stop all or just individual modules based on your programming. Since the Safety Outputs go with the module you are using you can have both local and global safety via ethernet.

Look here for more info:
http://ab.rockwellautomation.com/Pr...pact-GuardLogix-Controllers-with-Safety#/tab2

http://ab.rockwellautomation.com/io/1734-point-guard-io-modules

just a snapshot of the Pilz program software.
Please Note - this is a dedicated Programmable Safety Relay
it stands alone from a PLC so there is normally no need to access its program
THere are other manufacturers

iant said:

I was looking at the system that Geospark showed - it might be ok for that industry - it looks like if you unplug the USB lead the E/Stop no longer functions is that right?

Click to expand...

rpoet said:

That is my understanding as well. I'm trying for something a little more robust.

Click to expand...

The manual I attached for the Showstopper, if you read it, states that "The USB connection is required for using the cue control functionality of the Showstopper, but is not required for the Emergency Stop system".

iant said:

...I was interested in the details from Geospark.
mainly because the system looks like it is a huge risk...

Click to expand...

Ian, perhaps you are basing your above assessment on the thinking that if the USB cable is unplugged, the Emergency Stop is rendered useless?

Either way, I can see your concerns here, and to be honest, I'm not completely sold on it either, as they don't seem to have much details on their website as to which, if any, safety regulations/codes their system conforms to. That's why I mentioned this, and that you'd have to ask them.

iant said:

...I would be worried about the silent readers who may think it is OK.

Click to expand...

While we now know that rpoet is looking for a far more advanced system than the likes of Creative Conners can provide, I still want to make it a bit clearer as to how their system works, in case some readers are unsure.

Forget the USB for the moment.
The Showstopper is an Emergency Stop unit which has six 5-pin XLR outputs for connecting to Stagehand units. Each Stagehand unit is a controller for your driven motors, which has an Emergency Stop 5-pin XLR input connector.

Output one on the Showstopper has a switch for selecting whether it is a standard output or a Remote Emergency Stop circuit input. When output one is set to Remote, you can daisy chain Remote Emergency Stop units using XLR leads. Each Remote Emergency Stop unit has a male and female XLR socket to facilitate this. On the last Remote, you connect in on the male socket and you use a terminating XLR plug in the female socket to bridge the end of the circuit.

A 24VDC signal is sent from the Showstopper to each Stagehand unit to enable the Emergency Stop circuit.

Any activation of a Remote, or the Showstopper unit's Emergency Stop, will drop the 24VDC signal to the Stagehand units. This drops out the Stagehand's Emergency Stop contactor, stopping their driven motors dead.

The USB on the Showstopper is for a separate feature of the unit, which allows you to navigate your scene cues via the Spikemark software running on the PC connected via the USB.
The Showstopper has LAST, NEXT, LOAD buttons for the cues.

The Stagehand units are also connected to a PC running Spikemark, but via Ethernet. Spikemark controls the cues for the motors speed and position using encoders and limits which are connected to the Stagehand unit.

If you already have servos, then you can use a Stagehand Mini, which does all of the above, except it does not drive the motors, but merely controls your existing servos.

If you need more than six Stagehands on the Showstopper Emergency Stop system, you can use Showstopper Hubs, which give you a further six Stagehand outputs each.

There is an Emergency Stop contactor in the Stagehand which is held energized by the 24VDC supply from the Showstopper. Upon Emergency Stop, this contactor breaks the 3Phase supply to the Stagehand servo and brake.

All that is well and good and I'm sure works fine, but what I'd be more interested in knowing is...

Does this Emergency Stop system have built in redundancy and self-checking measures?
What SIL level can it achieve?
What PL level can the safety components reach?
What Stop Categories can it accommodate?

Again, questions you would have to ask them.

This is just one company, perhaps there are others?

rpoet,

All that is academic now, as you seem to be a self sufficient outfit who design their own in-house systems.

If companies within the theater automation business are indeed rolling their own safety systems without regard to regulations and codes (I hope not), then it further highlights the need for specific codes for this industry, if they don't already exist?

Applying normal safety system design principles to your proposed specification is, in my opinion, complicated.

As Manglemender pointed out, each new, and unique production should be independently risk assessed. An appropriate level of safety should then be calculated for each of those risk assessments. A safety system design would then need to be done for each one, selecting the appropriate safety rated components and their positions. This would then have to be tested, and documented. Training would then need to be provided to personnel for each safety system as to how it functions.

If using the same safety system again, after being swapped out and back again, you would have to re-test it and document it again. Re-training may be necessary, especially if using a different crew from the last time the safety system was used.
A signage system may also be required to indicate to personnel which safety system is in use.

It is also an iterative process. You may need to further improve certain safety measures if new risks are identified.

Every new production will require this process, if you want to do it correctly.

Observation:
I keep seeing people here on this Forum looking for safety equipment to suit their needs, but never a mention of a risk assessment. It's a requirement, not a luxury.

Finding the safety equipment that will do what you want is the easier part here. Constantly re-configuring, while maintaining the required safety levels, is the complicated part.

As I said, I would not like to be designing safety systems within your industry, and I'm a certified machine safety expert (CMSE).

I'll continue to watch this one with interest.

G.

Rockwell CIP safety over Ethernet will do everything you have asked. What you have proposed is not difficult and I have done similar safety remote e-stop stations over Rockwell CIP many times.

As GeoSpark stated you need to begin with a good risk analysis to see what category / level of safety system you will need. Rockwell has people that can come in and help with the safety analysis and designing the system since it would be your first CIP safety system.

The Plc Kid said:

Rockwell CIP safety over Ethernet will do everything you have asked. What you have proposed is not difficult and I have done similar safety remote e-stop stations over Rockwell CIP many times.

Click to expand...

The OP had indicated in a different topic that he works mostly with AutomationDirect and even Beckhoff stuff looks pricey to him.

The Rockwell gear may cause a sticker shock. Or for that matter anything that deals with safety over a fieldbus.

thanks for thet Geospark i understand.

LadderLogic said:

The OP had indicated in a different topic that he works mostly with AutomationDirect and even Beckhoff stuff looks pricey to him.

The Rockwell gear may cause a sticker shock. Or for that matter anything that deals with safety over a fieldbus.

Click to expand...

I did not notice the pricing issue with the OP when I made a reply but safety and cheap are really not terms that are often used together nor would you want them to be IMHO.

Networked safety is cool and it's flexible and works well but it's not cheap for sure.

Our DCS system consists of a central control room where operator consoles are situated and a number of satellite buildings which house the control systems I/O and processing hardware in addition to the emergency shutdown systems PLC's. ESD buttons are situated on each console which the operator can use to shutdown the PLC's in an emergency situation (fire, disaster etc.).
Each satellite building is at least 700 metres from the central control room. These ESD console buttons used to operate via some DCS hardware in the central control room to DCS hardware in a satellite building via the DCS hi-way and then from DCS I/O to each PLC.
This is clearly not good practice per modern safety standards.
We recently upgraded the DCS and central control room and decided that we must split these ESD buttons out from the DCS. We considered hardwiring them from the central control room consoles to each satellite building but realised that there would be problems with voltage drop etc. (24 volts dc system) due to cable runs required of 700m plus. As we were upgrading the DCS hi-way to Ethernet fibre optics we put in extra fibres for other systems in addition to ESD requirements.
All of these fibre networks had redundancy built into them via network switches with redundancy managers etc.
We installed HIMA Hi-Matrix safety plc's in each satellite building and in the central control room for these console ESD buttons with appropriate redundancy. This gave us complete segregation from the DCS control system. The HIMA plc's comply with SIL 3 / IEC 61508 safety standards for both hardware and communications protocol.
Not a cheap solution but very safe and reliable. We work in a very large natural gas processing plant where safety is very important.
Bottom line for me is that with ESD systems you should build in redundancy especially with network systems.

The Plc Kid said:

Networked safety is cool and it's flexible and works well but it's not cheap for sure.

Click to expand...

If the system is just a bit big and/or complex, then I think that networked safety is actually not more expensive than a traditional hardwired safety system. Cabling is expensive and rearranging the cabling often will also cost a lot. Nothing different to traditionally hardwired i/o and networked i/o.

I think that both Profibus and Ethernet/IP can coexist with other networking on the same ethernet LAN (with some constraints). But I am thinking that you do not want the other networking to interfere with your safety network. Not that it will affect the safety, but daily network maintenance may get complicated with too many cooks in the kitchen.

So I suggest a new networked safety LAN. You may consider ASI. It is the least expensive for sure.

LadderLogic said:

Wow. I wonder what the controls for that thing they did at Met Opera for Wagner's "Ring" look like.

Click to expand...

It was a lot more gear, but still rack-mount like that. And they got a lot more gear the last couple years. I tried finding pictures to post, but all the photos I found were front-of-house. They use Tait Tower's Navigator Control System (http://info.taittowers.com/tait-products).

kfbest said:

It was a lot more gear, but still rack-mount like that. And they got a lot more gear the last couple years. I tried finding pictures to post, but all the photos I found were front-of-house. They use Tait Tower's Navigator Control System (http://info.taittowers.com/tait-products).

Click to expand...

Im sure he still cares after 4 years.