PROFIsafe device on PROFINET network?

[Ozpeter]

I am using an Emerson CPL410 cpu as a PROFINET master. I don't believe that this CPU supports PROFIsafe, as otherwise it would have been mentioned all over the documentation (however I may be wrong about that)

One of the devices on my PROFINET network is a safety rated Huebner Unit One overspeed switch (UO-SCU-G), (and this next bit is a bit confusing to me) that is supposed to be interfaced to PROFINET via a UO-EPN-2 (which is apparently the non-PROFIsafe interface, I believe that the PROFIsafe one is UO-SPN-1)

The only GSD file that I can find for the this system ("GSDML--V2.3-HU-024A-AMPN(H)41-20150424") includes a fixed set of modules when you create an AMPN(H)41 device on the network. These modules are (leaving out slot 0):

1. Slot 1 AMPN(H)41 I/O Safety
2. Slot 2 AMPN(H)41 I/O

The "safety" slot contains parameters called:

• PS input cam
• PS input status
• PS input velocity
• PS output control1
• PS output control2
• PS output preset multi turn value

(Where I assume "PS" stands for "PROFIsafe"

While the "non-safety" slot only has

• input cam
• input velocity

My questions are:

1. How well is this mishmash of PROFIsafe and non-PROFIsafe components going to work?
2. Should there be a GSD file somewhere that matches the non-safe UO-EPN-2?
3. Is it likely that the inputs marked "PS" will also get populated along with the non-PS inputs?
4. Is it likely that the "PS" preset can be sent across a non-PROFIsafe network to the device?

Previously I have only used U-Ones on PROFIBUS, and I had a lot more confidence in the way the system worked.

Finally I am not in control of hardware design, and that is happening on the other side of the planet anyway. I'm just trying understand what is being asked of me.

 

[JesperMP]

In all this system, where is the safety controller ?
Is the CL410 the safety controller ?

This one I can answer.

1. How well is this mishmash of PROFIsafe and non-PROFIsafe components going to work?

In a Profinet system, non-safety and safety devices can coexist and communicate at the same time. The Profinet system is 'merely' a transport system for the telegrams the safety controller use to talk to the safety devices.
Some devices have in themselves also non-safety and safety signals at the same time.
Between safety controller and safety devices there may be non-safety networking components, switches for example. But these must all be Profinet rated.

I am guessing that if the CPL410 is the safety controller, then the regular I/O and the safety I/O are setup separately. Also the regular control program and the safety program are setup separately. The safety parts will have additional safety features, such as mandatory password protection, checksum generated for every change, I/O modules must be individually identified and tested etc.

When you write that you are not in charge of the hardware, do you mean the PLC hardware, or mechanical hardware, or .. ?

Safety is not trivial, and the assignments of responsibilities is not something that should be guessed at.
It may be implied that you are the responsible person since you a dabbling with the safety.
Just mentioning, because you can get in a heap of trouble if an accident occurs and all fingers suddenly points at you.
Get the name of the responsible persons in writing.
Get what your role is in writing.

 

[Ozpeter]

Thanks for the reply, but some of your responses are based on assumptions that I didn't make clear in my original post. That's on me.

The CPL410 is NOT a safety rated controller. It is a rackless, standard PLC, with all the physical I/O on PROFINET. I have dealt with safety PLCs in the past (well, only PILZ), and the overall application in this case is not a safety rated application (it would require a lot of different hardware if it was)

The only thing I have control over is hitting the keyboard and arranging ones and zeroes in a manner that is pleasing to my masters. I can, and do point out the inconsistencies and stupidities of the systems that I am meant to program, but that is all I can do. Sometimes my masters actually pay attention to what I say.

In this particular case, the physical I/O is a safety rated device, but the PROFINET interface card attached to the I/O is not safety rated. But the GSD file I have been supplied with seems to imply safety rated functionality.

I am aware that PROFINET and PROFIsafe devices can coexist on a single network, but in hindsight I think that because the interface card is not safety rated, that there will be no PROFIsafe traffic on the network.

My confusion is twofold:
Why specify safety rated hardware if you are going to cripple it by attaching it to a non-safety rated system? (and I know only the hardware designers can answer this one)

What are the implications of a GSD file that seems to imply safety rated exchanges on a non-safety rated network?

 

[JesperMP]

An interface card that only handles the transfer of data need not be safety rated, even if safety data passed through it.

My experience is with Siemens.
For example a header (interface module in Siemens lingo) in a remote i/o block need not be safety rated, only the i/o modules in the same remote i/ rack.
On the other hand, a control unit in a VFD which handles both the networking as well as the logical control must be safety rated for the VFD to support safety functions.

As for the GSD file with safety and non-safety parts, then I guess that nothing stops you from using the device in a normal way with no safety functions. Sometimes standard devices are specced, even if not all features of the device will actually be used.

But the safety rated Huebner switch you mention at the beginning do sound as if there should be a safety controller in the system.


Someone that designed the system must be able to answer your questions.

 

[Ozpeter]

I've been reading up more closely on the difference between PROFIsafe and PROFINET and this is what I think I understand.

1. The actual overspeed switch (UO-SCU-G) is safety rated, and is a standard lone device. (And as such has no built in networking capability). It was probably specified because it was a standard part for the machine builder.
   
2. The interface (UO-EPN-2) interfaces between the overspeed switch and the Ethernet network. It is not safety rated and is only capable of exchanging PROFINET messages between itself and the PROFINET controller
   
3. The controller (CPL410) is not safety rated, and can only exchange PROFINET messages with the UO_EPN-2
   
4. The GSD file I have been supplied with is suitable for PROFIsafe communications between a PROFIsafe compliant controller and device. As the CPL410 did not complain when I imported the GSD file, my assumption is that the GPLC410 is ignoring the PROFIsafe aspects of the GSD file.
   
5. There are two data modules in the GSD file, one that is tagged with the PROFIsafe XML tags, and the other without .
   
6. Some I/O data seems to be replicated in both modules. But one particular data field is only mentioned in the PROFIsafe module. And that is a data field that I am very interested in.

So I think my actual question is about how a PROFINET controller treats modules in a GSD file that are intended for a PROFIsafe controller and device. Does it ignore them? Or does it downgrade those fields to PROFINET, or does something else happen?