TwinSAFE: Safety and I/O technology in one system
Advanced electronic safety technology offers a wide range of benefits in terms of flexibility, handling, diagnostics, and, of course, wiring effort. However, genuine added value only comes from an integrated system offering optimum synergy between standard automation and safety technology. TwinSAFE – the safety solution from Beckhoff – integrates safety functionalities into the existing control architecture.
Conventionally, automation and safety technology are often implemented separately. TwinSAFE from Beckhoff provides a consistent hardware and software technology for achieving integrated and simplified handling, ranging from safe input and output terminals and safe miniature controllers for the Bus Terminal system to the AX5000 Servo Drives. On the software side, the TwinSAFE technology is fully integrated with the TwinCAT automation software, enabling convenient configuration of safety functionality. Together with the Beckhoff TwinSAFE protocol, holistic and very flexible integrated solutions according to SIL3 can be implemented.
The I/O construction kit is extended safely
With the TwinSAFE system, Beckhoff offers the option of simply expanding the proven Bus Terminal system, and to transfer the complete cabling for the safety circuit into the already existing fieldbus network. Safe signals can be mixed with standard signals without restriction. This saves design effort, installation and material. Maintenance is simplified significantly through faster diagnosis and simple replacement of only a few components. The TwinSAFE Bus Terminals only include three basic functionalities: digital KL1904 inputs, digital KL2904 outputs, and the KL6904 Logic Terminal. For a large number of applications, all sensors and actuators can be wired on these Bus Terminals. The required logical link of the inputs and the outputs is handled by the KL6904 TwinSAFE controller. For small configurations, the tasks of a fail-safe PLC can thus be handled within the Bus Terminal system.
TwinSAFE architecture
The TwinSAFE concept enables a wide range of safety tasks to be realised. Structures with mixed standard and safety-relevant signals are possible. Configuration of separate networks is also possible. Alternatively, the TwinSAFE system can be operated as a stand-alone solution or as a decentralised pre-processing system with safe communication between a higher-level safety controller. The KL6904 TwinSAFE Logic Terminals are networked via the TwinCAT System Manager. Safety-relevant networking of the machines can thus simply and cost-effectively be realised via bus systems or existing Ethernet connections. The TwinSAFE system facilitates encapsulation and decoupling of individual production or manufacturing cells. System extensions or changeovers can be implemented quickly and without wiring effort.
TwinSAFE Bus Terminals
The TwinSAFE Bus Terminals enable connection of all common safety sensors and actuators. They can be operated with the KL6904 TwinSAFE Logic Bus Terminal. The TwinSAFE protocol is used for secure communication. The TwinSAFE Logic Bus Terminal is the link unit between the TwinSAFE input and output terminals. It enables the configuration of a simple, flexible and cost-effective decentralised safety control system. Therefore, there are no safety requirements for the higher-level control. The typical safety functions required for the automation of machines, such as emergency stop, safety door, etc. are already permanently included in the KL6904. The user can configure the terminal according to the safety requirements of his application.
Safe system networking
A further significant system benefit is the fact that inter-system communication can be realised with little effort. In most systems consisting of several individual machines, it is a problem to transfer safety-relevant signals between different sections. System communication is generally based on standard signals and shared by the Beckhoff system for safety-relevant data. This is made possible by the KL6904 Logic Terminal, which can communicate not only with safe inputs and outputs, but also with other safety and logic units.
Networking of individual TwinSAFE Logic Terminals enables simple and cost-effective safety-relevant networking of machines via bus systems. The TwinSAFE system facilitates encapsulation and decoupling of individual production or manufacturing cells. System extensions or changeovers can be implemented quickly and without wiring effort. All fieldbus systems including real-time Ethernet or EtherCAT are suitable for this type of machine-to-machine (M2M) communication. Communication is monitored as follows: Each logic and I/O terminal offers different mechanisms for local communication monitoring. As the central unit, TwinCAT deals with data routing and provides an “envelope” for the communication connection between two machines or two controllers. The system transfers safety-relevant data within this “envelope”.
The TwinSAFE protocol
The TwinSAFE protocol developed by Beckhoff enables safety-relevant data to be transferred via any media (“genuine black channel”), since the transfer medium does not contribute to the safety of the system. Fieldbus systems such as PROFIBUS, CANopen or Ethernet systems such as EtherCAT can be used in conjunction with TwinSAFE. All of these systems can also be mixed without restriction. Since advanced automation communication networks (either in the form of a fieldbus or an Ethernet connection) invariably also include a number of non-safety-relevant devices, these must obviously not influence the safety of the system. Document GS-ET-26 “Prüfgrundsätze Bussysteme für die Übertragung sicherheitsrelevanter Nachrichten” (rules for testing bus systems for the transmission of safety-relevant messages, available only in German) describes the following fault scenarios that have to be considered: repetition, loss, insertion, wrong sequence, corruption of messages, delay, coupling of safety-relevant and non-safety-relevant transfer functions. The TwinSAFE protocol can handle these and other fault scenarios. The residual fault rate of the TwinSAFE protocol meets the requirements of IEC 61508 SIL 3 and is therefore suitable for typical industrial automation applications. The protocol is variable and automatically adapts to the data lengths to be transferred. For example, the TwinSAFE protocol enables Ethernet with 100 Mbit/s or a serial interface with 10 kbit/s to be used for transferring safety-relevant data. The communication system is not burdened with unnecessary overhead.
The TwinSAFE protocol is suitable for a range of devices such as digital I/Os, drive controllers, measuring transducers or laser scanners. The EtherCAT system may also be used for data transfers. All safety- and non-safety-relevant data are available to the non-safety-relevant controller (TwinCAT) for further processing or analysis. Excellent diagnostic functions enable very effective debugging, thereby increasing system availability. Standard and safety controller and standard and safety bus no longer have to be separated, which opens up new opportunities.