Motion monitoring enables highly efficient machine operation – but standards also demand maximum safety.
25 Aug 2015
External safety for motion monitoring
With an external monitoring unit, safety functions can be implemented as standard on Variable speed drive and servo amplifiers of various performance classes and from various manufacturers; in most cases this can be achieved very economically.
The objective of safety technology was and always will be to prevent potentially hazardous movements. Nothing, then, is more obvious than to have a close connection between safety technology and motion generation. For technical and economic reasons, the drive electronics – servo amplifiers and Variable speed drives – have remained as non-safety-related components in very many applications. In such applications, the required safety is guaranteed through additional safe components, which bring the drive to a de-energised, safe condition in the event of a fault, or safely monitor the movement of the connected motor. Motion monitoring has two main tasks: it must detect any violation of the limit values and then trigger an appropriate safe reaction. It must also detect any potential errors in the encoder system and likewise trigger an appropriate error reaction.
Even with external, safe motion monitoring systems it is possible to implement with ease many of the safety functions defined in EN 61800-5-2 (Adjustable speed electrical power drive systems Part 5-2: Safety requirements – Functional). So it is possible to reach the required safety level by re-using the existing actuator and sensor technology, even on older drive systems. This is significant, particularly where a retrofit is involved, because it means the cost of exchanging the drive, motor and sensor technology can be saved. Existing drive functions can also continue to be used without restriction. What's more, it is no longer necessary to undergo the sometimes complex process of converting the existing drive program to a new system, along with the additional training required to program the safety section.
The task of the external devices is to detect motion. The safety characteristic data of the employed sensors, e.g. rotary encoders or proximity switches, is significant in determining the safety level that can be achieved. Different solutions to suit the various requirements are available to monitor movements with external monitoring devices. At the highest level it is important to distinguish between so-called standard encoders and "safe" encoders.
Pre-assembled adapter cables simplify connection of the external monitoring devices. These are inserted between the drive and feedback encoder and record the motion monitoring signals. Appropriate adapters are available for all common drive manufacturers and drive models.
Another advantage of using external motion monitoring modules is the fact that the safety system is independent from the employed drive system. This means that all the safety functions, special motion generation functions and motion control functions can be implemented within the usual system.
Open to rotary encoders
The external devices record movement by means of the signals from the employed sensors, e.g. rotary encoders or proximity switches. The safety level that can be achieved is essentially determined by their safety characteristic data.
An important requirement for solutions with external safety is the ability to evaluate all standard sensor systems (rotary encoders in various designs, incremental encoders (TTL, HTL), Sin/Cos encoders) up to Performance Level (PL) d of EN ISO 13849-1d and two proximity switches up to PL e. This is made possible via a large number of feasibility checks within the external safety component that monitors the sensor signals. As a result it is possible to achieve diagnostic coverage of up to 90 % on the encoder system. Through appropriate warning messages, a potential encoder failure can be detected early. It is also possible to use internal encoder diagnostics and to react to a potential fault signal from the rotary encoder with a protection violation.
If a higher PL is required, this can be achieved by using an appropriately certified, safe rotary encoder. The important factor here is the correct interaction between encoder and safety relay. The documentation belonging to the respective encoder describes the requirements of the monitoring device, which must be met in order to use the device and to claim the certified safety-related characteristic data.
If a certified, safe sensor cannot be used, it is still possible to achieve a higher PL with little effort. An additional proximity switch is fitted so that it scans the hazardous movement on a toothed wheel or shaft coupling, for example. The monitoring device can now continuously compare the established speed values from both encoder systems (standard rotary encoder) and proximity switch. If the values are no longer in sync, the monitored axis is brought to a stop. As a result, motion monitoring up to PL e is possible with two standard components. Monitoring for broken shearpins or gear monitoring can also be implemented in the same way.
Stand-alone or interlinked?
Pilz safe motion monitoring solutions with external monitoring devices can be used in conjunction with standard, certified Sin/Cos encoders designed for up to PL e. As a result, safe motion monitoring can be implemented up to the maximum PL with only one encoder.
If there are only a few safety functions to be linked to motion monitoring, individual relays provide an appropriate solution; take the stand-alone speed monitor PNOZ s30 from the PNOZ range for example. This offers safe monitoring of standstill, speed, position, shearpin breakage, speed range and direction of rotation, up to PL e/SIL CL 3.
With more large-scale safety tasks, the configurable control system PNOZmulti can be used with special motion monitoring modules. Per module, up to two axes can be monitored independently via incremental encoders and/or proximity switches with up to 16 freely selectable setpoint values per axis. A total of 6 of these modules can be connected to a base unit. Setpoint values are selected in the graphics configuration tool, the PNOZmulti Configurator.
The third product type available from Pilz for external, safe motion monitoring is a fully programmable, complete solution for machines and interlinked plants. The automation system PSS 4000 for safety and automation provides users with a wide range of modules plus various editors and blocks for the control systems PSSuniversal PLC or PSSuniversal multi. On the PSS 4000, the safe monitoring function is wholly integrated within the user software. Two different measuring principles and therefore different functions are available for safe motion monitoring. Safe motion monitoring with a new encoder module, which enables connection to a variety of existing rotary encoders, allows the safety functions in accordance with EN 61800-5-2 to be implemented with just one rotary encoder. Another module enables safe position monitoring (safe speed and safe position) to be implemented with the control systems PSSuniversal PLC using counter modules.
The more complex the task, the more beneficial are existing add-on functions of the external monitoring devices likely to be. In the event of an error, e.g. if a speed monitoring function reacts, a drive should always be shut down as quickly as possible. Long transmission times to centralised safety systems and their program cycle times can often present a problem. With local stop outputs, which can drive the safety functions SS1 (Safe Stop 1) and STO (Safe Torque Off) directly, motion monitoring modules from Pilz, for example, can trigger a stop of the corresponding axis just a few milliseconds after the monitoring function has reacted. Thanks to integrated delay stages it is even possible to implement the SS1 function, after an emergency stop signal has first been transmitted to the drive and after the drive's STO function is activated when the set delay time has elapsed. This way an axis can still be brought to a controlled standstill in the event of an error, before the controller inhibit makes braking impossible.
Reaction within milliseconds
If you need to shut down not just one but multiple drives simultaneously, a cascading function on PSS 4000 allows you to do this simply, within a few milliseconds; this is independent of fieldbus times or task cycles on the controller. The monitoring devices that are intended to constitute a shutdown group are connected via an additional cable for this purpose. Should one of the monitoring devices trigger a shutdown on its drive, this will be signalled to the other monitoring devices via this cable, whereupon they too will initiate a shutdown of the relevant monitored drives.
As a complete supplier, Pilz offers the appropriate system for each application and requirement in the field of safe motion monitoring. This includes the integrated safe motion solution PMCprotego DS (combination of safety card and servo amplifier) as well as motion monitoring as an external monitoring function. These can simply be integrated into the application, without being defined in particular for a safety system. Future developments, both on the drive and the encoder side, are also addressed and processed sensibly and usefully by the external motion monitoring systems, so that the benefits are retained.