Siemens SIMATIC S7 System Manual

Safety engineering

Hide thumbs Also See for SIMATIC S7:

System manual (866 pages)

Functional safety manual (212 pages)

User manual (134 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

page of 162

/ 162
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual See also: System Manual, User Manual

SIMATIC Safety Engineering in SIMATIC S7

SIMATIC

Safety Engineering in SIMATIC S7

System Manual

04/2006

A5E00109529-05

Preface

Overview of Fail-safe

______________

Systems

Configurations and Help with

______________

Selection

______________

Communication Options

______________

Safety in F-Systems

Achievable Safety Classes

______________

with F-I/O

______________

Configuring F-Systems

______________

Programming F-Systems

Monitoring and Response

______________

Times of F-Systems

Table of Contents

Summary of Contents for Siemens SIMATIC S7

Page 1 Preface SIMATIC Safety Engineering in SIMATIC S7 Overview of Fail-safe ______________ Systems Configurations and Help with ______________ Selection SIMATIC ______________ Communication Options Safety Engineering in SIMATIC S7 ______________ Safety in F-Systems Achievable Safety Classes ______________ with F-I/O System Manual ______________...
Page 2: A5E00109529
Trademarks All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Page 3 I/O devices in S7 Distributed Safety and S7 F/FH Systems: • S7-300 fail-safe signal modules • ET 200S fail-safe modules • ET 200pro fail-safe modules • ET 200eco fail-safe I/O module • Fail-safe DP standard slaves / I/O standard devices Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 4 • ET 200S fail-safe modules • ET 200pro fail-safe modules • ET 200eco fail-safe I/O module • New F-library blocks Safety Data Write ET 200pro fail-safe modules Fail-safe I/O standard devices Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 5 (including installation, wiring, and technical specifications) operating instructions ET 200eco Distributed I/O Describes the hardware of the ET 200eco fail-safe signal module Station Fail-safe Signal (including installation, wiring, and technical specifications) Module manual Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 6 The complete collection of SIMATIC S7 documentation is available on CD-ROM. Guide The following topics are covered in the system description: • Overview of fail-safe automation systems in general, and in SIMATIC S7, in particular • Comparison of system performance of S7 Distributed Safety and S7 F/FH Systems •...
Page 7 Phone: +49 (911) 895-3200 http://www.sitrain.com H/F Competence Center The H/F Competence Center in Nuremberg offers special workshops on SIMATIC S7 fail- safe and fault-tolerant automation systems. The H/F Competence Center can also provide assistance with onsite configuration, commissioning, and troubleshooting.
Page 8 Go to the Internet address http://my.ad.siemens.de/myAnD/guiThemes2Select.asp?subjectID=2&lang=de and register for the following newsletters: SIMATIC S7-300 • SIMATIC S7-400 • Distributed I/O • SIMATIC Industrial Software • Select the "Updates" check box for each newsletter. Safety Engineering in SIMATIC S7 viii System Manual, 04/2006, A5E00109529-05...
Page 9: Table Of Contents
Preface ..............................iii Overview of Fail-safe Systems ....................... 1-1 Introduction ..........................1-1 Safety Integrated - the Integrated Safety Concept by Siemens ..........1-2 Fail-safe Systems in SIMATIC S7....................1-3 1.3.1 Areas of Application of S7 Distributed Safety and S7 F/FH Systems........1-5 1.3.2...
Page 10 Minimum Monitoring Time for Safety-Related Master-I-Slave Communication......A-7 A.3.5 Minimum Monitoring Time for Safety-Related I-Slave-I-Slave Communication......A-7 A.3.6 Minimum Monitoring Time for Safety-Related Communication via S7 Connections ....A-7 A.3.7 Monitoring Time for Safety-Related Communication between F-Runtime Groups....A-8 Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 11 Table 7-1 Fail-safe Blocks of an F-Runtime Group..................7-6 Table 7-2 Fail-safe Blocks of the Distributed Safety F-Library (V1)............7-7 Table 7-3 Fail-safe Blocks of Failsafe Blocks F-Library (V1_2) ............... 7-10 Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 12: System Manual, 04/2006,
Table of contents Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 13: Overview Of Fail-Safe Systems
Overview This chapter provides an introduction to safety engineering in SIMATIC S7. S7 Distributed Safety and S7 F/FH Systems are introduced along with their areas of application. The important similarities and differences between the two fail-safe systems are also presented.
Page 14: Safety Integrated - The Integrated Safety Concept By Siemens
Safety Integrated - the Integrated Safety Concept by Siemens Safety Integrated Safety Integrated is the integrated safety concept for automation and drives by Siemens. Proven technologies and systems from automation engineering are used for safety engineering. Safety Integrated covers the entire chain of safety from sensors and actuators down to the controller, including safety-related communication over standard field buses.
Page 15: Fail-Safe Systems In Simatic S7
Fail-safe Systems in SIMATIC S7 What fail-safe systems are available in SIMATIC S7? Two fail-safe systems are available for integrating safety engineering into SIMATIC S7 automation systems: 1. The S7 Distributed Safety system is available to implement safety concepts for machine and operator protection (e.g., for emergency STOP devices for operation of machine...
Page 16 Overview of Fail-safe Systems 1.3 Fail-safe Systems in SIMATIC S7 Example of User Safety Functions and Fault Reaction Functions In the event of overpressure, the F-system opens a valve (user safety function). If a dangerous fault occurs in the F-CPU, all outputs are deactivated (fault reaction function), whereby the valve is opened and the other actuators also attain a safe state.
Page 17: Areas Of Application Of S7 Distributed Safety And S7 F/Fh Systems
Overview of Fail-safe Systems 1.3 Fail-safe Systems in SIMATIC S7 1.3.1 Areas of Application of S7 Distributed Safety and S7 F/FH Systems Use of S7 Distributed Safety The primary uses of S7 Distributed Safety fail-safe systems are for machine and operator protection (e.g., for emergency STOP devices for operation of machine tools and processing...
Page 18 Overview of Fail-safe Systems 1.3 Fail-safe Systems in SIMATIC S7 Use of S7 F/FH Systems S7 F/FH Systems fail-safe systems are used primarily in process engineering and instrumentation and control applications in which a safe state can be attained by disabling the fail-safe outputs.
Page 19: Performance Characteristics Of S7 Distributed Safety And S7 F/Fh Systems
Overview of Fail-safe Systems 1.3 Fail-safe Systems in SIMATIC S7 1.3.2 Performance Characteristics of S7 Distributed Safety and S7 F/FH Systems Common Characteristics of S7 Distributed Safety and S7 F/FH Systems S7 Distributed Safety and S7 F/FH Systems have the following important characteristics in common: •...
Page 20 Overview of Fail-safe Systems 1.3 Fail-safe Systems in SIMATIC S7 Performance Characteristic S7 Distributed Safety S7 F/FH Systems Communication Safety-related master-master Safety-related communication via communication S7 connections (via PROFIBUS, MPI, Industrial Ethernet, etc.) Safety-related master-I-slave communication Safety-related I-slave-I-slave communication Safety-related I-slave-slave...
Page 21: Table 1-2 Memory Configuration Of F-Cpus
Overview of Fail-safe Systems 1.3 Fail-safe Systems in SIMATIC S7 Table 1-2 Memory Configuration of F-CPUs F-System Applicable Memory configuration (RAM) F-CPU S7 Distributed Safety IM 151-7 F-CPU 96 Kbytes (of which 64 Kbytes is for standard user program) (6ES7 151-7FA01-0AB0)
Page 22: Components Of S7 Distributed Safety And S7 F/Fh Systems
F-I/O. These driver blocks must also be parameterized and interconnected. For both F-systems, safety checks are performed and additional F-blocks for fault detection are incorporated automatically when the executable safety program is compiled. Safety Engineering in SIMATIC S7 1-10 System Manual, 04/2006, A5E00109529-05...
Page 23: Hardware Components
Safety-related portions of the user program must be password-protected against unauthorized access in the F-CPU and the programming device or ES. In addition, the F- CPU applies highly effective measures to detect and eliminate faults. Safety Engineering in SIMATIC S7 1-11 System Manual, 04/2006, A5E00109529-05...
Page 24 • CPU 315F-2 DP (6ES7 315-6FF01-0AB0) beginning with firmware version V 2.0.9 and • CPU 315F-2 DP (6ES7 317-6FF00-0AB0) beginning with firmware version V 2.1.4. The module can be operated in a distributed configuration in in S7 Distributed Safety. Safety Engineering in SIMATIC S7 1-12 System Manual, 04/2006, A5E00109529-05...
Page 25 151-7 F/CPU can therefore exercise full and, if necessary, independent control over a technological functional unit and can be used as a stand-alone CPU or F-CPU. The IM 151-7 F-CPU represents an addition to the line of F-CPUs for S7 Distributed Safety. Safety Engineering in SIMATIC S7 1-13 System Manual, 04/2006, A5E00109529-05...
Page 26 I/O protocol and the PROFIsafe (V2 mode) bus profile. They must behave in accordance with IEC 61784-1:2002 Ed1 CP 3/3 and the PROFIsafe bus profile (V2 MODE). A GSDML file is used to configure them. Safety Engineering in SIMATIC S7 1-14 System Manual, 04/2006, A5E00109529-05...
Page 27: Software Components
• Support for configuring the F-I/O in with • F-library with fail-safe blocks for creating safety programs • Support for creating the safety program and integrating fault detection functions in the safety program Safety Engineering in SIMATIC S7 1-15 System Manual, 04/2006, A5E00109529-05...
Page 28 F-library provided with the optional package. Additional Information For detailed information on configuring S7 Distributed Safety and S7 F/FH Systems, refer to "Configuring F-Systems" "Programming . Programming of F-systems is described in F-Systems" Safety Engineering in SIMATIC S7 1-16 System Manual, 04/2006, A5E00109529-05...
Page 29: Guide To Working With F-Systems
(programmable logic controllers, sensors, actuators). These decisions influence additional activities such as hardware design, configuration, and programming. Note A functional division of standard and safety functions is important for planning. Safety Engineering in SIMATIC S7 1-17 System Manual, 04/2006, A5E00109529-05...
Page 30: Table 1-7 Sequence Of Steps Ranging From Selection Of Hardware To Maintenance Of F-Systems
S7 Distributed Safety: Safety, Configuring and Programming Replace hardware and software components. • S7 F/FH Automation Update operating system. S7 F/FH Systems: • Systems Uninstall F-system. • See also Introduction (Page 6-1) Safety Engineering in SIMATIC S7 1-18 System Manual, 04/2006, A5E00109529-05...
Page 31: Configurations And Help With Selection
Automation System S7-300 Fail-safe Signal Modules manual • ET 200S Distributed I/O System Fail-safe Modules manual • ET 200pro Distributed I/O Device, Fail-safe Modules manual • ET 200eco Distributed I/O Station Fail-safe I/O Module manual • Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 32: Configuration Of F-Systems
F-CPUs cannot be used in S7 F/FH Systems. You can use the following F-CPUs in S7 F/FH Systems: CPU 414-4H and CPU 417-4H. Note that these F-CPUs can not be used in S7 Distributed Safety. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 33 The F-system can be expanded with additional fail-safe I/O, any number of "standard" DP slaves and standard modules. PROFIBUS DP Figure 2-1 Example 1: F-System S7 Distributed Safety with PROFIBUS DP Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 34 The IM 151-7 F-CPU acts as an intelligent preprocessing device (I-slave). The F-system can be expanded with additional fail-safe I/O, any number of "standard" DP slaves and standard modules. Figure 2-2 Example 2: F-System S7 Distributed Safety with PROFIBUS DP Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 35: S7 F Systems Fail-Safe System
– Fail-safe signal modules (F-SMs) in an ET 200M distributed I/O system (with optional redundancy) – Fail-safe modules in an ET 200S distributed I/O system – ET 200eco fail-safe I/O module – Fail-safe DP standard slaves Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 36: S7 Fh Systems Fail-Safe And Fault-Tolerant System
• S7-400H fault-tolerant system (master and standby) on which a safety program is executed • Fail-safe signal modules (F-SMs) in an ET 200M distributed I/O system as switched I/O (with optional redundancy) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 37: Coexistence Of Standard And Fail-Safe Components
(in S7 Distributed Safety only) and as decentralized modules in ET 200M. • In an F-system or FH-system, a standard user program can be executed along with the safety program. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 38 When PROFIBUS DP is configured with fiber-optic cable and combined operation of standard and • fail-safe SMs in one ET 200M is required Automation System S7-300 For a detailed description of the safety protector, refer to the Fail-safe Signal Modules manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 39: Configuration Variants For Fail-Safe Systems According To Availability Requirements
Communication between F-CPUs in S7 FH Systems is described in the CPU Communication section of this manual. For information about S7-400H fault-tolerant Automation System S7-400H Fault-Tolerant Systems systems, refer to the manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 40: Single-Channel I/O (S7 Distributed Safety)
CPU or F-CPU. The IM151-7 F-CPU represents an addition to the line of F-CPUs for S7 Distributed Safety. Safety Engineering in SIMATIC S7 2-10 System Manual, 04/2006, A5E00109529-05...
Page 41 ET 200pro standard modules – ET 200eco fail-safe I/O module – Fail-safe DP standard slaves • Bus connector for connecting the F-CPU and fail-safe I/O to the PROFIBUS DP Safety Engineering in SIMATIC S7 2-11 System Manual, 04/2006, A5E00109529-05...
Page 42 – One ET 200pro with: IM 154-2 HIGH FEATURE, fail-safe modules, and, if necessary, ET 200pro standard modules • Components for connecting the F-CPU and fail-safe I/O to the fiber-optic cable, for example, OLM/OBT Safety Engineering in SIMATIC S7 2-12 System Manual, 04/2006, A5E00109529-05...
Page 43 Fail-safe modules and ET 200S standard modules, if necessary • Fail-safe I/O standard devices • Components for configuring PROFINET – Passive network components (cables, plugs) – Active network components (switches, routers, etc.) if necessary Safety Engineering in SIMATIC S7 2-13 System Manual, 04/2006, A5E00109529-05...
Page 44 • Failure of interface module in an ET 200M, ET 200S or ET 200pro • Failure of the entire ET 200M, ET 200S, ET 200pro or ET 200eco • Failure of the PROFIBUS DP or PROFINET IO line • Failure of the F-CPU Safety Engineering in SIMATIC S7 2-14 System Manual, 04/2006, A5E00109529-05...
Page 45: Single-Channel I/O (S7 F Systems)
ET 200S standard modules – ET 200eco fail-safe I/O module – Fail-safe DP standard slave • Bus connector for connecting the F-CPU and fail-safe I/O to the PROFIBUS DP Safety Engineering in SIMATIC S7 2-15 System Manual, 04/2006, A5E00109529-05...
Page 46 – One ET 200S with: IM 151-1 HIGH FEATURE, fail-safe modules, and, if necessary, ET 200S standard modules • Components for connecting the F-CPU and fail-safe I/O to the fiber-optic cable, for example, OLM/OBT Safety Engineering in SIMATIC S7 2-16 System Manual, 04/2006, A5E00109529-05...
Page 47 • Failure of interface module in an ET 200M or ET 200S • Failure of the entire ET 200M, ET 200S or ET 200eco • Failure of the PROFIBUS DP line • Failure of the F-CPU Safety Engineering in SIMATIC S7 2-17 System Manual, 04/2006, A5E00109529-05...
Page 48: Single-Channel Switched I/O (S7 Fh Systems Only)
• Non-redundant fail-safe signal modules and, if necessary, standard signal modules • Safety protector (required for SIL3/Category 4 applications only, if F-SMs and standard SMs are used together in an ET 200M) Safety Engineering in SIMATIC S7 2-18 System Manual, 04/2006, A5E00109529-05...
Page 49 • Failure of the entire ET 200M Switched I/O are still available to the process in case of: • Failure of an IM153-2/-3/-2 FO • Failure of a PROFIBUS DP line • Failure of an F-CPU Safety Engineering in SIMATIC S7 2-19 System Manual, 04/2006, A5E00109529-05...
Page 50: Redundant Switched I/O (S7 Fh Systems Only)
• Redundant fail-safe signal modules and, if necessary, standard signal modules • Two safety protectors (required for SIL3/Category 4 applications only if F-SMs and standard signal modules are used together in one ET 200M) Safety Engineering in SIMATIC S7 2-20 System Manual, 04/2006, A5E00109529-05...
Page 51 • Failure of an entire ET 200M (requirement: the redundant F-SMs must be located in different ET 200Ms) • Failure of a PROFIBUS DP line • Failure of an F-CPU Safety Engineering in SIMATIC S7 2-21 System Manual, 04/2006, A5E00109529-05...
Page 52: S7 Distributed Safety Or S7 F/Fh Systems - Selection Guide
Normal availability of the Normal Increased the F-system F-system is sufficient availability is availability or sufficient highest level of availability is required Solution... S7 Distributed Safety S7 F Systems S7 FH Systems Safety Engineering in SIMATIC S7 2-22 System Manual, 04/2006, A5E00109529-05...
Page 53 S7 H Systems optional package. See also Performance Characteristics of S7 Distributed Safety and S7 F/FH Systems (Page 1-7) S7 F Systems Fail-safe System (Page 2-5) Safety Engineering in SIMATIC S7 2-23 System Manual, 04/2006, A5E00109529-05...
Page 54 Configurations and Help with Selection 2.4 S7 Distributed Safety or S7 F/FH Systems – Selection Guide Safety Engineering in SIMATIC S7 2-24 System Manual, 04/2006, A5E00109529-05...
Page 55: Communication Options
S7 Distributed Safety Configuring and Programming • For S7 Distributed Safety: manual Programmable Controllers S7 F/FH • For S7 F/FH Systems: manual Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 56: Overview Of Safety-Related Communication
CPU manual Standard user Standard user program program in standard in standard or F-CPU or F-CPU Safety program in Standard user program Communication F-CPU in standard or F-CPU is not possible Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 57: Communication Between Standard User Program And Safety Program
In S7 F/FH systems, different data formats are used in the safety program and the standard user program of the F-CPU; special F-blocks must be used to convert these data formats for exchange of data between the safety program and the standard user program. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 58: Communication Between Standard User Program And Safety Program In S7 Distributed Safety
CFC to convert F-data types to standard data types. Failsafe Blocks This block can be found in the F-library. data type data type The F_F blocks must be called in the standard user program (CFC, standard runtime group). Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 59: Communication Between F-Runtime Groups
These fail-safe blocks can be used to transfer a fixed number of parameters of the same F-data type. See also Structure of Safety Program in S7 F/FH Systems (Page 7-9) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 60: Communication Between F-Cpu And F-I/O
Safety, variables are provided in F-I/O DBs, while in S7 F/FH systems, variables are provided as inputs and outputs of F-driver blocks. See also Structure of the Safety Program in S7 Distributed Safety (Page 7-4) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 61: Accessing F-I/O In S7 Distributed Safety
The user uses the start addresses of the F-I/O to access the F-I/O in the process image (PII, HW Config PIQ). The start addresses are automatically entered in the configuration table in (input/output addresses) and can be changed. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 62: Safety-Related I-Slave-Slave Communication In Distributed Safety
F-I/O of a slave that supports I-slave-slave communication, for example ET 200S modules with IM 151-1 HIGH FEATURE, Order No. 6ES7 151-1BA01-0AB0 and higher. Any S7 Distributed Safety of the F-CPUs for can be used as the F-CPU in the I-slave. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 63 5. Once the safety program has been created, generate and download it to the F-CPU of the I-slave. Further Information For detailed information on configuring S7 Distributed Safety Configuring safety-related I-slave-slave communication, refer to the and Programming manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 64: Accessing F-I/O In S7 F/Fh Systems
• Process data from the F-I/O (input channels), at an output of the associated F-channel driver • Process data to the F-I/O (output channels), at an input of the associated F-channel driver Safety Engineering in SIMATIC S7 3-10 System Manual, 04/2006, A5E00109529-05...
Page 65: Standard Communication
S7-300 fail-safe signal modules can be used in standard mode (exception: SM 326; DO 8 ☓ 24 VDC/2 A). The ET 200S, ET 200pro, and ET 200eco fail-safe modules operate only in safety mode and never operate in standard mode. Safety Engineering in SIMATIC S7 3-11 System Manual, 04/2006, A5E00109529-05...
Page 66 Additional special module diagnostic blocks are available for S7 F/FH systems for this purpose. These blocks automatically generate messages, for example, to WinCC, and are Programmable Controllers S7 F/FH used mainly in conjunction with PCS 7 (see manual). Safety Engineering in SIMATIC S7 3-12 System Manual, 04/2006, A5E00109529-05...
Page 67: Safety-Related Cpu-Cpu Communication
In S7 Distributed Safety, a DP/DP coupler (order number 6ES7 158-0AD01-0XA0) must be used for safety-related communication between safety programs in different F-CPUs (DP masters). Each F-CPU is linked to the DP/DP coupler via its PROFIBUS DP interface. Safety Engineering in SIMATIC S7 3-13 System Manual, 04/2006, A5E00109529-05...
Page 68 For detailed information on configuring and programming safety-related S7 Distributed Safety Configuring and master-master communication, refer to the Programming manual. See also Structure of the Safety Program in S7 Distributed Safety (Page 7-4) Safety Engineering in SIMATIC S7 3-14 System Manual, 04/2006, A5E00109529-05...
Page 69: S7 Distributed Safety: Safety-Related Master-I-Slave Communication
F-CPU for the DP master and I-slave 6. Assign parameters for F_SENDDPs and F_RCVDPs 7. Once the safety programs have been created, compile and download them to the appropriate F-CPU. Safety Engineering in SIMATIC S7 3-15 System Manual, 04/2006, A5E00109529-05...
Page 70: S7 Distributed Safety: Safety-Related I-Slave-I-Slave Communication
F-CPU. They can be used to transfer a fixed number of fail-safe data of data types BOOL and INT in a fail-safe manner. Safety Engineering in SIMATIC S7 3-16...
Page 71 F-CPU Additional Information For detailed information on configuring and programming S7 Distributed Safety Configuring safety-related I-slave-I-slave communication, refer to the and Programming manual. See also Configuring the F-I/O (Page 6-4) Safety Engineering in SIMATIC S7 3-17 System Manual, 04/2006, A5E00109529-05...
Page 72: S7 Distributed Safety: Safety-Related Communication Via S7 Connections
5. Call F_RCVS7 in the safety program in which data are to be received. 6. Assign parameters to F_SENDS7 and F_RCVS7. 7. Once the safety programs have been created, compile and download them to the appropriate F-CPU. Safety Engineering in SIMATIC S7 3-18 System Manual, 04/2006, A5E00109529-05...
Page 73 You can find information on configuring S7 connections in the For detailed information on configuring and programming safety-related communication via S7 Distributed Safety Configuring and Programming S7 connections, refer to the manual. Safety Engineering in SIMATIC S7 3-19 System Manual, 04/2006, A5E00109529-05...
Page 74: S7 F/Fh Systems: Safety-Related Communication Via S7 Connections
These blocks are called by the user in the relevant safety program of the F-CPU. These fail-safe application blocks can be used to transfer a user-defined amount of fail-safe data of data types BOOL and REAL in a fail-safe manner. Safety Engineering in SIMATIC S7 3-20 System Manual, 04/2006, A5E00109529-05...
Page 75 For detailed information on configuring and programming safety-related communication via Programmable Controllers S7 F/FH S7 connections, refer to the manual. See also Structure of Safety Program in S7 F/FH Systems (Page 7-9) Safety Engineering in SIMATIC S7 3-21 System Manual, 04/2006, A5E00109529-05...
Page 76 Communication Options 3.6 Safety-Related CPU-CPU Communication Safety Engineering in SIMATIC S7 3-22 System Manual, 04/2006, A5E00109529-05...
Page 77: Safety In F-Systems
STEP 7 Standard behavior is described in the manuals and hardware manuals and is not covered in this manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 78 Installation in a locked cabinet • Using an adhesive label to protect the Micro Memory card or Flash card of the F-CPU • See also Standards and Approvals (Page 4-8) Safety Requirements (Page 4-12) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 79: Safety Mode
• CRC signature Safety-related CPU-CPU communication also takes place using a safety message frame similar to PROFIsafe. The following information on monitoring time, sequence number, and CRC signature is also applicable. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 80 If a CRC signature error occurs during communication between the F-CPU and F-I/O, e.g., due to intermittent electromagnetic interference, the F-I/O is passivated. See also Introduction (Page 3-13) Fault Reactions (Page 4-5) Configuring the Monitoring Times (Page A-2) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 81: Fault Reactions
F-CPU. In addition, the fault is signaled to the safety program in the F-CPU via a safety message frame. Once the fault is eliminated, the F-I/O must be reintegrated (depassivation) (see "Fault Reactions in Safety Program"). See also Standard Communication (Page 3-11) Restart of F-System (Page 4-6) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 82: Restart Of F-System
HOLD mode is not supported for S7 Distributed Safety and S7 F/FH Systems. If a HOLD request stops execution of the user program, this state can only be overridden by a restart (cold restart or warm restart). Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 83: Password Protection For F-Systems
F-system that is used. For this reason, the procedures are described in the relevant configuring and programming manuals for S7 Distributed Safety and S7 F/FH systems under "System Acceptance Test." Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 84: Standards And Approvals
1 of the Report on the Certificate "Safety-Related Programmable System SIMATIC S7 Distributed Safety" "Safety-Related Programmable Systems SIMATIC S7 F/FH Systems (formerly S7-400F and S7-400FH)" are available upon request from: Ms. Petra Bleicher A&D AS RD ST Type Test Fax No. 49 9621 80 3146 e-mail: petra.bleicher@siemens.com...
Page 85 Systems - Parts 1, 2 and 5 only NE 31 NAMUR Recommendation Safeguarding of Plants by Means of Process Control Engineering ISA S 84.01 Application of Safety Instrumented Systems for the Process Industry Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 86 IEC 61496 Safety of Machinery - Electrosensitive For S7 Distributed Safety only Protective Equipment For details, refer to the Report on Safety-Related the Certificate Programmable System SIMATIC S7 Distributed Safety Safety Engineering in SIMATIC S7 4-10 System Manual, 04/2006, A5E00109529-05...
Page 87 European Low Voltage Directive 93/68/EEC European EMC Directive UL 508 Industrial Control Equipment Note The environmental-related requirements for F-CPUs and the F-I/O must be adhered to (see technical specifications in the applicable manuals Safety Engineering in SIMATIC S7 4-11 System Manual, 04/2006, A5E00109529-05...
Page 88: Safety Requirements
Risk parameter for possibility of avoiding dangerous occurrence Probability of occurrence of undesirable event No safety requirements No special safety requirements A single electrical/electronic/programmable electronic system is not sufficient. 1, 2, 3, 4 Safety integrity level Safety Engineering in SIMATIC S7 4-12 System Manual, 04/2006, A5E00109529-05...
Page 89 ≥ 10 to < 10 ≥ 10 to < 10 ≥ 10 to < 10 ≥ 10 to < 10 ≥ 10 to < 10 ≥ 10 to < 10 Safety Engineering in SIMATIC S7 4-13 System Manual, 04/2006, A5E00109529-05...
Page 90 As shown in the following figure, an F-system prevents potential dangers or reduces them to a tolerable level through appropriate organizational and technical measures. Figure 4-2 Risk Analysis in Accordance with IEC 61508 Safety Engineering in SIMATIC S7 4-14 System Manual, 04/2006, A5E00109529-05...
Page 91: Table 4-3 Probability Values For Individual Components Of S7 Distributed Safety And S7 F/Fh Systems
ET 200eco fail-safe I/O • • module Fail-safe For fail-safe DP standard slave • • DP standard slaves Fail-safe I/O standard to the fail-safe I/O standard devices • • devices Safety Engineering in SIMATIC S7 4-15 System Manual, 04/2006, A5E00109529-05...
Page 92: Table 4-4 Calculation Example For The Contribution Of The F-System To The Failure Probability Of A Safety Function
6ES7 417-4HL04-0AB0 SM 326; DO 10 ☓ DC 24V/2A 2.00 E-09 6ES7 326-2BF01-0AB0 SM 326; DI 24 ☓ DC 24V 4.00 E-09 6ES7 326-1BK01-0AB0 Safety-related communication 1.00 E-09 Total 11.29 E-09 Safety Engineering in SIMATIC S7 4-16 System Manual, 04/2006, A5E00109529-05...
Page 93: Achievable Safety Classes With F-I/O
SIL3/Category 4 with fail-safe I/O in S7 Distributed Safety and S7 F/FH Systems. The information relates to the F-I/O of the SIMATIC S7 product family, that is, S7-300 F-SMs, F-modules ET 200S and ET 200pro, and the ET 200eco fail-safe I/O module.
Page 94: Safety Functions For Achieving Safety Classes For F-I/O With Inputs
– Type of sensor interconnection (single-channel or two-channel) – Enable short-circuit test, if applicable – Define which F-I/O is to be redundant, if applicable (for S7 FH Systems only) – Define the discrepancy time, if applicable Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 95: 1Oo1 Evaluation For F-I/O With Digital Inputs
SIL2/Category 3 can only be achieved if a suitably-qualified sensor is used. Figure 5-1 Example: Wiring Diagram for One Sensor Connected via One Channel to One F-DI (1oo1) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 96 SIL2/Category 3 and high availability to be achieved. SIL2/Category 3 can only be achieved if a suitably-qualified sensor is used. Figure 5-2 Example: Wiring Diagram for One Sensor Connected via One Channel to Two F-DIs (1oo1, High Availability) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 97: 1Oo2 Evaluation For F-I/O With Inputs
(for non-equivalence testing: whether the agreement has disappeared). If not, this means that a discrepancy error exists. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 98 This wiring enables SIL3/Category 4 to be achieved. SIL3/Category 4 can only be achieved if a suitably-qualified sensor is used. Figure 5-5 Example: Wiring Diagram for One Two-channel Sensor Connected via Two Channels to One F-DI (1oo2) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 99 SIL2/Category 4 and high availability to be achieved. SIL3/Category 4 can only be achieved if a suitably-qualified sensor is used. Figure 5-7 Example: Wiring Diagram for One Two-channel Sensor Connected via Two Channels to Two F-DIs (1oo2, High Availability) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 100 1oo2 Evaluation for F-I/O with Analog Inputs The 1oo2 evaluation for F-I/O with analog inputs can be performed with one or more sensors. The sensors are connected to the F-I/O via one or two channels. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 101 2-wire transducer output. The sensor is supplied by the F-I/O. This wiring enables SIL2/Category 3 to be achieved. Figure 5-9 Example: Wiring Diagram for One Sensor Connected via One Channel to One F-AI (1oo2) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 102 One F-AI (1oo2) 1oo2 Evaluation with High Availability (for S7 FH Systems only) To achieve high availability, four redundant sensors can be connected to two F-AI in S7 FH Systems. Safety Engineering in SIMATIC S7 5-10 System Manual, 04/2006, A5E00109529-05...
Page 103 F-I/O. This wiring enables SIL2/Category 4 and high availability to be achieved. Figure 5-11 Example: Wiring Diagram for Four Redundant Sensors Connected via Two Channels to Two F-AIs (1oo2, High Availability) Safety Engineering in SIMATIC S7 5-11 System Manual, 04/2006, A5E00109529-05...
Page 104: Safety Functions For Achieving Safety Classes For F-I/O With Outputs
• Daily (or more frequent) signal change For ET 200S, ET 200pro and ET 200eco F-DO modules, no settings are required, since they are usually designed for safety class SIL3/Category 4. Safety Engineering in SIMATIC S7 5-12 System Manual, 04/2006, A5E00109529-05...
Page 105: Configuring F-Systems
• For S7 Distributed Safety: manual S7 Distributed Safety Configuring and Programming • For S7 Distributed Safety: manual Programmable Controllers S7 F/FH • For S7 F/FH Systems: manual step7\Examples • For S7 F/FH Systems: directory Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 106: Configuring The F-Cpu
These resources cannot be used in the safety program or the standard user program (reserved for automatically added F-blocks). context-sensitive online help The parameters are explained in the for the tab and in the Distributed Safety Configuring and Programming manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 107 Configuring F-Systems 6.2 Configuring the F-CPU Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 108: Configuring The F-I/O
The parameters are explained in the and in the ET 200S Distributed I/O System Fail-safe Modules manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 109: Configuring Fail-Safe Dp Standard Slaves And Fail-Safe I/O Standard Devices
STEP 7 online help GSD/GSDML files into his project (see ). Once the fail-safe DP standard slave / IO standard devices imported, it can be selected from the hardware catalog of HW Config Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 110 "Parameter name," and the current value for each parameter is included under "Value." This value can be modified by clicking "Change value.." context-sensitive online help The parameters are explained in the for the tab and in the S7 Distributed Safety Configuring and Programming manual. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 111: Programming F-Systems
The procedure for programming the safety program is described in detail in the following manuals: S7 Distributed Safety Configuring and Programming • For S7 Distributed Safety: manual Programmable Controllers S7 F/FH • For S7 F/FH Systems: manual Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 112 Differences between S7 Distributed Safety and S7 F/FH Systems Programming of S7 Distributed Safety and S7 F/FH Systems differs in the available programming languages and the integration of fail-safe blocks from F-libraries in the safety program. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 113: Programming Languages For F-Systems
F-systems: Distributed Safety • For S7 Distributed Safety: F-library (V1) Fail-safe Blocks • For S7 F/FH Systems: F-library (V1_2) step7/s7libs The F-libraries are located in the directory. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 114: Structure Of The Safety Program In S7 Distributed Safety
• F-blocks that are created by the user or selected from F-libraries (e.g., F-library (V1)). • F-blocks that are automatically added (F-SBs, automatically generated F-blocks, and the F-shared DB) Figure 7-2 Components of the Safety Program in S7 Distributed Safety Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 115 If the user divides his safety program into two F-runtime groups, portions of the safety program (one F-runtime group) can be executed in a faster priority class, thereby achieving faster safety circuits with short response times. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 116: Table 7-1 Fail-Safe Blocks Of An F-Runtime Group
An F-I/O DB is automatically generated for each F-I/O when the HW Config program is compiled in . The user can or must access the variables of the F-I/O DB in conjunction with F-I/O accesses. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 117: Table 7-2 Fail-Safe Blocks Of The Distributed Safety F-Library (V1)
F-application blocks for such functions as two-hand F-functions monitoring, muting, EMERGENCY STOP, protective door monitoring, feedback loop monitoring, etc. Data conversion F-application blocks F_BO_W, F_W_BO Copy F-application blocks F_INT_WR, F_INT_RD Shift operations F-application blocks F_SHL_W, F_SHR_W Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 118 F-shared DB (F_GLOBDB). See also Accessing F-I/O in S7 Distributed Safety (Page 3-7) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 119: Structure Of Safety Program In S7 F/Fh Systems
1 of the standard user program at fixed time intervals. That is, the safety program is called and run at fixed time intervals in a time interrupt OB. The time interrupt OB can also contain standard runtime groups that are assigned their own charts. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 120 F_FR_R • F_FTI_TI • F_FR_FI • Conversion of F-data type to F-data type F_CHG_R • Safety Data Write F_CHG_BO • F_QUITES Fail-safe acknowledgment via an operator control and monitoring system Safety Engineering in SIMATIC S7 7-10 System Manual, 04/2006, A5E00109529-05...
Page 121 F-blocks of the safety program are overwritten by identically-named Failsafe simulation blocks from the Blocks F-library (V1_2). These F-blocks are suitable for simulation purposes only and must not be downloaded to the F-CPU. Safety Engineering in SIMATIC S7 7-11 System Manual, 04/2006, A5E00109529-05...
Page 122 Programming F-Systems 7.4 Structure of Safety Program in S7 F/FH Systems Safety Engineering in SIMATIC S7 7-12 System Manual, 04/2006, A5E00109529-05...
Page 123: Monitoring And Response Times Of F-Systems
Safety and S7 F/FH Systems in exactly the same way as for standard S7-300 and S7-400 automation systems and are not addressed here. For a description of this calculation, refer to the hardware manuals for the CPUs. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 124: Configuring The Monitoring Times
3. Use these MS Excel files to calculate the maximum response time and ensure that the process safety time is not exceeded. If necessary, reduce the specific monitoring times of the F-system. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 125: F-Related Monitoring Times For S7 Distributed Safety
Minimum Monitoring Time for Safety-Related Master-Master Communication (Page A-6) Minimum Monitoring Time for Safety-Related Master-I-Slave Communication (Page A-7) Minimum Monitoring Time for Safety-Related I-Slave-I-Slave Communication (Page A-7) Minimum Monitoring Time for Safety-Related Communication via S7 Connections (Page A-7) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 126: Minimum Monitoring Time For F-Cycle Time
Determining Runtime of the Safety Program The runtime of the safety program can be calculated with the aid of an Excel file. The Excel file is available on the Internet at http://support.automation.siemens.com/WW/view/en/11669702/133100. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 127: Minimum Monitoring Time For Safety-Related Communication Between The F-Cpu And F-I/O Or Between I-Slave And Slave Via Profibus Dp
Use the Microsoft Excel file provided with S7 Distributed Safety to calculate the minimum monitoring time for PROFINET IO. The Excel file is available on the Internet under the contribution ID 19138505 at http://support.automation.siemens.com/WW/view/en/11669702/133100. Read also the comments in the Excel file. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 128: Minimum Monitoring Time For Safety-Related Master-Master Communication
DP master system, Bus F_RCVDP parameters TCOPY Maximum copying time within the On the Internet at: DP/DP coupler http://www4.ad.siemens.de/view/cs/ en/8610397 See also Minimum Monitoring Time for F-Cycle Time (Page A-4) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 129: Minimum Monitoring Time For Safety-Related Master-I-Slave Communication
Use the Microsoft Excel file provided with S7 Distributed Safety to determine a recommended TIMEOUT monitoring time for PROFINET IO. The Excel file is available on the Internet under the contribution ID 19138505 at http://support.automation.siemens.com/WW/view/en/11669702/133100. Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 130: Monitoring Time For Safety-Related Communication Between F-Runtime Groups
Minimum Monitoring Time for Safety-Related Communication between F-CPU and F-I/O (Page A-11) Minimum Monitoring Time for Safety-Related Communication between F-CPUs (Page A-13) Minimum Monitoring Time for Safety-Related Communication between F-Runtime Groups (Page A-14) Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 131: Minimum Monitoring Time For F-Cycle Time
TCImax ≈ TCI + TP15 + MIN(TCiR; 2500) In S7 FH Systems with time interrupt OB without special handling Use the greater of the two values Use the lesser of the two values Safety Engineering in SIMATIC S7 System Manual, 04/2006, A5E00109529-05...
Page 132 STEP 7 online help System Changes during Operation Using CiR : " " • SIMATIC System Software for S7-300/400 System and Standard Functions manual • Programmable Controllers S7 F/FH manual • Safety Engineering in SIMATIC S7 A-10 System Manual, 04/2006, A5E00109529-05...
Page 133: Minimum Monitoring Time For Safety-Related Communication Between F-Cpu And F-I/O
This time is provided in the technical the active communication specifications for switched DP slaves (ET ET 200M Distributed I/O System channel for switched I/O 200M) in the (relevant for S7 FH Systems manual. only) Safety Engineering in SIMATIC S7 A-11 System Manual, 04/2006, A5E00109529-05...
Page 134 F-I/O in the process. See also Minimum Monitoring Time for F-Cycle Time (Page A-9) Safety Engineering in SIMATIC S7 A-12 System Manual, 04/2006, A5E00109529-05...
Page 135: Minimum Monitoring Time For Safety-Related Communication Between F-Cpus
F_RCVBO or F_RCVR: CiR object Sum of CiR synchronization times for all If CiR is not used, enter "0" in the DP master systems that are to be formulas changed simultaneously. Safety Engineering in SIMATIC S7 A-13 System Manual, 04/2006, A5E00109529-05...
Page 136: Minimum Monitoring Time For Safety-Related Communication Between F-Runtime Groups
TCImax, F_R Maximum cycle time of the time interrupt OB Times for F-Cycle Time" with the call of F_R_BO or F_R_R See also Minimum Monitoring Time for F-Cycle Time (Page A-9) Safety Engineering in SIMATIC S7 A-14 System Manual, 04/2006, A5E00109529-05...
Page 137: Response Times Of Safety Functions
"F-Related Monitoring If necessary, reduce the specific F-system monitoring times (see Times for S7 Distributed Safety" "F-Related Monitoring Times for S7 F/FH Systems" Safety Engineering in SIMATIC S7 A-15 System Manual, 04/2006, A5E00109529-05...
Page 138 Monitoring and Response Times of F-Systems A.5 Response Times of Safety Functions Safety Engineering in SIMATIC S7 A-16 System Manual, 04/2006, A5E00109529-05...
Page 139: Glossary
Availability is the probability that a system is functional at a specific point in time. Availability can be increased through -> redundancy (for example, by using redundant F-I/O and/or by using multiple -> sensors at the same measuring point). Safety Engineering in SIMATIC S7 Glossary-1 System Manual, 04/2006, A5E00109529-05...
Page 140 The validity of the process data in the -> safety message frame, the accuracy of the assigned address references, and the safety-related parameters are protected via a CRC signature contained in the safety message frame. Safety Engineering in SIMATIC S7 Glossary-2 System Manual, 04/2006, A5E00109529-05...
Page 141 -> fault reaction time are extended unnecessarily. If the discrepancy time is set too low, availability is decreased unnecessarily because a discrepancy error is detected when, in reality, no error exists. Safety Engineering in SIMATIC S7 Glossary-3 System Manual, 04/2006, A5E00109529-05...
Page 142 These modules are equipped with integrated -> safety functions. Fail-safe Systems Fail-safe systems (F-systems) are systems that remain in a safe state or immediately switch to another safe state when certain failures occur. Safety Engineering in SIMATIC S7 Glossary-4 System Manual, 04/2006, A5E00109529-05...
Page 143 S7 F/FH Systems: F-channel drivers provide process data in a safe format. The user must position and interconnect the F-channel drivers in the -> safety program. F-Communication DBs S7 Distributed Safety: Fail-safe data blocks used for safety-related CPU-CPU communication via S7 connections. Safety Engineering in SIMATIC S7 Glossary-5 System Manual, 04/2006, A5E00109529-05...
Page 144 -> safety program in -> F-FBD or -> F-LAD. F-FCs S7 Distributed Safety: Fail-safe FCs, in which the user programs the -> safety program in -> F-FBD or -> F-LAD. Safety Engineering in SIMATIC S7 Glossary-6 System Manual, 04/2006, A5E00109529-05...
Page 145 Glossary F-I/O F-I/O is a group designation for fail-safe inputs and outputs available in SIMATIC S7 for integration in S7 Distributed Safety and S7 F/FH Systems fail-safe systems. The following F- I/O are available: • -> ET 200eco fail-safe I/O module •...
Page 146 -> safety functions. F-System Blocks Distributed Safety S7 Distributed Safety: Block container of the library containing the -> F- SBs and the -> F-shared DB. -> F-SB F-Systems -> Fail-safe systems Safety Engineering in SIMATIC S7 Glossary-8 System Manual, 04/2006, A5E00109529-05...
Page 147 Operator Panel (OP): A programmable HMI device used to operate and monitor machines and systems. Operator Station (OS): A configurable operator station used to operate and monitor machines and systems. Safety Engineering in SIMATIC S7 Glossary-9 System Manual, 04/2006, A5E00109529-05...
Page 148 PROFINET IO Device A PROFINET IO device is a decentralized field device that is assigned to one of the IO controllers (e.g., remote IO, valve terminals, frequency converters, switches) Safety Engineering in SIMATIC S7 Glossary-10 System Manual, 04/2006, A5E00109529-05...
Page 149 Redundant switched I/O is a configuration variant of S7 FH Systems in -> safety mode to increase availability. -> F-CPU, PROFIBUS DP, and -> F-I/O are redundant. In the event of a fault, the F-I/O is no longer available. Safety Engineering in SIMATIC S7 Glossary-11 System Manual, 04/2006, A5E00109529-05...
Page 150 In accordance with IEC 61508: Function implemented by a safety device in order to maintain the system in a -> safe state or to place it into a safe state in the event of a particular fault (-> user safety function). Safety Engineering in SIMATIC S7 Glossary-12 System Manual, 04/2006, A5E00109529-05...
Page 151 • -> 1oo2 evaluation – The sensor signal is read twice by the same -> F I/O and compared internally. Sensors Sensors are used for exact measurement of paths, positions, velocities, rotational speeds, masses, etc. Safety Engineering in SIMATIC S7 Glossary-13 System Manual, 04/2006, A5E00109529-05...
Page 152 -> F-CPU switches to STOP mode, if necessary. Safety Engineering in SIMATIC S7 Glossary-14 System Manual, 04/2006, A5E00109529-05...
Page 153 WinCC offers industry-standard function modules for graphics representation, messaging, archiving, and logging functions. WinCC ensures high availability with its powerful process interfacing, rapid image updating, and reliable data archiving. Safety Engineering in SIMATIC S7 Glossary-15 System Manual, 04/2006, A5E00109529-05...
Page 154 Glossary Safety Engineering in SIMATIC S7 Glossary-16 System Manual, 04/2006, A5E00109529-05...
Page 155: Index
S7 F Systems, 2-6 S7 FH Systems, 2-7 Configuration in RUN, see CiR, A-4, A-9 Configuration options Category (Cat.), 2-8, 5-1 Depending on availability, 2-9 Achievable, 1-3, 2-23, 4-12, 5-2, 5-12 Safety Engineering in SIMATIC S7 Index-1 System Manual, 04/2006, A5E00109529-05...
Page 156 1-8, 2-22, 4-5 Distributed I/O Fault reaction function, 1-4 Fail-safe, 1-2 Fault-tolerant and fail-safe system, 1-3 Distributed Safety Fault-tolerant S7 connections, 3-20 Library, 7-3, 7-7 Documentation Additional, v Safety Engineering in SIMATIC S7 Index-2 System Manual, 04/2006, A5E00109529-05...
Page 157 Instance data block, 3-3, 3-8 F-runtime license, 1-11 Instrumentation and control, 1-6 F-shared DB, 3-3, 3-4, 7-8 Interface modules F-simulation blocks, 7-11 for ET 200S, 1-13 F-SM, 1-12 Restrictions, 1-13 Safety Engineering in SIMATIC S7 Index-3 System Manual, 04/2006, A5E00109529-05...
Page 158 Network template, see Application template, 7-7 PROFIBUS DP, 1-4, 2-3, 3-13 Networks in copper cable technology, 2-15, 2-18, 2-20 Public, 3-18, 3-20 in fiber-optic cables, 2-12, 2-16, 2-18, 2-20 PROFINET IO, 1-4, 1-9, 2-3 Safety Engineering in SIMATIC S7 Index-4 System Manual, 04/2006, A5E00109529-05...
Page 159 Centralized configuration, 2-10 of F-I/O, 4-3 Components, 2-2 of safety program, 4-3 Configuration, 2-2 Configuration example, 2-3 Distributed configuration, 2-11, 2-13 F-related monitoring times, A-3 Probability of failure of components, 4-15 Safety Engineering in SIMATIC S7 Index-5 System Manual, 04/2006, A5E00109529-05...
Page 160 Single-channel switched I/O, 2-9, 2-18 Limits of availability, 2-19 Slave diagnostics, 3-12 Software components of F-system, 1-15 Warm restart, 4-6 Software redundancy What's new?, iv WinCC, 3-12 Software package, 2-9 Safety Engineering in SIMATIC S7 Index-6 System Manual, 04/2006, A5E00109529-05...
Page 161 Do you use Getting Starteds? Collection? if yes, which: Have you ever downloaded manuals from the How much experience do you have with the internet? S7 Distributed Safety? Expert Experienced user Advanced user Beginner SIMATIC S7 Distributed Safety: feedback A5E00297771-03...
Page 162 200eco, Distributed I/O Configuring and Programming Fail-Safe I/O Module Manual S7-300, Fail-Safe System Description Signal Modules Safety Engineering in SIMATIC S7 Getting Started S7 Distributed Safety Manual ET 200S, Distributed I/O System Fail-Safe Modules ET 200pro Distributed I/O Device - Fail-Safe Modules Œ...

Siemens SIMATIC S7 System Manual

1 Overview of Fail-Safe Systems

2 Configurations and Help with Selection

3 Communication Options

4 Safety in F-Systems

5 Achievable Safety Classes with F-I/O

6 Configuring F-Systems

7 Programming F-Systems

Quick Links

Related Manuals for Siemens SIMATIC S7

Summary of Contents for Siemens SIMATIC S7

Table of Contents