Beckhoff Ep7211-0034 User guide

Application Example

EP7211-0034 - STO Function

1.0.0

2019-11-11

Version:

Date:

Table of contents

EP7211-0034 - STO Function 3Version: 1.0.0

Table of contents

1 Foreword ....................................................................................................................................................5

1.1 Notes on the documentation..............................................................................................................5

1.2 Documentation issue status ..............................................................................................................6

1.3 Purpose and area of application........................................................................................................6

1.4 Explanation of terms..........................................................................................................................7

1.5 Operator's obligation to exercise diligence ........................................................................................7

2 Safety instructions ....................................................................................................................................8

2.1 Delivery state.....................................................................................................................................8

2.2 Operator's obligation to exercise diligence ........................................................................................8

2.3 Description of instructions .................................................................................................................9

3 STO function with EP7211-0034 (category3,PLd)..............................................................................10

3.1 Parameters of the safe input and output terminals..........................................................................11

3.2 Block formation and safety loops.....................................................................................................11

3.2.1 Safety function 1 .............................................................................................................. 11

3.3 Calculation.......................................................................................................................................12

3.3.1 PFHD / MTTFD / B10D – values ..................................................................................... 12

3.3.2 Diagnostic Coverage DC ................................................................................................. 12

3.3.3 Calculation of safety function 1........................................................................................ 12

4 Appendix ..................................................................................................................................................16

4.1 Support and Service ........................................................................................................................16

Table of contents

EP7211-0034 - STO Function4 Version: 1.0.0

Foreword

EP7211-0034 - STO Function 5Version: 1.0.0

1 Foreword

1.1 Notes on the documentation

Intended audience

This description is only intended for the use of trained specialists in control and automation engineering who

are familiar with the applicable national standards.

It is essential that the following notes and explanations are followed when installing and commissioning

these components.

The responsible staff must ensure that the application or use of the products described satisfy all the

requirements for safety, including all the relevant laws, regulations, guidelines and standards.

Origin of the document

This original documentation is written in German. All other languages are derived from the German original.

Currentness

Please check whether you are using the current and valid version of this document. The current version can

be downloaded from the Beckhoff homepage at http://www.beckhoff.com/english/download/twinsafe.htm.

In case of doubt, please contact Technical Support [}16].

Product features

Only the product features specified in the current user documentation are valid. Further information given on

the product pages of the Beckhoff homepage, in emails or in other publications is not authoritative.

Disclaimer

The documentation has been prepared with care. The products described are subject to cyclical revision. For

that reason the documentation is not in every case checked for consistency with performance data,

standards or other characteristics. We reserve the right to revise and change the documentation at any time

and without prior announcement. No claims for the modification of products that have already been supplied

may be made on the basis of the data, diagrams and descriptions in this documentation.

Trademarks

Beckhoff®, TwinCAT®, EtherCAT®, EtherCATG®, EtherCATG10®, EtherCATP®, SafetyoverEtherCAT®,

TwinSAFE®, XFC®, XTS® and XPlanar® are registered trademarks of and licensed by Beckhoff Automation

GmbH. Other designations used in this publication may be trademarks whose use by third parties for their

own purposes could violate the rights of the owners.

Patent Pending

The EtherCAT Technology is covered, including but not limited to the following patent applications and

patents: EP1590927, EP1789857, EP1456722, EP2137893, DE102015105702 with corresponding

applications or registrations in various other countries.

Foreword

EP7211-0034 - STO Function6 Version: 1.0.0

EtherCAT® and Safety over EtherCAT® are registered trademarks and patented technologies, licensed by

Beckhoff Automation GmbH, Germany.

The reproduction, distribution and utilization of this document as well as the communication of its contents to

others without express authorization are prohibited.

patent, utility model or design.

Delivery conditions

In addition, the general delivery conditions of the company Beckhoff Automation GmbH & Co. KG apply.

1.2 Documentation issue status

Version Comment

1.0.0 • First release version

1.3 Purpose and area of application

The Application Guide provides the user with examples for the calculation of safety parameters for safety

functions according to the standards DINENISO13849-1 and EN62061 or EN61508:2010 (if applicable),

such as are typically used on machines.

In the examples an EL1904 is taken as an example for a safe input or an EL2904 for a safe output. This is to

be considered an example; of course other safe inputs or outputs can be used, such as an EP1908 or an

EL2912. The appropriate parameters, which can be taken from the respective product documentation, must

then be used in the calculation.

NOTE

Application samples

These samples provide the user with example calculations. They do not release him from his duty to carry

out a risk and hazard analysis and to apply the directives, standards and laws that need to be considered

for the application.

Foreword

EP7211-0034 - STO Function 7Version: 1.0.0

1.4 Explanation of terms

Name Explanation

B10DMean number of cycles after 10% of the components have dangerously failed

CCF Failures with a common cause

dop Mean operating time in days per year

DCavg Average diagnostic coverage

hop Mean operating time in hours per day

MTTFDMean time to dangerous failure

nop Mean number of annual actuations

PFHDProbability of a dangerous failure per hour

PL Performance level

PLrRequired Performance Level

Tcycle Mean time between two successive cycles of the system (given in minutes in the following

examples, but can also be given in seconds)

T1 Lifetime of the device (typically 20 years for TwinSAFE devices)

λDDangerous failure rate given in FIT (failure rate in 109 component hours)

T10D Operating time - maximum operating time for electromechanical components, for example

TwinSAFE SC The TwinSAFE SC technology (SC - Single Channel) enables a signal from a standard

terminal to be packaged in a FSoE telegram and transmitted via the standard fieldbus to the

TwinSAFE Logic. As a result, falsifications on the transmission path can be excluded. Within

the TwinSAFE Logic, this signal is checked with a further independent signal. This

comparison result typically yields an analog value corresponding to a category3 and PLd.

This technology does not support digital input signals and cannot be used in a single-

channel structure (only one TwinSAFE SC channel).

1.5 Operator's obligation to exercise diligence

The operator must ensure that

• the TwinSAFE products are only used as intended (see chapter Product description);

• the TwinSAFE products are only operated in sound condition and in working order.

• the TwinSAFE products are operated only by suitably qualified and authorized personnel.

• the personnel is instructed regularly about relevant occupational safety and environmental protection

aspects, and is familiar with the operating instructions and in particular the safety instructions contained

herein.

• the operating instructions are in good condition and complete, and always available for reference at the

location where the TwinSAFE products are used.

• none of the safety and warning notes attached to the TwinSAFE products are removed, and all notes

remain legible.

NOTE

Qualified personnel

For the use of the TwinSAFE components, the personnel must be qualified and take part regularly in train-

ing courses.

Training courses on functional safety can be taken at the corresponding certifying bodies such as the TÜV

or at the responsible employer's liability insurance associations.

Product training courses for the TwinSAFE components can be booked with the Beckhoff Training Depart-

ment.

Safety instructions

EP7211-0034 - STO Function8 Version: 1.0.0

2 Safety instructions

2.1 Delivery state

All the components are supplied in particular hardware and software configurations appropriate for the

application. Modifications to hardware or software configurations other than those described in the

documentation are not permitted, and nullify the liability of Beckhoff Automation GmbH & Co. KG.

2.2 Operator's obligation to exercise diligence

The operator must ensure that

• the TwinSAFE products are only used as intended (see chapter Product description);

• the TwinSAFE products are only operated in sound condition and in working order.

• the TwinSAFE products are operated only by suitably qualified and authorized personnel.

• the personnel is instructed regularly about relevant occupational safety and environmental protection

aspects, and is familiar with the operating instructions and in particular the safety instructions contained

herein.

• the operating instructions are in good condition and complete, and always available for reference at the

location where the TwinSAFE products are used.

• none of the safety and warning notes attached to the TwinSAFE products are removed, and all notes

remain legible.

Safety instructions

EP7211-0034 - STO Function 9Version: 1.0.0

2.3 Description of instructions

In these operating instructions the following instructions are used.

These instructions must be read carefully and followed without fail!

DANGER

Serious risk of injury!

Failure to follow this safety instruction directly endangers the life and health of persons.

WARNING

Risk of injury!

Failure to follow this safety instruction endangers the life and health of persons.

CAUTION

Personal injuries!

Failure to follow this safety instruction can lead to injuries to persons.

NOTE

Damage to the environment/equipment or data loss

Failure to follow this instruction can lead to environmental damage, equipment damage or data loss.

Tip or pointer

This symbol indicates information that contributes to better understanding.

STO function with EP7211-0034 (category3,PLd)

EP7211-0034 - STO Function10 Version: 1.0.0

3 STO function with EP7211-0034

(category3,PLd)

The following application example shows how the EP7211-0034 can be wired together with an EL2904 in

order to implement an STO function according to EN61800-5-2.

A protective door (S1 and S2) and a restart signal (S3) are logically linked on an ESTOP function block. The

EStopOut signal is transferred to the NC controller, which can be used within the functional application. The

STO input of the EP7211-0034 is operated via the delayed output EStopDelOut. Forwarding this signal to

further EP7211-0034 via the second connection is allowed. The EP7211-0034 supplies the information that

the STO function is active via the standard controller. This information is transferred to the EDM input of the

ESTOP function block and additionally to the EDM function block in order to generate an expectation for this

signal.

CAUTION

Implement a restart lock in the machine!

The restart lock is NOT part of the safety chain and must be implemented in the machine!

If the risk analysis returns the result that a restart is to be realized in the safety controller, then the restart

must also be placed on a safe input.

STO function with EP7211-0034 (category3,PLd)

EP7211-0034 - STO Function 11Version: 1.0.0

WARNING

Wiring only with separate sheathed cable

The wiring between the EL2904 and the STO input of the EP7211-0034 must be done with a separate

sheathed cable in order to be able to assume a fault exclusion for the cross-circuit or external power supply

of the wiring between EL2904 and EP7211-0034. A forwarding of the STO-Signal to further EP7211-0034

must also be done with a separate sheathed cable.

The evaluation of this wiring and the evaluation of whether the fault exclusion is permissible must be done

by the machine manufacturer or user.

NOTE

Calculation EP7211-0034

The EP7211-0034 is not taken into account in the calculation of the Performance Level according to

DINENISO13849-1 since it behaves interference-free to the safety function.

The PFHD value goes into the calculation according to EN62061 with a value of 0.

3.1 Parameters of the safe input and output terminals

EL1904

Parameter Value

Sensor test channel 1 active Yes

Sensor test channel 2 active Yes

Sensor test channel 3 active Yes

Sensor test channel 4 active Yes

Logic channel 1 and 2 Single Logic

Logic channel 3 and 4 Single Logic

EL2904

Parameter Value

Current measurement active No

Output test pulses active Yes

3.2 Block formation and safety loops

3.2.1 Safety function 1

STO function with EP7211-0034 (category3,PLd)

EP7211-0034 - STO Function12 Version: 1.0.0

3.3 Calculation

3.3.1 PFHD / MTTFD / B10D – values

Component Value

EL1904 – PFHD1.11E-09

EL2904 – PFHD1.25E-09

EL6900 – PFHD1.03E-09

EP7211-0034 - PFHD0.00

S1 – B10D1,000,000

S2 – B10D2,000,000

Days of operation (dop) 230

Hours of operation / day (hop) 16

Cycle time (minutes) (Tcycle) 15 (4x per hour)

Lifetime (T1) 20 years = 175200 hours

3.3.2 Diagnostic Coverage DC

Component Value

S1/S2 with testing/plausibility DCavg=99%

EL2904 with testing DCavg=99%

3.3.3 Calculation of safety function 1

Calculation of the PFHD and MTTFD values from the B10D values:

From:

* * 60

op op

Zyklus

d h

and:

0,1*

MTTF n

Inserting the values, this produces:

S1:

230 *16 * 60 14720

= =

1.000.000 679,3 5951087

0,1*14720

= = =

MTTF y h

S2:

230 *16 * 60 14720

= =

2.000.000 1358,7 11902174

0,1*14720

= = =

MTTF y h

and the assumption that S1 and S2 are each single-channel:

STO function with EP7211-0034 (category3,PLd)

EP7211-0034 - STO Function 13Version: 1.0.0

MTTF

produces for

0,1* * (1 ) 1

D D

n DC DC

PFH B MTTF

= =

S1:

1 0,99 1,68 09

679,3*8760

= = -PFH E

S2:

1 0,99 8,4 10

1358,7 *8760

= = -PFH E

The following assumptions must now be made:

The door switches S1/S2 are always actuated in opposite directions. Since the switches have different

values, but the complete protective door switch consists of a combination of normally closed and normally

open contacts and both switches must function, the poorer of the two values (S1) can be taken for the

combination!

There is a coupling coefficient between the components that are connected via two channels. Examples are

temperature, EMC, voltage peaks or signals between these components. This is assumed to be the worst-

case estimation, where ß =10%. EN62061 contains a table with which this β-factor can be precisely

determined. Further, it is assumed that all usual measures have been taken to prevent both channels failing

unsafely at the same time due to an error (e.g. overcurrent through relay contacts, overtemperature in the

control cabinet).

It follows for the calculation of the PFHD value for safety function 1:

( 1) ( 2) 2

( 1) ( 2) ( 1904) ( 6900) ( 2904) ( 72 1 9014)

* (1 ) * ( * ) * 1

S S

ges S S EL EL EL EL x

PFH PFH

PFH PFH PFH T PFH PFH PFH PFH

b b

= + - + + + +

Since the portion

( 1) ( 2)

(1 ) * ( * ) * 1-S S

PFH PFH T

is smaller than the rest by the power of ten, it is neglected in

this and all further calculations for the purpose of simplification.

to:

1,68 09 1,68 09

10% * 1,11 09 1,03 09 1, 25 09 0,00 3,558 09

ges

E E

PFH E E E E

- + -

= + - + - + - + = -

Calculation of the MTTFD value for safety function 1 (under the same assumption):

1 1

Dges Dn

MTTF MTTF

=å

as:

( 1) ( 1904) ( 6900) ( 2904)

1 1 1 1 1

Dges D S D EL D EL D EL

MTTF MTTF MTTF MTTF MTTF

= + + +

with:

( 1)

0,1*

D S

MTTF n

( 2)

0,1*

D S

MTTF n

If only PFHD values are available for EL1904, EL6900 and EL2904, the following estimation applies:

STO function with EP7211-0034 (category3,PLd)

EP7211-0034 - STO Function14 Version: 1.0.0

( )

(1 )

ELxxxx

D ELxxxx

ELxxxx

MTTF PFH

Hence:

( 1904)

(1 ) (1 0,99) 0,01 1028,8

1 1

1,11 09 *8760 9,72 06

D EL

MTTF y

PFH E E

h y y

= = = =

- -

( 6900)

(1 ) (1 0,99) 0,01 1108,6

1 1

1,03 09 * 8760 9,02 06

D EL

MTTF y

PFH E E

h y y

= = = =

- -

( 2904)

(1 ) (1 0,99) 0,01 913,2

1 1

1, 25 09 *8760 1,1 05

D EL

MTTF y

PFH E E

h y y

= = = =

- -

1225,2

1 1 1 1

679,3 1028,8 1108,6 913,2

Dges

MTTF y

y y y y

= =

+ + +

99% 99% 99% 99% 99%

679,3 1358,7 1028,8 1108,6 913,2 99,00%

1 1 1 1 1

679,3 1358,7 1028,8 1108,6 913,2

avg

y y y y y

+ + + +

= =

+ + + +

STO function with EP7211-0034 (category3,PLd)

EP7211-0034 - STO Function 15Version: 1.0.0

CAUTION

Popular Servo Drive manuals by other brands

YASKAWA

YASKAWA SGD7W Series Selection Manual

Metronix

Metronix smartServo BL 4000-C Series Mounting instructions

Panasonic

Panasonic MINAS A5E Series operating instructions

Triamec

Triamec TSD80-06 Hardware manual

Emerson

Emerson SP1201 installation guide

INVT

INVT SV-DA200 Series Operation manual

Moons'

Moons' Applied Motion Products SSDC-ECX-H Hardware manual

Honeywell

Honeywell MT4000 Series instruction sheet

Veichi

Veichi SD700 series manual

Mitsubishi Electric

Mitsubishi Electric MR-J4 B Series instruction manual

Festo

Festo CMMT-AS-C7-11A-P3-EC-S1 operating instructions

Rockwell Automation

Rockwell Automation Allen-Bradley Kinetix 5500 user manual

BLUM

BLUM SERVO-DRIVE installation instructions

Mitsubishi Electric

Mitsubishi Electric MR-J5 Series user manual

Lenze

Lenze m850 Project Planning

Bosch

Bosch rexroth Servodyn-T manual

Technosoft

Technosoft iPOS80x0 BX-CAN Technical reference

Inovance

Inovance SV820N Series manual

Beckhoff EP7211-0034 User guide

Popular Servo Drive manuals by other brands