GMI D5202S Instruction Manual
D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic Module G.M. International ISM0177-4
4 A, 24 Vdc, SIL 3 Power Distribution
and Diagnostic Module DIN-Rail,
Model D5202S
D5202S
INSTRUCTION & SAFETY MANUAL
2 D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic Module G.M. International ISM0177-4
Technical Data
Characteristics
Supply: from power Inputs
24 Vdc nom (18 to 30 Vdc) reverse polarity protected, double terminal blocks for redundant power supply, with OR ideal diodes to mix supply voltages.
Current consumption @ 24 V: 40 mA with both relays energized typical.
Power dissipation: 1.0 W with 24 V supply, with both relays energized typical.
Connection: by polarized plug-in disconnect screw terminal blocks to accommodate terminations up to 2.5 mm2.
LEDs: common fault (red), fault supply 1 and 2 (red), power supply 1 and 2 (green).
Protection fuse: 5x20 6.3 A time lag (slow blow).
Isolation (Test Voltage): Relay contact groups/Inputs 1.5 KV.
Fault detection:
1) Preventive - abnormal supply voltage: supply 1 or supply 2 is < 18 Vdc (Under Voltage, UV) or > 30 Vdc (Over Voltage, OV).
2) Cumulative fault: cumulative fault indication (about presence of short or open fieldcircuit for any module on the Bus).
Relay fault signaling: two voltage free NE SPDT relay contacts (de-energized in fault condition), with the following characteristics:
Contact material: Ag Alloy (Cd free).
Contact rating (resistive load): 4 A 250 Vac 1000 VA, 4 A 250 Vdc 120 W.
DC Load breaking capacity:
Mechanical / Electrical life: 5 * 106/ 3 * 104operation, typical.
Operate / Release time: 8 / 4 ms typical.
Bounce time NO / NC contact: 3 / 8 ms typical.
Frequency response: 10 Hz maximum.
Compatibility:
CE mark compliant, conforms to Directive: 2014/34/EU ATEX, 2014/30/EU EMC, 2014/35/EU LVD, 2011/65/EU RoHS.
Environmental conditions: Operating: temperature limits – 40 to + 70 °C, relative humidity 95 %, up to 55 °C.
Storage: temperature limits – 45 to + 80 °C.
Safety Description:
ATEX: II 3G Ex nA nC IIC T4 Gc
IECEx: Ex nA nC IIC T4 Gc
UKR TR n. 898: 2ExnAnCIICT4 X.
non-sparking electrical equipment.
-40 °C ≤Ta ≤70 °C.
Approvals:
BVS 14 ATEX E 031 X conforms to EN60079-0, EN60079-15,
IECEx BVS 14.0025X conforms to EN60079-0, IEC60079-15,
CЦ16.0036 X conforms to ДСТУ 7113, ДСТУ IЕС 60079-15.
TÜV Certificate No. C-IS-224248-01, SIL 3 conforms to IEC61508:2010 Ed.2.
TÜV Certificate No. C-IS-236198-09, SIL 3 Functional Safety Certificate conforms to IEC61508:2010 Ed.2, for Management of Functional Safety.
DNV No.A-13625 and KR No. MIL20769-EL002 Certificates for maritime applications.
Mounting:
T35 DIN-Rail according to EN50022, with Power Bus.
Weight: 100 g.
Connection: by polarized plug-in disconnect screw terminal blocks to accommodate terminations up to 2.5 mm2.
Location: Safe Area/Non Hazardous Locations or Zone 2, Group IIC T4 installation.
Protection class: IP 20.
Dimensions: Width 22.5 mm, Depth 123 mm, Height 120 mm.
General Description:
The D5202S is used to protect the power system by limiting the maximum supply current for a set of D5000 modules connected via Power Bus.
This module is suitable for applications requiring SIL 3 level (according to IEC 61508:2010 Ed.2) in safety related systems for high risk industries.
This is particularly useful when the source Power supply provides currents that are higher than the ones required from the modules. It is also capable of repeating the common fault
signal from the Power Bus via a SPDT relay.
For single power supply, 3 LEDs are present to monitor line presence, supply fault (supply voltage out of 25% variation), common bus fault and a replaceable 5x20,
6 A fuse.
For redundant power supply, 5 LEDs are present to monitor line presence, supply fault (supply voltage out of 25% variation for each supply source), common bus fault and 2 replaceable
5x20, 6 A fuses. 2 SPDT relay contacts provide remote alarming for the above mentioned failures.
In case of fault of one supply source the D5202S exchanges to the working one using a circuit (ideal diodes) with just a few mW dissipation, thus increasing reliability and greatly
reducing internal power dissipation.
Mounting on standard DIN-Rail, with Power Bus, in Safe Area / Non Hazardous Location or in Zone 2.
Functional Safety Management Certification:
G.M. International is certified by TUV to conform to IEC61508:2010 part 1 clauses 5-6 for safety related systems up to and included SIL3.
0.20.1
V (V)
I (A)
10
20
30
40
50
100
0.3 0.4 0.5 1 2 3
Resistive
Load
200
4
300
250
FSM
SIL 3
3
D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic ModuleG.M. International ISM0177-4
Ordering Information
Front Panel and Features
SIL 3 according to IEC 61508:2010 Ed. 2 for Tproof = 20 years (≤10% of total SIF).
PFDavg (1 year) 2.19 E-07, SFF 99.86 %.
Systematic capability SIL 3
Installation in Zone 2 / Safe Area
Separate single or redundant 24 Vdc Supply in groups of 4 A each into the power bus
Supply current to approximately 40-50 D5000 modules.
5 LEDs indicate power presence, supply variation, supply faults, common bus faults.
2 replaceable 5x20, 6 A fuses.
Very low internal dissipation (ideal diode circuits)
Operating temperature range –40 to +70°C.
EMC Compatibility to EN61000-6-2, EN61000-6-4, EN61326-1, EN61326-3-1 for safety system.
ATEX, IECEx, UKR TR n. 898, TUV Certifications.
TÜV Functional Safety Certification.
Type Approval Certificate DNV and KR for maritime applications.
Simplified installation on beginning, end or both sides of Isolators package.
Simplified installation using standard DIN-Rail and plug-in terminal blocks, with Power Bus.
Model: D5202S
Terminal block connections
SAFE AREA
1Common Fault Output (CM common pole of NO or NC contact)
2Common Fault Output (NO normally open pole)
3Common Fault Output (NC normally closed pole)
5 6 7 8
1 2 3 4
9 10 11 12
5
6
7
9Power Supply 1: (+) Positive pole
10 Power Supply 1: (-) Negative pole
11 Power Supply 2: (+) Positive pole
12 Power Supply 2: (-) Negative pole
1oo2 Power Fault (CM common pole of NO or NC contact)
1oo2 Power Fault (NO normally open pole)
1oo2 Power Fault (NC normally closed pole)
Power Bus and DIN-Rail accessories:
Connector JDFT050 Cover and fix MCHP196
Terminal block male MOR017 Terminal block female MOR022
4 D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic Module G.M. International ISM0177-4
Functional Safety Manual and Applications
Function Diagram
SAFE AREA, ZONE 2 GROUP IIC T4
9 +
10 -
11 +
12 -
MODEL D5202S
+
-
F
Power and
Fault Bus
Power Supply 1
3 (NC)
2 (NO)
Common Fault Output
1oo2 Power Fault
1 (CM)
7 (NC)
6 (NO)
5 (CM)
Power Supply 2
Note: In case of single power supply,
place a jumper between pins 9-11 and 10-12
Relay contacts shown in de-energized position.
Terminals 1-2 and 5-6 are open; terminals 1-3 and 5-7 are closed.
5
D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic ModuleG.M. International ISM0177-4
Functional Safety Manual and Applications
Application for D5202S (Redundant Power Supply)
OFF operation (No supply on power bus) ON operation (20÷30 Vdc Supply on Power Bus)
D5202S
OFF state
OFF state
20÷30 Vdc
Power
Supply 1
20÷30 Vdc
Power
Supply 2
D5202S
9 +
10 -
11 +
12 -
- +
ON state
OFF state
20÷30 Vdc Supply (PS1)
on Power Bus
20÷30 Vdc
Power
Supply 1
20÷30 Vdc
Power
Supply 2
D5202S
OFF state
ON state
20÷30 Vdc
Power
Supply 1
20÷30 Vdc
Power
Supply 2
D5202S
ON state
20÷30 Vdc
Power
Supply 1
20÷30 Vdc
Power
Supply 2
ON state
- +
20÷30 Vdc Supply (PS2)
on Power Bus
9 +
10 -
11 +
12 -
- +
20÷30 Vdc Supply on Power Bus
(the biggest voltage between PS1 and PS2)
9 +
10 -
11 +
12 -
- +
No Supply
on Power Bus
9 +
10 -
11 +
12 -
D5202S Operation Power Suppy 1 source state
Pins 9(+) - 10(-) PWR1 LED state Power Suppy 2 source state
Pins 11(+) - 12(-) PWR2 LED state
OFF (absence of supply on Power Bus) OFF OFF OFF OFF
ON (presence of 20÷30 Vdc supply PS1 on Power Bus) ON (20÷30 Vdc source) ON OFF OFF
ON (presence of 20÷30 Vdc supply PS2 on Power Bus) OFF OFF ON (20÷30 Vdc source) ON
ON (presence of 20÷30 Vdc supply on Power Bus,
the biggest voltage between PS1 and PS2 voltage) ON (20÷30 Vdc source) ON ON (20÷30 Vdc source) ON
Description:
Power Supply 1 source (20÷30 Vdc) is applied to Pins 9(+) - 10(-) and Power Supply 2 source (20÷30 Vdc) is applied to Pins 11(+) - 12(-).
The following table describes the OFF operation (absence of supply on Power Bus) and the ON operation (presence of 20÷30 Vdc supply on Power Bus) of the D5202S,
according to the OFF / ON state of each Power Supply source (also shown by related PWR LED state):
Considering all diagnostic functions enabled, the power supply diagnostic functionality is shown in the following table, which describes the status (open or closed) of each
1oo2 Power Fault output contact and the state of FLT1 or FLT2 Fault LED according to the voltage of each Power Supply source:
Supply Voltage
on Power Bus
Power Suppy 1 voltage
Pins 9(+) - 10(-)
FLT1
LED state
Power Suppy 2 voltage
Pins 11(+) - 12(-)
FLT2
LED state
1oo2 Power Fault -
NO contact , Pins 5-6
1oo2 Power Fault -
NC contact , Pins 5-7
The biggest voltage between
PS1 and PS2 voltage
(Normal condition)
> 18 Vdc ; < 30 Vdc
(Normal condition) OFF > 18 Vdc ; < 30 Vdc
(Normal condition) OFF Closed
(Normal condition)
Open
(Normal condition)
Equal to PS2 voltage (but Preventive
Fault condition due to PS1 Fault)
< 18 Vdc
(Fault condition) ON > 18 Vdc ; < 30 Vdc
(Normal condition) OFF Open
(Fault condition)
Closed
(Fault condition)
Equal to PS1 voltage (but Preventive
Fault condition due to PS2 Fault)
> 18 Vdc ; < 30 Vdc
(Normal condition) OFF < 18 Vdc
(Fault condition) ON Open
(Fault condition)
Closed
(Fault condition)
Equal to PS1 voltage (Critical Fault
condition due to PS1 Fault)
> 30 Vdc
(Fault condition) ON > 18 Vdc ; < 30 Vdc
(Normal condition) OFF Open
(Fault condition)
Closed
(Fault condition)
Equal to PS2 voltage (Critical Fault
condition due to PS2 Fault)
> 18 Vdc ; < 30 Vdc
(Normal condition) OFF > 30 Vdc
(Fault condition) ON Open
(Fault condition)
Closed
(Fault condition)
6 D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic Module G.M. International ISM0177-4
Functional Safety Manual and Applications
Safety Function and Failure behavior:
D5202S is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour of the module is described by the following definitions:
□fail-Safe State: it is defined as the output voltage (on Power Bus) to be deviated inside the allowed 18 to 30 Vdc range or below 2 Vdc;
□fail Safe: this failure causes the system to go to the defined fail-safe state without a process demand;
□fail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined fail-safe state),
so that the output voltage (on Power BUS) is deviated between 2 Vdc and 18 Vdc;
□fail “No effect”: failure mode of a component that plays a part in implementing the safety function but is neither a safe failure nor a dangerous failure;
□fail “Not part”: failure mode of a component which is not part of the safety function but part of the circuit diagram and is listed for completeness.
When calculating the SFF, this failure mode is not taken into account. It is also not considered for the total failure rate evaluation.
Failure rates table according to IEC 61508:2010 Ed.2 :
λsd λsu λdd λdu SFF
0.00 FIT 36.88 FIT 0.00 FIT 0.05 FIT 99.86%
PFDavg vs T[Proof] table (assuming Proof Test coverage of 95%), with determination of SIL supposing module contributes ≤10% of total SIF dangerous failures:
T[Proof] = 1 year T[Proof] = 20 years
PFDavg = 2.19 E-07 - Valid for SIL 3 PFDavg = 4.38 E-06 - Valid for SIL 3
Failure rate table:
Failure category Failure rates (FIT)
λdd = Total Dangerous Detected failures 0.00
λdu = Total Dangerous Undetected failures 0.05
λsd = Total Safe Detected failures 0.00
λsu = Total Safe Undetected failures 36.88
λtot safe = Total Failure Rate (Safety Function) = λdd + λdu + λsd + λsu 36.93
λnot part = “Not Part” failures 293.40
λtot device = Total Failure Rate (Device) = λtot safe + λno effect + λnot part 449.45
MTBF (device, single channel) = (1 / λtot device) + MTTR (8 hours) 254 years
MTTFS(Total Safe) = 1 / (λsd + λsu) 3095 years
MTTFD(Dangerous) = 1 / λdu 2.28 E+06 years
λno effect = “No effect” failures 119.12
MTBF (safety function, single channel) = (1 / λtot safe) + MTTR (8 hours) 3091 years
The D5202S can repeat the common fault signal from the Power and Fault Bus, therefore considering all diagnostic functions enabled, the cumulative fault diagnostic functionality is
described by the following table, where the status (open or closed) of Common Fault output contact is related to the common fault signal:
Common Fault signal
on Power and Fault Bus
Common Fault - NO contact
Pins 1-2
Common Fault - NC contact
Pins 1-3
High signal between
Fault pole and Negative (-) pole of BUS
(Normal condition)
Closed
(Normal condition)
Open
(Normal condition)
Low signal between
Fault pole and Negative (-) pole of BUS
(Common Fault condition)
Open
(Common Fault condition)
Closed
(Common Fault condition)
COM FLT LED state
OFF
ON
Testing procedure at T-proof
The proof test shall be performed to reveal dangerous faults which are undetected by diagnostic. This means that it is necessary to specify how dangerous undetected faults, which
have been noted during the FMEDA, can be revealed during proof test. The Proof test consists of the following steps:
Steps Action
1Bypass the safety-related PLC or take other appropriate action to avoid a false trip when removing the unit for test.
2Supply the D5202S by means of two DC power sources, whose values must be comprised between 20 and 30 Vdc, connected between
terminals 9-10 (Supply Line 1) and 11-12 (Supply Line 2). Connect a DC voltmeter between Power Bus terminals 1 and 2.
In this condition, the output supply voltage, measured by means of the DC voltmeter, should be close to the higher input supply voltage value and
neither of the “FLT1” and “FLT2” LEDs should be lit.
If, on the other hand, an output supply voltage comprised between 2 and 18 Vdc is measured and the “FLT1” and “FLT2” LEDs are turned off,
a dangerous failure which has produced a wrong output voltage of the ideal diode controller circuits is detected.
5Remove the bypass from the safety-related PLC or restore normal operation inserting the unit.
3Use the same setup described in the previous step and measure, by means of an AC voltmeter, the rms value of the output voltage.
In normal operation conditions, the output supply voltage should have no AC components, that is its rms value should be ideally null.
If an rms value well above 0 Vrms is measured (a reasonable value could be 50% of the higher supply line value, i.e. 12 Vrms compared to 24 Vdc),
a dangerous failure which has produced an oscillation of the ideal diode controller circuits is detected.
4Restore the loop to full operation.
This test will reveals around 95 % of all possible Dangerous Undetected failures in this module.
Systematic capability SIL 3
7
D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic ModuleG.M. International ISM0177-4
Warning
Operation
The D5202S is used to protect the power system by limiting the maximum supply current for a set of D5000 modules connected via Power Bus.
It is also capable of repeating the common fault signal from the Power Bus via a SPDT relay.
For single power supply, 3 LEDs are present to monitor line presence, supply fault (supply voltage out of 25% variation), common bus fault
.
For redundant power supply, 5 LEDs are present to monitor two line presences, two supply faults (supply voltage out of 25% variation for each supply source), common bus fault.
2 SPDT relay contacts provide remote alarming for the above mentioned failures.
In case of fault of one supply source the D5202S exchanges to the working one using an ideal diodes circuit.
Installation
D5202S is a power distribution and diagnostiv module housed in a plastic enclosure suitable for installation on T35 DIN-Rail according to EN50022.
D5202S unit can be mounted with any orientation over the entire ambient temperature range.
Electrical connection of conductors up to 2.5 mm² are accommodated by polarized plug-in removable screw terminal blocks which can be plugged in/out into a powered unit without
suffering or causing any damage (for Zone 2 installations check the area to be nonhazardous before servicing).
The wiring cables have to be proportionate in base to the current and the length of the cable.
On the section “Function Diagram” and enclosure side a block diagram identifies all connections.
Identify the function and location of each connection terminal using the wiring diagram on the corresponding section, as an example (redundant power supply configuration):
For Power Supply 1 (20÷30 Vdc source): connect (+) positive pole at terminal “9” and (-) negative pole at terminal “10”.
For Power Supply 2 (20÷30 Vdc source): connect (+) positive pole at terminal “11” and (-) negative pole at terminal “12”.
Use Power Bus and DIN-Rail accessories (described on pag. 3) to connect D5202S module to Power and Fault Bus.
For 1oo2 Power Fault output (see description of the power supply diagnostic functionality on pag. 5):
- use terminal “5” and “6” as NO contact (Normally Open when relay is de-energized);
- use terminal “5” and “7” as NC contact (Normally Closed when relay is de-energized).
For Common Fault output (see description of the cumulative fault diagnostic functionality on pag. 6):
- use terminal “1” and “2” as NO contact (Normally Open when relay is de-energized);
- use terminal “1” and “3” as NC contact (Normally Closed when relay is de-energized).
Installation and wiring must be in accordance to the relevant national or international installation standards (e.g. IEC/EN60079-14 Electrical apparatus for explosive gas atmospheres
Part 14: Electrical installations in hazardous areas (other than mines)), make sure that conductors are well isolated from each other and do not produce any unintentional connection.
Connect SPST relay contacts checking the load rating to be within the contact maximum rating (5 A 250 Vac 1250 VA, 5 A 250 Vdc 175 W (resistive load)).
To prevent relay contacts from damaging, connect an external protection (fuse or similar), chosen according to the relay breaking capacity diagram on data sheet.
The enclosure provides, according to EN60529, an IP20 minimum degree of mechanical protection (or similar to NEMA Standard 250 type 1) for indoor installation, outdoor installation
requires an additional enclosure with higher degree of protection (i.e. IP54 to IP65 or NEMA type 12-13) consistent with the effective operating environment of the specific installation.
Units must be protected against dirt, dust, extreme mechanical (e.g. vibration, impact and shock) and thermal stress, and casual contacts.
If enclosure needs to be cleaned use only a cloth lightly moistened by a mixture of detergent in water.
Electrostatic Hazard: to avoid electrostatic hazard, the enclosure of D5202S must be cleaned only with a damp or antistatic cloth.
Any penetration of cleaning liquid must be avoided to prevent damage to the unit. Any unauthorized card modification must be avoided.
Relay output contact must be connected to load non exceeding category II overvoltage limits.
Warning: de-energize main power source (turn off power supply voltage) and disconnect plug-in terminal blocks before opening the enclosure to avoid electrical shock
when connected to live hazardous potential.
Start-up
Before powering the inputs of unit check that all wires are properly connected, also verifying their polarity. Check conductors for exposed wires that could touch each other causing
dangerous unwanted shorts. Please, see pag. 5 and 6 for each functionality of the D5202S module.
D5202S is an electrical apparatus installed into standard EN50022 T35 DIN-Rail located in Safe Area or Zone 2, Group IIC, Temperature Classification T4, Hazardous Area
(according to EN/IEC60079-15) within the specified operating temperature limits Tamb - 40 to +60 °C.
D5202S must be installed, operated and maintained only by qualified personnel, in accordance to the relevant national/international installation standards (e.g. IEC/EN60079-14
Electrical apparatus for explosive gas atmospheres - Part 14: Electrical installations in hazardous areas (other than mines)), following the established installation rules.
De-energize power source (turn off power supply voltage) before plug or unplug the terminal blocks when installed in Hazardous Area or unless area is known to be nonhazardous.
Warning: substitution of components may impair Intrinsic Safety and suitability for Zone 2.
Warning: de-energize main power source (turn off power supply voltage) and disconnect plug-in terminal blocks before opening the enclosure to avoid electrical shock
when connected to live hazardous potential.
Explosion Hazard: to prevent ignition of flammable or combustible atmospheres, disconnect power before servicing or unless area is known to be nonhazardous.
Failure to properly installation or use of the equipment may risk to damage the unit or severe personal injury.
The unit cannot be repaired by the end user and must be returned to the manufacturer or his authorized representative.
Any unauthorized modification must be avoided.
8 D5202S - 4 A, 24 Vdc, SIL 3 Power Distribution and Diagnostic Module G.M. International ISM0177-4
Configuration
An eight position DIP Switch is located on component side of pcb in order to set four different configurations:
1) Operation with all diagnostic functions enabled;
2) Operation with disabled overvoltage and undervoltage fault detection on power supply 1;
3) Operation with disabled overvoltage and undervoltage fault detection on power supply 2;
4) Operation with disabled cumulative fault detection.
1) Operation with all diagnostic functions enabled:
2) Operation with disabled overvoltage and undervoltage fault detection on power supply 1:
3) Operation with disabled overvoltage and undervoltage fault detection on power supply 2:
4) Operation with disabled cumulative fault detection:
DIP switch configurations:
1234
ON
5678
OFF OFF OFF
ON ON ON
OFFOFF
1234
ON
5678
OFF OFF OFF
ON ON ON
OFF OFF
1234
ON
5678
OFF OFF OFF
ON ON ON ON ON
1234
ON
5678
OFF OFF OFF
ON ON ON ON OFF
Warning: DIP switches 2, 4, 5 must be always set to “OFF” position.
This configuration is useful when D5202S is used with
a single power supply (the Power Supply 2) because
the Power Supply 1 is not connected or used.
This configuration is useful when D5202S is used with
a single power supply (the Power Supply 1) because
the Power Supply 2 is not connected or used.
This configuration is useful when D5202S is used with
redundant power supply (Power Supply 1 & 2).
This configuration is useful when D5202S must not repeat
any common fault signal from the Power and Fault Bus.
For SIL applications
This is factory settings
Table of contents
