GE IC220SDL953 User Manual Download

Page: 98 / 124

A-22

User manual IC220SDL953 - September 2011

GFK-2731

A 6

Implementation of data flow between the standard

controller and the safety modules

For the parallel communication required between safe components, data flow must be

ensured by the relevant standard controller. Consistency must, therefore, be ensured over

the entire data width of the safe devices.

Data flow within standard infrastructure components is not safety-related. The measures

for safeguarding failsafe communication are implemented in the safe termination devices.

A 6.1

Implementation of data flow with a function block

A copy function block (COPY FB) to safeguard data flow between the VersaSafe modules

is available from GE Intelligent Platforms for certain systems.

A 6.2

Implementation of data flow without a function block

If a function block (COPY FB) is not available for your controller, you must implement data

flow within the VersaSafe system yourself.
The VersaSafe components are represented in the process image of the higher-level con-

troller with a special I/O structure. The structure is mapped in the corresponding device de-

scription.
The components illustrated in Figure A-4 must be copied according to the arrows for the

data flow required between the VersaSafe components. The data/registers in bold are also

useful for the standard application program of the standard controller.

A 7

Enable principle

The enable principle is implemented in the VersaSafe system. For this, all modules with

local outputs have an enable function integrated in the device firmware (ANDed bit-by-bit)

for each local safe output channel. The enable function can be parameterized

(enabled/disabled) for each specific channel.
When the enable function is enabled, the relevant safe local output is ANDed bit-by-bit with

the corresponding standard output of the standard controller (Data-LPSDO register). This

output is then only set if the result of the safety function calculation permits this and the

standard controller has set the corresponding output in the Data-LPSDO register (see also

"I/O image and data flow in a system comprising 1 IC220SDL953 and 3 satellites" on

page A-15).
The enable function is performed according to the single-channel or two-channel

parameterization of the safe outputs.

If data consistency is not ensured, the module shuts down and requests an operator

acknowledgment.

Summary of Contents for IC220SDL953

Page 1: ...GE Intelligent Platforms September 2011 VersaSafe VersaPoint Module IC220SDL953 SAFETY LOGIC MODUL SAFE OUTPUT 24VDC 8PT User s Manual GFK 2731 Programmable Control Products E ...

Page 2: ...T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 3: ...saPoint module with integrated safety logic and safe digital outputs GFK 2731 03 Catalog No Revision IC220SDL953 HW FW FW 00 100 100 HW FW FW 00 101 100 User s manual Catalog No Revision This user manual is valid for ...

Page 4: ...nformation about possible property damage and general information concerning proper operation and ease of use This is the safety alert symbol It is used to alert you to potential personal injury hazards Obey all safety measures that follow this symbol to avoid possible injury or death DANGER This indicates a hazardous situation which if not avoided will result in death or serious injury WARNING Th...

Page 5: ...of the information contained herein No warranties of merchantability or fitness for purpose shall apply How to contact us Internet Up to date information on GE Intelligent Platforms products and our Terms and Conditions can be found on the Internet at www ge ip com Make sure you always use the latest documentation It can be downloaded at http support ge ip com Subsidiaries If there are any problem...

Page 6: ...User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 7: ...the parameterization 2 5 2 7 Local diagnostic and status indicators 2 6 2 8 Safe state 2 8 2 8 1 Operating state 2 8 2 8 2 Error detection in I O devices 2 8 2 8 3 Device errors 2 9 2 8 4 Parameterization errors 2 9 2 9 Process data words 2 10 2 10 Programming data configuration data 2 10 2 10 1 Local bus 2 10 2 10 2 Other bus systems or networks 2 10 3 VersaPoint potential and data routing and Ve...

Page 8: ...circuit for external relays contactors free running circuit 6 2 6 3 Measures required to achieve a specific safety integrity level 6 3 6 4 Single channel assignment of safe outputs 6 5 6 5 Two channel assignment of safe outputs 6 8 7 Startup and validation 7 1 7 1 Initial startup 7 1 7 2 Restart after replacing a safety module 7 3 7 2 1 Replacing a safety module 7 3 7 2 2 Restart 7 3 7 3 Validatio...

Page 9: ...s A 5 A 2 3 Safe input and output devices A 5 A 3 VersaSafe address assignment A 6 A 4 Operating modes and setting the DIP switches in the VersaSafe system A 10 A 4 1 Module switch positions A 10 A 4 2 VersaSafe multiplexer mode A 11 A 5 Process image A 13 A 5 1 Structure of the process image A 13 A 5 2 Description of the registers A 17 A 6 Implementation of data flow between the standard controll...

Page 10: ...Communication errors A 32 A 13 4 I O errors A 32 A 14 Startup and restart A 33 A 14 1 Startup restart following power up A 33 A 14 2 Restart after triggering a safety function A 33 A 15 Memory sizes for the safety logic A 33 B Appendix Checklists B 1 B 1 Checklists for the VersaSafe system B 2 B 1 1 Planning B 2 B 1 2 Configuration and parameterization B 4 B 1 3 Startup B 5 B 1 4 Safety functions ...

Page 11: ...fe system the following operations may only be carried out by qualified personnel Planning Configuration of the safety logic and parameterization Installation startup servicing Maintenance decommissioning This user manual is therefore aimed at Qualified personnel who plan and design safety equipment for machines and systems and are familiar with regulations governing safety in the workplace and ac...

Page 12: ...unauthorized opening In this case the correct operation of the safety module can no longer be ensured Measures to prevent incorrect connection and polarity reversal Take measures to prevent the incorrect connection polarity reversal and manipulation of connections 1 2 Electrical safety Direct indirect contact Ensure that all components connected to the system are protected against direct and indir...

Page 13: ...cklists on page B 1 The target safety integrity level SIL according to EN 61508 SIL CL according to EN 62061 or performance level and category according to EN ISO 13849 1 is ascertained on the basis of the risk analysis The safety integrity level ascertained determines how to connect and parameterize the safety module within the overall safety function Within a VersaSafe system the IC220SDL953 saf...

Page 14: ...directives and legislation For the standards observed by the module please refer to the certificate issued by the approval body and the EC declaration of conformity These documents are available on the Internet at www ge ip com 1 6 Correct usage Only use the VersaSafe system in accordance with the instructions in this section The IC220SDL953 safety module is designed exclusively for use in a Versa...

Page 15: ...es or additions to this document can be found on the Internet at http support ge ip com VersaSafe system When working on the VersaSafe system and its components you must always keep this user manual and other items of product documentation to hand and observe the information therein User manuals For the controller used For VersaSafe system I O modules For VersaSafe system function blocks Please al...

Page 16: ...oltage A circuit in which the voltage does not exceed 30 V AC 42 4 V peak value or 60 V DC under normal conditions or single fault conditions ex cept in the event of grounding errors in other circuits A PELV circuit is like a SELV circuit but is connected to protective earth ground According to EN 61131 2 EUC Equipment under control ...

Page 17: ...ransmission speed of the VersaPoint local bus can be set to 500 kbaud or 2 Mbaud on the safety module using switches Use the same transmission speed throughout a VersaPoint station The module has a 10 pos DIP switch which is used to set the island number and operating mode The module has four safe positive switching digital outputs for two channel assignment or eight safe positive switching digita...

Page 18: ... and operating mode 4 Switch for setting the address 5 Potential jumper 6 Diagnostic and status indicators for assignment and meaning see Local diagnostic and status indicators on page 2 6 7 VersaPoint connector for assignment see Terminal point assignment on page 3 3 8 Terminal points 9 Labeling field 2 4 Housing dimensions Figure 2 2 Housing dimensions in mm 4x 4x 1 2 3 7 8 9 1 2 0 1 2 1 1 2 2 1...

Page 19: ...s the test pulses can be disabled However in this case error detection is reduced For information about parameterization please refer to Parameterization of the safe outputs on page 5 2 Diagnostics Diagnostics are provided via both the local diagnostic indicators and the diagnostic messages which are transmitted to the controller For information about the diagnostic messages of the outputs please ...

Page 20: ... relays or contactors with positively driven N C contacts to safely monitor the state pick up drop out Please observe any special environmental requirements in your application when selecting the controlled devices Please note applicable C standards in your application e g EN 1010 in which for example the number of controlled devices required to achieve a particular category is specified WARNING U...

Page 21: ... examples see Section 6 Connection examples for safe outputs Observe the requirements of the standards with regard to the external wiring and the actuators to be used to achieve a SIL SIL CL Cat PL see Measures required to achieve a specific safety integrity level on page 6 3 Key Output OUT0 to OUT3 Output parameterization Single channel Two channel Test pulses Any ON OFF Achievable category SIL 2...

Page 22: ...e contact at the bus interface terminal before the flashing terminal has failed another terminal was snapped on during operation not permitted ON Communications power present local bus active FS Red LED Failure state Flashing at 1 Hz Device not parameterized or parameterization was not accepted ON Hardware fault The output drivers are reset there is no communication to the satellites Or Impermissi...

Page 23: ...ellites If no satellites have been configured IC220SDL953 is parameterized Corresponds to COK bit 1 see Dev Diag LPSDO LPSDO diagnostics on page A 18 OUT 0 1 3 2 Green red LED Status of each output see Terminal point assignment on page 3 3 Green Output at logic 1 OFF Output at logic 0 no error Red ON Short circuit overload of an output This diagnostic message is stored temporarily on the module Th...

Page 24: ... 0 OFF safe state Depending on the parameterization the following errors can be detected at outputs Short circuit Cross circuit Overload The relevant diagnostic message is transmitted to the controller see Safe digital output errors on page 8 4 For information about which errors are detected and when please refer to Connection examples for safe outputs on page 6 1 WARNING Loss of the safety functi...

Page 25: ...ed to the controller see Errors Messages and removal on page 8 1 2 8 4 Parameterization errors Parameterization errors are indicated As long as the module is not parameterized or In the event of faulty parameterization Parameterization errors cause the entire module to enter the safe state The FS LED on the safety module flashes In the event of faulty parameterization the relevant diagnostic messa...

Page 26: ...n single channel or two channel mode The value for parameterized output for the outputs is also set for the input data 2 10 Programming data configuration data 2 10 1 Local bus 2 10 2 Other bus systems or networks Operating mode VersaSafe 24 words VersaSafe 16 words VersaSafe multiplexer ID code ABhex 171dec ABhex 171dec ABhex 171dec Length code 18hex 24dec 10hex 16dec 08hex 08dec Input address ar...

Page 27: ...s 24 V supply voltage in the bus coupler or power terminal It is made available to the safety module via the VersaPoint potential jumper UL The supply voltage UL is used to supply the bus controller board and the communications power For technical data for the supply voltage UL please refer to Supply voltage UL logic on page 10 3 The maximum current carrying capacity for the supply voltage UL is 2...

Page 28: ...s of the safety function when using unsuitable power supplies For the voltage supply at the bus coupler or power terminal please note Only power supplies according to EN 50178 VDE 0160 PELV may be used Please also observe the points in Electrical safety on page 1 2 NOTE Module damage due to polarity reversal Polarity reversal places a burden on the electronics and despite protection against polari...

Page 29: ...nectors are used according to the ordering data they must also be keyed The following applies for the tables below All outputs are safe digital outputs 0 V GND Common ground for outputs FE Common functional earth ground NOTE Damage to module electronics in the event of surge voltage Do not use a DC distribution network Only use the connectors supplied with the module or connectors that are approve...

Page 30: ...4 4 FE Table 3 3 Terminal point assignment for connector 3 Terminal point Signal Channel assignment LED 5 1 OUT2_Ch1 Output 2 channel 1 2 1 6 1 OUT2_Ch2 Output 2 channel 2 2 2 5 2 Not used 6 2 Not used 5 3 0 V GND Channel 1 and channel 2 6 3 0 V GND Channel 1 and channel 2 5 4 FE 6 4 FE Table 3 4 Terminal point assignment for connector 4 Terminal point Signal Channel assignment LED 7 1 OUT3_Ch1 Ou...

Page 31: ...el 1 and channel 2 7 4 FE 8 4 FE WARNING Loss of functional safety due to parasitic voltages Connect the ground of the actuator to the ground terminal point of the corresponding output on the VersaPoint connector An external ground may not be used Table 3 4 Terminal point assignment for connector 4 Terminal point Signal Channel assignment LED ...

Page 32: ...3 3 6 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 33: ...ed by unauthorized persons Mount all VersaPoint terminals on 35 mm DIN rails Only connect the cables using the supplied VersaPoint connectors or VersaPoint connectors listed in the ordering data NOTE Electrostatic discharge The safety module contains components that can be damaged or destroyed by electrostatic discharge When handling the safety module observe the necessary safety precautions again...

Page 34: ...e switches cannot be accessed when the safety terminal is in stalled in the VersaPoint station A Switch for setting the transmission speed and the mode B Switch for setting the operating mode and the address 500KBD 2MBD Mode1 Mode2 A A 9 8 7 6 5 4 3 2 1 0 B B 9 8 7 6 5 4 3 2 1 0 500KBD 2MBD Mode1 Mode2 79690009 off on off on Only use devices with a uniform transmission speed within a VersaPoint st...

Page 35: ...witch positions NOTE Malfunction in the event of incorrect addressing Make sure that in an overall system comprising the VersaSafe system and any higher level PROFIsafe system the addresses address within the VersaSafe sys tem and F Address of the PROFIsafe system are unique Duplicate address as signment is not permitted Table 4 2 Switch position for VersaSafe 16 words VersaSafe 16 words Mode swit...

Page 36: ...re securely snapped into place Insert connectors Insert the connectors in the specified order A B Figure 4 3 Inserting the connector For general information about assembling and removing VersaPoint terminals please refer to the GFK 2736 user manual Set the DIP switches prior to assembly see Setting the DIP switches on page 4 2 The DIP switches cannot be accessed when the safety module is installed...

Page 37: ...or from the neighboring VersaPoint terminal on the left Remove connectors Remove the connector by pressing the back shaft latching A and levering off the connector B Figure 4 4 Removing the connector Remove base Release the base by pressing on the front and back snap on mechanisms A and pull it out perpendicular to the DIN rail B Figure 4 5 Removing the safety module base A B A A B ...

Page 38: ...your application For the terminal point assignment please refer to Terminal point assignment on page 3 3 For wiring proceed as follows Strip 8 mm off the cable Push a screwdriver into the slot of the appropriate terminal point Figure 4 6 detail 1 so that you can insert the wire into the spring opening GE Intelligent Platforms recommends the SZF 1 0 6X3 5 screwdriver Insert the wire Figure 4 6 deta...

Page 39: ...onnecting unshielded cables Insert the assembled connectors in the corresponding module slot see Terminal point assignment on page 3 3 Label all connections to prevent connections to the VersaPoint connectors being mixed up see GFK 2736 user manual i g i t a l I n p 1 6 4 5 2 B 0 3 2 ...

Page 40: ...4 4 8 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 41: ... e g with a function block The supply voltage must be present and the local bus must be in the RUN state when downloading The module cannot be operated if it is not parameterized In this case the FS LED flashes The module is ready to operate if the parameters for all outputs are valid and transmitted without errors Valid output data is only written in this state In any other state every output is ...

Page 42: ... are described in Table 5 1 Table 5 1 Parameterization of outputs Parameterization Value range Remark OUT0 OUT3 Assignment Not assigned Assigned The outputs that are not assigned are disabled However the monitoring of these outputs remains active Output Single channel Two channel In two channel operation the assignment of the outputs to one another is specified and cannot be parameterized Switch o...

Page 43: ...ulses output switched off Disabled Enabled Enabling and disabling of test pulses For these test pulses the output drivers that are disabled are temporarily enabled for test purposes See note below this table Enable Disabled Enabled Disabled default value The corresponding safe output is operated exclusively according to the safety logic Enabled Enable is active the safe output data is output after...

Page 44: ...s modified this can result in delayed startup due to the switch off delay time Table 5 2 Switching off of the outputs according to the trigger event and the parameterization Switching off of outputs Influence of parameterized switch off delay Switching off of outputs By the controller Yes Once the parameterized switch off delay has elapsed After a bus error Yes Once the parameterized switch off de...

Page 45: ...e tables For information about the relevant error code possible remedies and information about whether acknowledgment is required please refer to Errors Messages and removal on page 8 1 Typical parameterization The table illustrates an example of all the parameters for the specified assignment Key for all tables in this section Errors cross circuits short circuits which can be prevented by correct...

Page 46: ... not be supplied in an output e g via cross circuits These errors can adversely affect the operation of the module or even destroy the module and thus result in the loss of the safety function Therefore these errors must be prevented Install the connecting cables for connecting the actuators so that they are protected against cross circuits Please observe the load capacity of the outputs according...

Page 47: ...the welding of contacts on the connected contactors or safety relays with appropriate protection against overcurrent and surge voltage Please note that a single error can result in the loss of the safety function between tests Ensure that the external wiring is tested by the machine control system on machine startup and at suitable intervals This test must detect the loss of the safety function In...

Page 48: ...sure that a single error does not result in the loss of the safety function Cat 4 Use proven and basic safety principles according to EN ISO 13849 2 Use appropriately qualified actuators see Requirements for controlled devices actuators on page 2 4 Please note that mechanical failure of the switching device can result in the loss of the safety function Prevent the welding of contacts on the connec...

Page 49: ... to these pulses use the two channel assignment of the outputs WARNING Loss of safety function Connect the actuator ground directly to terminal point GND of the safety module An external ground may not be used 73421005 K2 R K1 R K1 K2 OUT1_Ch1 GND M Actuator Single channel Two channel Achievable SIL SIL CL Cat PL SIL 2 SIL CL 2 Cat 2 PL c SIL 2 SIL CL 2 Cat 3 PL d WARNING Loss of electrical and fu...

Page 50: ...uator used Ensure that this error does not result in delayed system startup Other errors depending on the actuator Please take into consideration all possible errors that can occur in the actuator Error in the wiring Interrupt Cable interrupt between output and actuator or between actuator and ground No None No Detect errors using external monitoring Please take into consideration all the possible...

Page 51: ...ample the switch off delay is 30 1 s 30 s Parameterization Parameterized as Remark Assignment Assigned Output Single channel Switch off delay for stop category 1 Enabled Or disabled Switch off delay for stop category 1 30 Application specific Value range of switch off delay for stop category 1 Value in s Application specific Test pulses output disabled in software test impulses output switched off...

Page 52: ...is width can occur at the faulty output channel in the event of an error The two channel assignment means that this does not result in a hazardous state 73420006 K2 R K1 R K1 K2 OUT1_Ch1 GND M OUT1_Ch2 GND Actuator Two channel Achievable SIL SIL CL Cat PL SIL 3 SIL CL 3 Cat 4 PL e WARNING Loss of electrical and functional safety To achieve the specified safety integrity level please refer to Measu...

Page 53: ...actuator used Ensure that this error does not result in delayed system startup Other errors depending on the actuator Please take into consideration all possible errors that can occur in the actuator Error in the wiring Interrupt Cable interrupt between output and actuator or between actuator and ground No None No Detect errors using external monitoring Please take into consideration all the possi...

Page 54: ... 1 s 30 s Parameterization Parameterized as Remark Channel 1 Channel 2 Assignment Assigned Assigned Output Two channel Two channel Switch off delay for stop category 1 Enabled Enabled Or disabled Switch off delay for stop category 1 30 30 Application specific Value range of switch off delay for stop category 1 Value in s Value in s Application specific Test pulses output disabled in software test ...

Page 55: ... the transmission speed and the operating mode Setting the DIP switches on page 4 2 Set the address Setting the DIP switches on page 4 2 Install the safety module within the VersaPoint station Assembly removal and electrical installation on page 4 1 Connect the bus system and supply voltage cables to the VersaPoint station GFK 2736 user manual or documentation for the bus cou pler Wire the outputs...

Page 56: ...ule starts up without any errors there must be no red LEDs permanently on the FS LED flashes because the device is not parameterized Check the assembly and installation Checklist Assembly removal and electrical installation on page 4 1 Implement data flow between the standard controller and the safety modules and between the safety modules themselves Implementation of data flow between the standar...

Page 57: ... safety validation every time you make a safety related modification to the VersaSafe system When validating your EUC check the assignment of the individual actuator connections Determine whether The correct safe actuators are connected to the safety module The safety module has been parameterized correctly The signals used in your safety logic have been linked to the safe actuators correctly Perf...

Page 58: ...7 7 4 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 59: ...mn in the tables below Error removal To remove the cause of an error please proceed as described in the Remedy column in the tables below Error acknowledgment Instructions on how to acknowledge an error can be found in Acknowledging an error on page 8 8 Table 8 1 Overview of diagnostic codes Diagnostic code Error type See X010 X0AA Safe digital output errors Section 8 1 on page 8 4 X1F0 Supply vol...

Page 60: ...lizing diagnostic code specified in the documentation X03nhex For some errors a single channel is specified as the error location e g OUT0_Ch1 Some errors only occur for outputs parameterized for two channel operation Here the channel pair is specified as the error location e g OUT0_Ch1 2 Example Channels in the diagnostic code Safe output errors Table 8 4 Table 8 2 Relationship between the diagno...

Page 61: ...cated with Yes in the Acknowledgment column Special conditions for re enabling an output or the module are specified in brackets e g Yes 1 in the Acknowledgment column and explained below the relevant table Table 8 3 Relationship between the diagnostic code indicated and the diagnostic code specified in the documentation 15 14 13 12 11 10 0 Assignment of the diagnostic register see page A 18 COK S...

Page 62: ...1_Ch2 X039 OUT2_Ch2 X03A OUT3_Ch2 Error at the output or short circuit during the test X05n All OUT Red ON Pulse test brief activation at the output failed All module outputs are in the safe state Power up with error free selftest Replacement Yes 1 X050 OUT0_Ch1 X051 OUT1_Ch1 X052 OUT2_Ch1 X053 OUT3_Ch1 X057 OUT0_Ch2 X058 OUT1_Ch2 X059 OUT2_Ch2 X05A OUT3_Ch2 Error at the output during the test X06...

Page 63: ...ne startup An operator acknowledgment leads to a positive edge and can thus result in the outputs being re enabled Table 8 5 Supply voltage UM errors Error cause Diagnos tic code hex LED Remark Effect Remedy Acknow ledgment Undervoltage UM X1F0 UM flashing UM below the permissible voltage range All module outputs are in the safe state Check supply voltage level and correct Check supply line length...

Page 64: ..._Ch1 2 561 OUT1_Ch1 2 562 OUT2_Ch1 2 563 OUT3_Ch1 2 The parameterization of two related outputs does not correspond to the two channel setting Correct value and resend parameter data to the module X28n X280 OUT0_Ch1 X281 OUT1_Ch1 X282 OUT2_Ch1 X283 OUT3_Ch1 X287 OUT0_Ch2 X288 OUT1_Ch2 X289 OUT2_Ch2 X28A OUT3_Ch2 640 OUT0_Ch1 641 OUT1_Ch1 642 OUT2_Ch1 643 OUT3_Ch1 647 OUT0_Ch2 648 OUT1_Ch2 649 OUT2...

Page 65: ...osition Incorrect F_Source_ Address X7C4 The F_Source_Address set on the device is not within the permissible value range Check and correct switch position Communication connection faulty XDnn See X5nn the OAR bit is set in the diagnostic register of the IC220SDL953 Table 8 10 Diagnostic codes for faulty communication connection OAR bit Diagnostic code bit 0 4 Faulty connection to satellite OAR bi...

Page 66: ...e event of failure the safety module is replaced please proceed as described in Section 4 Assembly removal and electrical installation and Restart after replacing a safety module on page 7 3 WARNING Acknowledgment may result in a hazardous system state With the exception of a few special cases the acknowledgment of an error immediately returns the safe input or output to the operating state Before...

Page 67: ...GE Intelligent Platforms It is strictly prohibited to open the safety module In order to prevent the manipulation of the module and to detect the unauthorized opening of the module a security seal is applied to the module This security seal is damaged in the event of unauthorized opening In this case the correct operation of the safety module can no longer be ensured 9 3 Decommissioning and dispos...

Page 68: ...9 9 2 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 69: ...mixed at will Memory capacity 20 kB for safety logic General data Housing dimensions width x height x depth 48 8 mm x 119 8 mm x 71 5 mm Weight with connectors 200 g Operating mode VersaSafe Process data mode with 16 or 24 words VersaSafe multiplexer Process data mode with 8 words Transmission speed local bus 500 kbaud or 2 Mbaud Ambient temperature Operation 25 C to 55 C Storage transport 25 C to...

Page 70: ...ethod Spring cage terminals Conductor cross section 0 2 mm2 to 1 5 mm2 solid or stranded 24 16 AWG Supported stop category according to EN 60204 0 1 in error free state General data continued Mechanical requirements Vibration according to IEC 60068 2 6 Operation 2g Criterion A Shock according to IEC 60068 2 27 15g over 11 ms Criterion A Safety characteristics according to IEC 61508 EN 61508 Achiev...

Page 71: ...iagnostic coverage DC 99 Mean time to dangerous failure MTTFd For single channel assignment 100 years For two channel assignment 100 years Supply voltage UL logic Current consumption 230 mA maximum The safety terminal is supplied with communications power via the bus coupler a VersaPoint controller or a designated power terminal in the station Potential routing is used for the communications power...

Page 72: ...power supply unit must be able to supply four times 400 the nominal current of the external fuse Safe digital outputs OUT0 to OUT3 Number 4 two channel or 8 single channel positive switching Supply From supply voltage UM Maximum output current per output 2 A Maximum output current for all outputs total current 6 A observe derating and maximum output current for each group Maximum output current fo...

Page 73: ...p category 1 Can be parameterized 150 ms to 630 s see Parameterization of the safe outputs on page 5 2 Accuracy 5 of the parameterized value Maximum duration of the test pulses when switched off active driving 1 ms Maximum duration of the test pulses when switched on 3 ms depending on the load capacity Status indicators One green LED two color LED green red per output see Local diagnostic and stat...

Page 74: ...ply units in the 24 V area is not permitted See also IL SYS INST UM E user manual Approvals For the latest approvals please visit http support ge ip com Conformance with EMC Directive 2004 108 EC Noise immunity test according to DIN EN 61000 6 2 Electrostatic discharge ESD EN 61000 4 2 IEC 61000 4 2 Criterion B 6 kV contact discharge 8 kV air discharge Electromagnetic fields EN 61000 4 3 IEC 61000...

Page 75: ...or set as replacement item On request 1 set Connector set consisting of four Ver saPoint connectors with integrated dis charge electronics IC220SCO753 1 set Description Name Pcs Pkt Parameterization and configuration tool VersaConf Safety 1 The software can be downloaded free of charge from http support ge ip com Description Catalog No Pcs Pkt VersaPoint User manual Automation terminals of the Ver...

Page 76: ...10 10 8 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 77: ...o be observed when installing the corresponding modules They can be distributed in the network and operated at any point in the I O station Due to the technology used a special bus coupler is not required as the safety operations are processed directly in the IC220SDL953 intelligent safe output module Thanks to the comprehensive range of parameterization options the input or output channels can be...

Page 78: ...arge see Ordering data on page 10 7 Enable principle Standard controller can access all safe signals and diagnostic data A 1 3 Differences in VersaSafe systems dependent upon which module with integrated safety logic is used Table A 1 VersaSafe system specifications Functionality IC220SDL953 Supported networks PROFIBUS PROFINET ETHERNET IP MODBUS TCP DeviceNet CANopen sercos III Number of safe com...

Page 79: ...tiplexer mode Yes Support of partial configurations Yes Table 10 1 Revision as of which a module is permitted for use on the logic module Order No Type Revision as of which a module is permitted for use on IC220SDL953 2985688 IC220SDL543 00 200 2985631 IC220SDL753 01 200 100 2985864 IC220SDL840 01 200 100 2916493 IC220SDL752 01 200 100 Table A 1 VersaSafe system specifications Functionality IC220S...

Page 80: ...ystem using safe data packets System The system comprises a standard controller and up to 31 VersaSafe islands Controller Network VersaSafe IC220SDL953 IC220SDL543 79692020 D LPSDO8 1 2 1 2 1 2 1 2 FS UM 0 1 2 3 D PSDO8 1 2 1 2 1 2 1 2 FS UM 0 1 2 3 P D PSDO8 1 2 1 2 1 2 1 2 FS UM 0 1 2 3 P D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P 1 RUN FAIL RUN PROG MRESET STP RDY RUN BSA FAIL RF PRG LNK A...

Page 81: ...y must at least be ensured using the data telegram of a module A 2 3 Safe input and output devices Safe input and output devices form the interface to connected I O devices The devices control contactors or valves for example and or read the input status of connected safety related sensors The internal structure of the devices enables component failures interruptions in transmission or the absence...

Page 82: ... and any higher level PROFIsafe system the addresses address within the VersaSafe system and F Address of the PROFIsafe system are unique Duplicate address assignment is not permitted Table A 2 VersaSafe address IC220SDL953 VersaSafe address Island number Reserved 7 6 5 4 3 2 1 0 1dec to 31dec 0dec Table A 3 VersaSafe address e g IC220SDL543 VersaSafe address Island number Satellite number 7 6 5 4...

Page 83: ...0 0 0 0 0 128dec 80hex IC220SDL840 Position 1 16dec 10hex 1dec 1 0 0 0 0 0 0 1 129dec 81hex IC220SDL543 Position 2 16dec 10hex 2dec 1 0 0 0 0 0 1 0 130dec 82hex IC220SDL752 Position 3 16dec 10hex 3dec 1 0 0 0 0 0 1 1 131dec 83hex IC220SDL753 Position 4 16dec 10hex 4dec 1 0 0 0 0 1 0 0 132dec 84hex IC220SDL543 Position 5 16dec 10hex 5dec 1 0 0 0 0 1 0 1 133dec 85hex ...

Page 84: ...T1 0 1 2 3 UT2 P D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P IC220SDL543 D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P 00010 000 00010 001 00010 010 00010 011 IC220SDL953 IC220SDL543 D LPSDO8 1 2 1 2 1 2 1 2 FS UM 0 1 2 3 D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P IC220SDL543 D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P 00001 000 00001 ...

Page 85: ...ultiplexer mode and the island number on the IC220SDL953 Table A 6 Example addresses for VersaSafe islands Addresses for island number 1 red in Figure A 2 Addresses for island number 2 green in Figure A 2 Addresses for island number 3 blue in Figure A 2 Devices 00001 000 08hex 00010 000 10hex 00011 000 18hex IC220SDL953 island node 00001 001 09hex 00010 001 11hex Assigned IC220SDL543 IC220SDL in V...

Page 86: ...3 DIP switches for address Mode 500 KBD 2 MBD Operating mode 9 8 7 3 2 0 Address 31 addresses see below Off Reserved must be off Island number Must be 0 off Off Mode1 500 KBD or 2 MBD VersaSafe 16 words On Mode2 VersaSafe 24 words On No function VersaSafe multiplexer 8 words Table A 8 Switch position of the satellites in VersaSafe and VersaSafe multiplexer mode Satellites DIP switches for address ...

Page 87: ...e IC220SDL953 parameterizes both the local safe I O devices and the input module as follows The watchdog time tFWD is set to a fixed value of 200 ms Multiplexer mode is intended as a replacement for cabling A stand alone solution one using MUX modules for example cannot be implemented with multiplexer mode NOTE Not a safe application In order to ensure correct use subsequent safety logic an evalua...

Page 88: ... Clock output UT1 ON UT2 ON NIU VersaPoint NIU standard controller VersaPoint Modules VersaPoint terminals according to your requirements IC220SDL953 IC220SDL54 D PSDI8 1 2 1 2 1 2 1 2 FS UM UT1 0 1 2 3 UT2 P BF SF D LPSDO8 1 2 1 2 1 2 1 2 FS UM 0 1 2 3 AUTOMATIONWORX UL US UM FF I1 I3 I2 I4 ILC 170 ETH 2TX Order No 2916532 HW FW 00 220 MAC Addr xx xx xx xx RESET Q4 E I5 I7 I6 I8 PRG LNK LNK ACT A...

Page 89: ...7 Read only parts for the standard controller bold in PAE Dev Diag x Diagnostic data of satellite x x 1 3 On page A 17 Data x Safe data of satellite x x 1 3 On page A 17 Dev Diag LPSDO Diagnostic data of all modules On page A 19 App Diag LPSDO Freely configurable feedback signals of the IC220SDL953 to the stan dard controller On page A 19 Feedback Data PSDO Safe output data of the IC220SDL read ba...

Page 90: ... mapping the individual submodules within the IC220SDL953 The sequence of the satellites within the IC220SDL953 must be determined by the sat ellite numbers The corresponding VersaSafe addresses within an island are in ascending order and without gaps Figure A 5 shows an example of the structure of the I O image and data flow for multiplexer mode ...

Page 91: ...es 8 Bytes 81522024 PAE PAA Prot 1 Prot 1 Prot 1 Prot 2 Prot 2 Prot 3 Prot 3 Prot 3 Prot 1 Prot 1 Prot 1 Prot 2 Prot 2 Prot 2 Prot 3 Prot 3 Prot 3 Prot 1 Prot 1 Prot 1 Prot 1 Prot 3 Prot 3 Prot 3 Prot 3 Prot 1 Prot 1 Prot 1 Prot 1 Prot 2 Prot 2 Prot 2 Prot 2 Data 3 Prot 3 Prot 3 Prot 3 LPSDO base addr 0 LPSDO base addr 1 LPSDO base addr 2 LPSDO base addr 3 LPSDO base addr 0 LPSDO base addr 1 LPSDO...

Page 92: ...Ack LPSDO App Ack LPSDO Dev Diag 1 Dev Diag 1 Data 1 8 Bytes PAE PAA Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 Prot 1 LPSDO base addr 0 LPSDO base addr 1 LPSDO base addr 2 LPSDO base addr 3 LPSDO base addr 0 LPSDO base addr 1 LPSDO base addr 2 Short Protocol Short Protocol Short Protocol Short Protocol LPSDO base addr 8 App Ack LPSDO Enable LPSDO Sh...

Page 93: ... data registers Data Feedback Data is determined by the parameterization single channel two channel The register description below describes all bits Please refer to the description of the process data words in the documentation for the modules for information about which bits are actually assigned Table A 12 Data x register 7 6 5 4 3 2 1 0 IC220SDL543 IN3 _Ch2 IN3 _Ch1 IN2 _Ch2 IN2 _Ch1 IN1 _Ch2 ...

Page 94: ...nnected satellites or in the IC220SDL953 itself This can be detected via the corresponding Dev Diag registers of the individual satellites 12 PUR Power up requested 0 A power up is not expected 1 Following an error that cannot be acknowledged the IC220SDL953 or one of the satellites expects a power up 11 OAR Operator acknowledge requested 0 No request for acknowledgment 1 The IC220SDL953 requests ...

Page 95: ... Acknowledgment of error message regarding failsafe communication see also OAR bit in Dev Diag register 6 S Start LPSDO 0 1 Start of the project saved on the IC220SDL953 5 1 QE 5 1 Quit error device 5 1 0 1 Acknowledgment of satellite error satellite 5 to 1 by the user If an other error is present on the corresponding module it is displayed as the next error 0 QE0 Quit error device IC220SDL953 0 1...

Page 96: ...register contains standard data of the standard controller which is to enable the IC220SDL953 or the IC220SDL Each bit is assigned to a specific output The structure and function of the register are as follows Short protocol The short protocol is assigned as follows Table A 17 IC220SDL953 App Ack LPSDO register 15 14 1 0 Identifier in VersaConf Safety 0_I15 0_I14 0_Q1 0_Q0 Help text in VersaConf S...

Page 97: ...L953 Read only uses short protocol 90 IC220SDL953 status Read only 91 Loading and starting of the project header Write only uses short protocol 92 Address block Write only uses short and long protocol 93 Logic block Write only uses short and long protocol 94 Deletion of the project saved in the IC220SDL953 Write only uses short protocol ...

Page 98: ...in the corresponding device de scription The components illustrated in Figure A 4 must be copied according to the arrows for the data flow required between the VersaSafe components The data registers in bold are also useful for the standard application program of the standard controller A 7 Enable principle The enable principle is implemented in the VersaSafe system For this all modules with local...

Page 99: ...ard data of the standard control system which is to enable the IC220SDL953 bit x OUTx_Chy Output x channel y Internal sequences Table A 20 Parameterization of output channels for the example in Figure A 6 Output Channel Output Enable OUT0_Ch1 Single channel Enabled OUT0_Ch2 Single channel Enabled OUT1_Ch1 Two channel Enabled OUT1_Ch2 Two channel Enabled OUT2_Ch1 Two channel Enabled OUT2_Ch2 Two ch...

Page 100: ... in the input data of the input 0 safe state The corresponding error message is transmitted to the IC220SDL953 and the standard controller Safe outputs Depending on the device type and parameterization the following errors can be detected at safe outputs Short circuit Cross circuit Overload Violation of the shutdown time When an error is detected at an output the affected output is disabled 0 OFF ...

Page 101: ...ing error message is transmitted to the IC220SDL953 and the standard controller A 8 3 Acknowledgment of error messages for satellites Errors that occur on satellites are acknowledged by the standard controller in the Dev Ack LPSDO register on the IC220SDL953 see Description of the registers on page A 17 The acknowledgment is forwarded to the satellites To determine which errors are detected by a s...

Page 102: ...RCs are included in the configuration and parameter record Import this configuration and parameter data record into the standard controller used according to the controller On every power up make this data record available to the IC220SDL953 island node see Downloading the configuration and parameter data record following power up on page A 27 The IC220SDL953 module is thus parameterized The satel...

Page 103: ...smission of the value 0 The safe state can be a normal operating state or is set if a corresponding error has been detected WARNING Loss of safety function Before downloading a data record check whether the current data record is actually loaded Make sure that you do not overwrite the data record on the IC220SDL953 with an old data record Information about a data record is provided in the project ...

Page 104: ...lations is to ensure that the safety function responds within the required time A 11 1 Typical response time The typical response time of the VersaSafe system is the time that elapses from the signal being applied at the safe input terminal through to the response at the safe output terminal This time can usually only be achieved and measured during error free operation of the VersaSafe system The...

Page 105: ...mula for tSF tSF tS tIN tFWD_IN tOUT_LPSDO tFWD_OUT tOUT tA tSTOP 81520011 tG tIN tA tS tSF A B tSTOP tFWD_IN tOUT_LPSDO tFWD_OUT tOUT Table A 22 Key for formula and Figure A 8 Abbrevia tion Meaning Note A Demand of the safety function B Safe state of the system tSF Required shutdown time for the safety function Determined from the application e g from the required times according to the distance ...

Page 106: ...onfiguration IC220SDL953 module and 5 satellites However you should always check your actual application to ascertain the level of safety that can be achieved tA Response time of the actuator Actuator data sheet tSTOP Stopping time of the machine Measurement tG Guaranteed shutdown time Calculation tG tIN tFWD tOUT_LPSDO Table A 22 Key for formula and Figure A 8 Abbrevia tion Meaning Note Fluctuati...

Page 107: ...ment of an error is an intentional user action controlled via the standard application program with the aim of showing the system or subsystem that an error has been removed and that the system or subsystem can reactivate the faulty component Errors affecting a VersaSafe island are acknowledged via the acknowledgment register of the IC220SDL953 see Dev Ack LPSDO acknowledgment on page A 19 A 13 1 ...

Page 108: ...on page A 18 For example these include Transmission errors Data inconsistency when copying tFWD setting is incorrect the network is too slow for the tFWD setting Standard controller in STOP These errors can be acknowledged Do not acknowledge these errors from within the application program Acknowledgment must be triggered by an intentional user action A 13 4 I O errors All errors that can occur an...

Page 109: ...d as a basis for creating your safety logic Size of the first instance of each block 800 bytes Size of each additional instance 300 bytes In the mix calculation both of these values include a reserve for various other logic operations AND OR NOT etc For the actual size of the data record please refer to VersaConf Safety If the safety logic limit has been exceeded a corresponding error message is d...

Page 110: ...A A 34 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 111: ... Version HW FW FW 00 100 100 Date 2011 03 01 Author John Smith Test engineer Jane Brown Remark System XXX has been checked for engine hood production No Requirement mandatory Yes Remark X No Requirement optional Yes No Remark Y Key Equipment identification Enter the device type and or the equipment identification for the relevant device Version HW FW FW Enter the hardware and firmware version of t...

Page 112: ...the required shutdown time for the safety function tSF resulting from the machine system design been determined tSF 8 Can the planned application be implemented with the configuration options e g by using function blocks 9 Does the planned use correspond to the intended use of the system 10 Has the technical data of the VersaSafe system been observed 11 Has it been ensured that in an overall syste...

Page 113: ...artup and validation of the IC220SDL953 described 21 Are the specifications for parameterization assembly electrical installation startup and validation of the satellites described 22 Is the assignment of responsibility specified e g for assembly installation configuration parameterization startup validation etc Name company 23 Are measures planned which prevent hazardous states in each phase e g ...

Page 114: ...the correct terminal point been assigned to the correct signal 7 Is the island address set correctly 8 For IC220SDL953 outputs that are parameterized for two channel operation are both channels parameterized correctly for each other 9 For satellite inputs that are parameterized for two channel operation are both channels parameterized correctly for each other 10 For satellite outputs that are para...

Page 115: ...rement mandatory Yes Remark 1 During startup is it ensured that any person starting hazardous movements intentionally can only do so with a direct view of the danger zone No Requirement optional Yes No Remark 2 Are startup specifications applicable 3 If applicable have startup specifications been met Date Signature author Date Signature test engineer ...

Page 116: ... all the safety functions for your application in this checklist Checklist for checking safety functions Equipment identification Date Author Test engineer Remark No Safety functions Yes Remark 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Date Signature author Date Signature test engineer ...

Page 117: ...em comprising VersaSafe and any higher level PROFIsafe system the addresses address within the VersaSafe system and F Address of the PROFIsafe system are unique 8 Has the VersaConf Safety project been printed with the project information name CRC time stamp etc 9 Has the CRC of the VersaConf Safety project printout been compared with the CRC of the loaded project header and do they match No Requir...

Page 118: ...Are measures planned to prevent simple manipulation 10 Are measures planned to prevent connectors being mixed up 11 Are requirements for the actuators and cable installation observed according to the SIL SIL CL CL Cat PL to be achieved and is the corresponding implementation planned 12 Are the specifications for the address assignment for the islands specified 13 Are the specifications for the par...

Page 119: ...54 3 Do the cable cross sections correspond to the specifications 4 Are requirements for the actuators and cable installation observed according to the SIL SIL CL CL Cat PL to be achieved and is the corresponding implementation observed 5 If error prevention e g cross circuit to external signals has been defined Have the conditions for error prevention been implemented 6 Is the transmission speed ...

Page 120: ...pleted according to the specifications specifications from the planning phase or according to the user manual 2 During startup is it ensured that any person starting hazardous movements intentionally can only do so with a direct view of the danger zone 3 Are safety distances that must be observed calculated according to the response and delay times implemented No Requirement optional Yes No Remark...

Page 121: ...bles correspond to the specifications 9 Does the voltage supply correspond to the specifications for the protective extra low voltage in accordance with PELV 10 Has the power supply of UM and US in the VersaPoint system from a power supply unit been implemented 11 Is external fuse protection of the module implemented according to the specifications in this user manual for supply voltage UM 12 Have...

Page 122: ...B B 12 User manual IC220SDL953 September 2011 GFK 2731 T h i s p a g e l e f t b l a n k i n t e n t i o n a l l y ...

Page 123: ...n latest 1 5 E Enable LPSDO A 20 Enable PSDO A 20 Error Behavior in the event of an error A 31 Configuration A 32 Device A 31 Parameterization A 32 System A 31 Error classes A 31 Error messages A 31 Errors Acknowledgment 8 8 General 8 7 Outputs 8 4 Parameterization 8 6 Removal 8 1 Supply voltage 8 5 F Feedback Data LPSDO A 20 Feedback Data PSDO A 20 Free running circuit 6 2 H Housing dimensions 2 ...

Page 124: ...ck LPSDO A 19 Dev Ack x A 17 Dev Diag x A 17 Enable LPSDO A 20 Enable PSDO A 20 Feedback Data LPSDO A 20 Feedback Data PSDO A 20 Prot x A 17 Register length 2 10 Remote device A 5 Removal 4 4 Repair 9 1 Replacement module 7 3 Response time Typical A 28 Response time of the actuator A 30 Response time of the sensor A 29 Restart 7 3 A 33 S Safe state 2 8 Operating state 2 8 Outputs 2 8 2 9 Safety no...

Search results

Summary of Contents for IC220SDL953

Reviews:

Related manuals for IC220SDL953

Brands by name

Popular brands

GE IC220SDL953, User Manual

Search results

Summary of Contents for IC220SDL953

Reviews:

Related manuals for IC220SDL953

Brands by name

Popular brands