HIMatrix
Safety-Related Controller
System Manual Modular Systems
HIMA Paul Hildebrandt GmbH + Co KG
Industrial Automation
Rev. 2.02
HI 800 191 E
Page 1: ...HIMatrix Safety Related Controller System Manual Modular Systems HIMA Paul Hildebrandt GmbH Co KG Industrial Automation Rev 2 02 HI 800 191 E...
Page 2: ...y the written material without prior notice For further information refer to the HIMA DVD and our website http www hima de and http www hima com Copyright 2013 HIMA Paul Hildebrandt GmbH Co KG All rig...
Page 3: ...nical Requirements 15 2 2 1 3 EMC Requirements 15 2 2 1 4 Power Supply 16 2 2 2 Noxious Gases 16 2 3 Tasks and Responsibilities of Operators and Machine and System Manufacturers 16 2 3 1 Connection of...
Page 4: ...erating System 31 5 2 Indication of the Operating System Versions 31 5 2 1 SILworX 31 5 2 2 ELOP II Factory 31 5 3 Behavior in the Event of Faults 31 5 3 1 Permanent Faults on Inputs or Outputs 32 5 3...
Page 5: ...hernet Interfaces 62 7 3 3 Configuring the User Program 62 7 3 4 Configuring the Inputs and Outputs 63 7 3 5 Configure Line Control 65 7 3 5 1 Required Variables 65 7 3 5 2 Configuring Pulsed Outputs...
Page 6: ...ction 92 7 8 4 Configuring the Signals for safeethernet Communication 93 7 9 Handling the User Program 95 7 9 1 Setting the Parameters and the Switches 95 7 9 2 Starting the Program from STOP VALID CO...
Page 7: ...System Manual Modular Systems Table of Contents HI 800 191 E Rev 2 02 Page 7 of 114 Index of Figures 108 Index of Tables 109 Declaration of Conformity 111 Index 112...
Page 8: ...Table of Contents System Manual Modular Systems Page 8 of 114 HI 800 191 E Rev 2 02...
Page 9: ...y be used for the intended applications under the specified environmental conditions and only in connection with approved external devices 1 1 Structure and Use of the Document This system manual is c...
Page 10: ...Document number HIMatrix Safety Manual Safety functions of the HIMatrix system HI 800 023 E SILworX Communication Manual Description of the communication protocols ComUserTask and their configuration...
Page 11: ...are designated by capitals Chapter 1 2 3 Cross references are hyperlinks even if they are not particularly marked When the cursor hovers over a hyperlink it changes its shape Click the hyperlink to ju...
Page 12: ...appear as follows TIP The tip text is located here 1 4 Service and Training Deadlines and the extent of actions for commissioning testing and modifying controller systems can be agreed with the servic...
Page 13: ...ip principle adopts the de energized state if a fault occurs 2 1 1 2 Application in Accordance with the Energize to Trip Principle The HIMatrix controllers can be used in applications that operate in...
Page 14: ...owing standards for EMC climatic and environmental requirements Standard Content IEC EN 61131 2 2007 Programmable controllers Part 2 Equipment requirements and tests IEC EN 61000 6 2 2005 EMC Generic...
Page 15: ...bration immunity test 5 9 Hz 3 5 mm 9 150 Hz 1 g EUT in operation 10 cycles per axis Shock immunity test 15 g 11 ms EUT in operation 3 shocks per axis 18 shocks Table 7 Mechanical Tests 2 2 1 3 EMC Re...
Page 16: ...ons in environments with noxious gas concentrations as described in the following standards ANSI ISA S71 04 1985 Corrosive gases Class G3 DIN EN 60068 2 60 1996 also IEC 68 2 60 1995 With noxious gas...
Page 17: ...tected from electrostatic discharge e g by storing them in their packaging 2 5 Residual Risk No imminent risk results from a modular HIMatrix F60 system itself Residual risk may result from Faults rel...
Page 18: ...n the module s front plate are used to connect sensors and actuators The modules indicate the status of digital signals via LEDs located next to the clamps 3 1 1 Inputs The module s input channels are...
Page 19: ...module is indicated as faulty The outputs are set to the safe de energized state NOTE Controller damage Do not plug the terminals for output circuits if a load is connected If short circuits are prese...
Page 20: ...Open circuit or open contacts i e including when one of the two EMERGENCY STOP switches mentioned above has been engaged the FAULT LED blinks and the error code is created If such a fault occurs the f...
Page 21: ...mperature range Temperature State BYTE 60 C Normal 0x00 60 C 70 C High temperature 0x01 70 C Very high temperature 0x03 Back to 64 C 54 C 1 High temperature 0x01 Back to 54 C 1 Normal 0x00 1 The hyste...
Page 22: ...evaluate the events HIMatrix differentiates between Boolean and scalar events Boolean events Changes of Boolean variables e g of digital inputs Alarm and normal state They can be arbitrarily assigned...
Page 23: ...is full no new events can be stored as long as no further events are read and thus marked as to be overwritten 3 5 4 Transfer of Events The X OPC server readout events from buffer and transfers this t...
Page 24: ...Page 24 of 114 HI 800 191 E Rev 2 02 The software activation code is intrinsically tied to this system ID One license can only be used one time for a specific system ID For this reason only activate t...
Page 25: ...ls used in the project invalid configuration Order the software activation code on time The software activation code can be generated on the HIMA website using the system ID of the controller value 1...
Page 26: ...E Rev 2 02 Example of other F60 PADT Superior safeethernet PADT Figure 3 safeethernet Ethernet Networking Example The different systems can be connected to one another via Ethernet in any configuratio...
Page 27: ...ation data is transferred over multiple cycles number of communication time slices 1 i When calculating the maximum response times allowed the number of communication time slices must be equal to 1 se...
Page 28: ...s communication the slave address and a CRC checksum are transferred in addition to the instruction code and data while in a Modbus TCP this function is assumed by the subordinate TCP protocol For fur...
Page 29: ...tional without fieldbus submodule 4 3 1 Equipment of Fieldbus Interfaces with Fieldbus Submodules The two fieldbus interfaces FB1 and FB2 of the processor module can be freely equipped with fieldbus s...
Page 30: ...ith the available fieldbus protocols The communication system with fieldbus interfaces is connected to the safety related processor system Only devices with safe electrical separation may be connected...
Page 31: ...terface Actions allowed Defined in the programming tool Configuration of protective functions User log in Table 17 Functions of the Processor Operating System Each operating system is inspected by the...
Page 32: ...erating system statistically evaluates the frequency with which a fault occurs If the specified fault frequency is exceeded it permanently sets the module status to faulty In this way the module no lo...
Page 33: ...ocessor system without a configuration loaded or after a system fault All controller s outputs are reset the hardware watchdog has not triggered The processor system can only be rebooted using the PAD...
Page 34: ...eration for the User Program Only one user program at a time can be loaded into a given controller For this user program the following modes of operations are allowed Mode of Operation Description RUN...
Page 35: ...program cycle requires multiple CPU cycles to be completed These two scenarios are even possible if only one user program exists It is not possible to exchange global data between user programs within...
Page 36: ...e Use of the execution duration unneeded by the user program e g the difference between actual execution duration in one CPU cycle and the defined Max Duration for Each Cycle s Resource Multitasking E...
Page 37: ...ograms is possible The use of the same global variables in several user programs can lead to a variety of consequences caused by the reciprocal influence among the user programs Carefully plan the use...
Page 38: ...CPU cycle considered Max Duration for Each Cycle s of Prg 1 has expired Prg 2 starts Max Duration for Each Cycle s of Prg 2 has expired Prg 3 starts Max Duration for Each Cycle s of Prg 3 has expired...
Page 39: ...as expired Prg 3 starts Max Duration for Each Cycle s of Prg 3 has expired Prg 4 starts Max Duration for Each Cycle s of Prg 4 has expired completion of the first CPU cycle Completion of the Prg 1 cyc...
Page 40: ...ion Multitasking mode 3 allows users to verify if multitasking mode 2 ensures proper program execution even in the worst case scenario The example examines user programs named Prg 1 Prg 2 and Prg 3 t...
Page 41: ...be carefully analyzed prior to performing a reload Examples If a timer action qualifier is deleted due to the reload the timer expires immediately Depending on the remaining settings the Q outputs ca...
Page 42: ...results in initializing all variables even retain variables and all function block instances Renaming a program results in initializing all contained variables and function block instances This behav...
Page 43: ...ogram especially under special circumstances or conditions that cannot otherwise be tested Simulating unavailable sensors in cases where the initial values are not appropriate WARNING Physical injury...
Page 44: ...rocess value is used again for the variable Force Editor The SILworX Force Editor displays all the variables for which forcing is allowed Global and local variables are grouped into two different tabs...
Page 45: ...continues to be used as the new process value even after the end of the forcing process The previous process value is no longer valid Time Limits A time limit can be defined for global forcing Once t...
Page 46: ...Absolutely take the following facts into account when forcing or evaluating tests performed with forced global variables Signal force values are only valid until overwritten by the user program Howev...
Page 47: ...d Stop at Force Timeout switches cannot be changed when a controller is operating and locked i e define these settings prior to locking the controller Table 23 Force Switches and Parameters up to CPU...
Page 48: ...ace Mounting type and position must be chosen such that heat dissipation is ensured The power dissipation of the installed equipment is decisive for determining the fan components It is assumed that h...
Page 49: ...account 7 2 Installation and Mounting The safety related HIMatrix controller systems can be installed on mounting surfaces and also in closed enclosures such as control stations terminal boxes and co...
Page 50: ...with unconnected connectors 100 mm 100 mm 234 9 mm Figure 8 Minimum Clearances Applying for the HIMatrix F60 i The HIMatrix systems must be mounted such that They are not heated up by other devices wi...
Page 51: ...it can go without jamming it into the two guiding rails which are located on the housing s upper and lower part 2 Apply pressure to the upper and lower extremity of the front plate until the module pl...
Page 52: ...tage requirements A functional earth is prescribed to improve the electromagnetic compatibility EMC All HIMatrix systems can be operated with earthed L or unearthed Unearthed Operation Unearthed opera...
Page 53: ...ection Windows in the enclosure in which the HIMatrix system is installed are permitted Increased EMC interferences outside the standard limit values require appropriate measures i For improved EMC ea...
Page 54: ...gaged unplug the controller s fieldbus connectors to ensure that the fieldbus communication among other stations is not disturbed The fieldbus plugs may only be plugged in again when the controller is...
Page 55: ...rejected by the PES If the default value 0 ms is set the target cycle time is not taken into account 0 ms Application specific Target Cycle Time Mode Use of Target Cycle Time ms see Table 27 With F 0...
Page 56: ...Load Allowed ON Configuration download is allowed ON Application specific OFF Configuration download is not allowed Reload Allowed Only applicable with F 03 devices modules ON Application specific ON...
Page 57: ...eload is not processed if the target cycle time is not sufficient Table 27 Effect of Target Cycle Time Mode Notes on the Minimum Configuration Version Parameter In a new project the latest Minimum Con...
Page 58: ...erval after which a message is resent after the previous message was not acknowledged by the communication partner 300 30 000 ms Resends increase availability and compensate disturbances in the networ...
Page 59: ...ld Errors Number of current I O errors UDINT Number of Field Errors Historic Count Counted number of I O errors counter resettable UDINT Number of Field Warnings Number of current I O warnings UDINT N...
Page 60: ...nce 1970 01 01 UDINT Last System Warning s UDINT Last Field Error ms Date and time of the last I O error in s and ms since 1970 01 01 UDINT Last Field Error s UDINT Last Communication Error ms Date an...
Page 61: ...troller Value State 0x00 Normal 0x01 Error with 24 V supply voltage 0x02 Battery failure 0x04 Error with 5 V voltage of power supply 0x08 Error with 3 3 V voltage of power supply 0x10 Undervoltage wit...
Page 62: ...user program switches and parameters can be set in the Properties dialog box of the user program Switch Parameter Function Default value Setting for safe operation Name Name of the user program Arbit...
Page 63: ...eneration is compatible with SILworX V2 Table 32 System Parameters of the User Program CPU OS V7 and Higher Notes specific to the Code Generation Compatibility Parameter In a new project SILworX selec...
Page 64: ...an analog input in the user program 1 Define a global variable of type INT 2 Enter an appropriate initial value when defining the global variable 3 Assign the global variable to the channel value Valu...
Page 65: ...Outputs To write a value in the user program to an analog output 1 Define a global variable of type INT containing the value to be output 2 Enter an appropriate initial value when defining the global...
Page 66: ...the switch variables used in the example Name Type Description Remark S1_1_pulsed S1_2_pulsed BOOL BOOL Value Value First and second contact of switch 1 S2_1_pulsed S2_2_pulsed BOOL BOOL Value Value...
Page 67: ...he input module and select Detail View from the context menu 3 Change to the DI XX Channels tab 4 Drag the global variables onto the inputs to be used 5 To assign the variables to the outputs select t...
Page 68: ...ext menu The Code Generation Resource Name dialog box appears 3 Select CRC Comparison on the Code Generation Resource Name dialog box default value 4 In the Start Code Generation dialog box click OK A...
Page 69: ...ialog box appears 3 In the IP Address field select the correct address or use the MAC address 4 Enter Administrator in the User Group field 5 Let the Password field empty or cancel the password 6 Sele...
Page 70: ...ration from the flash memory for the communication system into the NVRAM 7 3 11 Cleaning up a Resource Configuration in the Flash Memory of the Communication System After temporary hardware faults the...
Page 71: ...r account Furthermore they can perform all SILworX functions Read and Write R W All SILworX functions except for the user management Read only RO Read only access i e the users may not change or archi...
Page 72: ...ame and password Creating user accounts is not required but is a contribution to a safe operation If a user management scheme is defined for a resource it must contain at least one user with administr...
Page 73: ...et the system time force restart and reset modules Start system operation for processor modules Read Write Similar to Read Operator but users may also Create programs Translate programs Load programs...
Page 74: ...system within a device or module as processor module and communication module For HIMatrix systems set the Speed Mode Mbit s and Flow Control Mode to Autoneg in the Ethernet switch settings The param...
Page 75: ...ulticast and broadcast packets 1024 kbit s Default Broadcast Table 41 Port Configuration Parameters CPU OS and Higher To modify and enter these parameters in the communication system s configuration d...
Page 76: ...iable value changes from TRUE to FALSE an event is triggered Deactivated If the global variable value changes from FALSE to TRUE an event is triggered Default value Deactivated Checkbox activated deac...
Page 77: ...esis L Alarm Value Hysteresis or H Alarm Value L Alarm Value Depending on the global variable type H Alarm Priority Priority of the high limit H default value 500 0 1000 H Alarm Acknowledgment Require...
Page 78: ...s up to V7 7 7 1 Configuring the Resource The first step is to configure the resource The parameter and switch settings associated with the configuration are stored to the NVRAM of the processor syste...
Page 79: ...ed Forcing Allowed On Off On Forcing Allowed Off Off Forcing not allowed Stop at Force Timeout On Off On STOP upon expiration of the force time On Off No STOP upon expiration of the force time Max Com...
Page 80: ...een Winter and Summer time is not supported not safe Remaining Force Time DINT ms R Remaining time during Forcing 0 ms if forcing is not active not safe Fan State BYTE 0x00 0x01 R Normal fan ON Fan de...
Page 81: ...ostart Off Cold Start Warm Start in the Properties menu for the type instance of the corresponding resource With cold start the system initializes all signal values with warm start it reads the signal...
Page 82: ...ulse delay x number of pulses The pulsed outputs are usually set to TRUE and change to FALSE in succession for the duration of the pulse delay once per cycle 7 7 4 1 Required Signals The following par...
Page 83: ...pulsed outputs is inserted must be used 3 8 7 7 4 2 Configuring Pulsed Outputs The pulsed outputs must begin with DO 01 Value and reside in direct sequence one after the other ELOP II Factory outputs...
Page 84: ...consecutive output signals T1 T4 Table 51 Connecting Signals to the Input Module s Output Signals Digital inputs pulsed channels may be arbitrarily connected to the pulsed outputs depending on the har...
Page 85: ...ctory Hardware Management 2 Select and right click the required resource The context menu for the resource appears 3 Click Online Connection Parameters The overview for the PES connection parameters a...
Page 86: ...the new user management to the controller Afterwards a user from the new user lists can log in to the controller 7 7 8 Loading a Resource Configuration from the PADT Before a user program can be loade...
Page 87: ...t in the controller see Chapter 7 7 6 After this action the Control Panel can be accessed again Select Extra Reboot Resource to restart the controller If the controller adopts the STOP VALID CONFIGURA...
Page 88: ...chapter describes how to configure communication using ELOP II Factory for processor operating systems up to V7 Depending on the application the following elements must be configured Ethernet safeeth...
Page 89: ...1 Communication System Properties CPU OS up to V7 The parameters ARP MAC Learning IP Forwarding Speed Mode and Flow Control Mode are explained in details in the ELOP II Factory online help i Replaceme...
Page 90: ...tings Limit Limit the inbound multicast and or broadcast packets Off No limitation Broadcast Limit broadcast packets 128 kbit s Multicast and Broadcast Limit multicast and broadcast packets 1024 kbit...
Page 91: ...tion Table 58 System Signal of a safeethernet Connection for Setting the Connection Control CPU OS up to V7 The following commands can be used for the Connection Control signal Command Description AUT...
Page 92: ...in the ELOP II Factory Hardware Management and select P2P Editor on the context menu to open it 2 Select the row for the required resource 3 Click the Connect System Signals button The P2P System Sign...
Page 93: ...selecting the profile Profiles I through VI are described in details in the ELOP II Factory Hardware Management online help 7 8 4 Configuring the Signals for safeethernet Communication A network toke...
Page 94: ...ransfer direction Figure 18 Example of Process Signals CPU OS up to V7 The signals for safeethernet communication are defined Monitoring the Transmitted Signals Whenever a data packet is sent the sign...
Page 95: ...ers the STOP INVALID CONFIGURATION state e g due to unauthorized access to operating system areas it restarts If the user program enters the STOP INVALID CONFIGURATION state again within roughly one m...
Page 96: ...the Online Test Allowed switch is on the values of signals variables can be manually entered in the corresponding OLT fields and thus forced However the forced values only apply until they are overwr...
Page 97: ...ribed in the communication manual Version Manual Document number CPU OS V7 and higher SILworX Communication Manual HI 801 101 E CPU OS up to V7 HIMatrix PROFIBUS DP Master Slave Manual HI 800 009 E HI...
Page 98: ...N STOP VALID CONFIGURATION STOP INVALID CONFIGURATION User log in Operating system load If the memory for the long term diagnosis is full all data older than three days is deleted allowing new entries...
Page 99: ...n the Action Bar The system log in window opens 3 In the system log in window select or enter the following information IP address of the controller User name and password The Hardware Editor s Online...
Page 100: ...xists and whether the corresponding sensor or actuator is ok 9 2 Replacing Fans HIMA recommends replacing the fans of the HIMatrix F60 on a regular basis to prevent the fans to fail At normal temperat...
Page 101: ...s not already been done 2 Log in to the controller with administrator rights 3 In ELOP II Factory Hardware Management right click the required resource 4 On the Online submenu select Control Panel The...
Page 102: ...ELOP II Factory to load the processor operating system CPU OS V7 and higher into the controller 2 Use ELOP II Factory to load the communication operating system into the controller V12 and higher 3 Us...
Page 103: ...ev 2 02 Page 103 of 114 10 Decommissioning Remove the supply voltage to decommission the modular controller Afterwards it is possible to pull out the pluggable screw terminal connector blocks for inpu...
Page 104: ...rt To avoid mechanical damage HIMatrix components must be transported in packaging Always store HIMatrix components in their original product packaging This packaging also provides protection against...
Page 105: ...v 2 02 Page 105 of 114 12 Disposal Industrial customers are responsible for correctly disposing of decommissioned HIMatrix hardware Upon request a disposal agreement can be arranged with HIMA All mate...
Page 106: ...12 Disposal System Manual Modular Systems Page 106 of 114 HI 800 191 E Rev 2 02...
Page 107: ...ive earth PELV Protective extra low voltage PES Programmable electronic system R Read The system variable or signal provides value e g to the user program Rack ID Base plate identification number Inte...
Page 108: ...9 Securing the F60 Subrack 51 Figure 10 Securing the Cables and Connecting the Shielding 52 Figure 11 Communication System Properties CPU OS up to V7 89 Figure 12 Creating a Port Configuration CPU OS...
Page 109: ...m Modes of Operation 34 Table 20 Parameters Configurable for Multitasking 36 Table 21 Reloading after Changes 42 Table 22 Effect of the Force Deactivation System Variable 46 Table 23 Force Switches an...
Page 110: ...ut Signals 84 Table 52 Connecting Signals to the Input Module s Input Signals 84 Table 53 Sub States Associated with STOP up to CPU OS V7 87 Table 54 Permissible Communication Settings for External De...
Page 111: ...age 111 of 114 Declaration of Conformity For the HIMatrix system declarations of conformity exist for the following directives EMC Directive Low Voltage Directive EX Directive The current declarations...
Page 112: ...creation F 03 22 definition F 03 75 in general CPU 03 22 recording F 03 23 faults internal 32 permanent in connection with I Os 32 reaction to 31 temporary in connection with I Os 32 forcing restricti...
Page 113: ......
Page 114: ...336 HIMA Paul Hildebrandt GmbH Co KG P O Box 1261 68777 Br hl Germany Phone 49 6202 709 0 Fax 49 6202 709 107 E mail info hima com Internet www hima com HI 800 191 E by HIMA Paul Hildebrandt GmbH Co K...
