HIMatrix
Safety-Related Controller
System Manual Modular Systems
HIMA Paul Hildebrandt GmbH + Co KG
Industrial Automation
Rev. 2.02
HI 800 191 E
Страница 1: ...HIMatrix Safety Related Controller System Manual Modular Systems HIMA Paul Hildebrandt GmbH Co KG Industrial Automation Rev 2 02 HI 800 191 E...
Страница 2: ...y the written material without prior notice For further information refer to the HIMA DVD and our website http www hima de and http www hima com Copyright 2013 HIMA Paul Hildebrandt GmbH Co KG All rig...
Страница 3: ...nical Requirements 15 2 2 1 3 EMC Requirements 15 2 2 1 4 Power Supply 16 2 2 2 Noxious Gases 16 2 3 Tasks and Responsibilities of Operators and Machine and System Manufacturers 16 2 3 1 Connection of...
Страница 4: ...erating System 31 5 2 Indication of the Operating System Versions 31 5 2 1 SILworX 31 5 2 2 ELOP II Factory 31 5 3 Behavior in the Event of Faults 31 5 3 1 Permanent Faults on Inputs or Outputs 32 5 3...
Страница 5: ...hernet Interfaces 62 7 3 3 Configuring the User Program 62 7 3 4 Configuring the Inputs and Outputs 63 7 3 5 Configure Line Control 65 7 3 5 1 Required Variables 65 7 3 5 2 Configuring Pulsed Outputs...
Страница 6: ...ction 92 7 8 4 Configuring the Signals for safeethernet Communication 93 7 9 Handling the User Program 95 7 9 1 Setting the Parameters and the Switches 95 7 9 2 Starting the Program from STOP VALID CO...
Страница 7: ...System Manual Modular Systems Table of Contents HI 800 191 E Rev 2 02 Page 7 of 114 Index of Figures 108 Index of Tables 109 Declaration of Conformity 111 Index 112...
Страница 8: ...Table of Contents System Manual Modular Systems Page 8 of 114 HI 800 191 E Rev 2 02...
Страница 9: ...y be used for the intended applications under the specified environmental conditions and only in connection with approved external devices 1 1 Structure and Use of the Document This system manual is c...
Страница 10: ...Document number HIMatrix Safety Manual Safety functions of the HIMatrix system HI 800 023 E SILworX Communication Manual Description of the communication protocols ComUserTask and their configuration...
Страница 11: ...are designated by capitals Chapter 1 2 3 Cross references are hyperlinks even if they are not particularly marked When the cursor hovers over a hyperlink it changes its shape Click the hyperlink to ju...
Страница 12: ...appear as follows TIP The tip text is located here 1 4 Service and Training Deadlines and the extent of actions for commissioning testing and modifying controller systems can be agreed with the servic...
Страница 13: ...ip principle adopts the de energized state if a fault occurs 2 1 1 2 Application in Accordance with the Energize to Trip Principle The HIMatrix controllers can be used in applications that operate in...
Страница 14: ...owing standards for EMC climatic and environmental requirements Standard Content IEC EN 61131 2 2007 Programmable controllers Part 2 Equipment requirements and tests IEC EN 61000 6 2 2005 EMC Generic...
Страница 15: ...bration immunity test 5 9 Hz 3 5 mm 9 150 Hz 1 g EUT in operation 10 cycles per axis Shock immunity test 15 g 11 ms EUT in operation 3 shocks per axis 18 shocks Table 7 Mechanical Tests 2 2 1 3 EMC Re...
Страница 16: ...ons in environments with noxious gas concentrations as described in the following standards ANSI ISA S71 04 1985 Corrosive gases Class G3 DIN EN 60068 2 60 1996 also IEC 68 2 60 1995 With noxious gas...
Страница 17: ...tected from electrostatic discharge e g by storing them in their packaging 2 5 Residual Risk No imminent risk results from a modular HIMatrix F60 system itself Residual risk may result from Faults rel...
Страница 18: ...n the module s front plate are used to connect sensors and actuators The modules indicate the status of digital signals via LEDs located next to the clamps 3 1 1 Inputs The module s input channels are...
Страница 19: ...module is indicated as faulty The outputs are set to the safe de energized state NOTE Controller damage Do not plug the terminals for output circuits if a load is connected If short circuits are prese...
Страница 20: ...Open circuit or open contacts i e including when one of the two EMERGENCY STOP switches mentioned above has been engaged the FAULT LED blinks and the error code is created If such a fault occurs the f...
Страница 21: ...mperature range Temperature State BYTE 60 C Normal 0x00 60 C 70 C High temperature 0x01 70 C Very high temperature 0x03 Back to 64 C 54 C 1 High temperature 0x01 Back to 54 C 1 Normal 0x00 1 The hyste...
Страница 22: ...evaluate the events HIMatrix differentiates between Boolean and scalar events Boolean events Changes of Boolean variables e g of digital inputs Alarm and normal state They can be arbitrarily assigned...
Страница 23: ...is full no new events can be stored as long as no further events are read and thus marked as to be overwritten 3 5 4 Transfer of Events The X OPC server readout events from buffer and transfers this t...
Страница 24: ...Page 24 of 114 HI 800 191 E Rev 2 02 The software activation code is intrinsically tied to this system ID One license can only be used one time for a specific system ID For this reason only activate t...
Страница 25: ...ls used in the project invalid configuration Order the software activation code on time The software activation code can be generated on the HIMA website using the system ID of the controller value 1...
Страница 26: ...E Rev 2 02 Example of other F60 PADT Superior safeethernet PADT Figure 3 safeethernet Ethernet Networking Example The different systems can be connected to one another via Ethernet in any configuratio...
Страница 27: ...ation data is transferred over multiple cycles number of communication time slices 1 i When calculating the maximum response times allowed the number of communication time slices must be equal to 1 se...
Страница 28: ...s communication the slave address and a CRC checksum are transferred in addition to the instruction code and data while in a Modbus TCP this function is assumed by the subordinate TCP protocol For fur...
Страница 29: ...tional without fieldbus submodule 4 3 1 Equipment of Fieldbus Interfaces with Fieldbus Submodules The two fieldbus interfaces FB1 and FB2 of the processor module can be freely equipped with fieldbus s...
Страница 30: ...ith the available fieldbus protocols The communication system with fieldbus interfaces is connected to the safety related processor system Only devices with safe electrical separation may be connected...
Страница 31: ...terface Actions allowed Defined in the programming tool Configuration of protective functions User log in Table 17 Functions of the Processor Operating System Each operating system is inspected by the...
Страница 32: ...erating system statistically evaluates the frequency with which a fault occurs If the specified fault frequency is exceeded it permanently sets the module status to faulty In this way the module no lo...
Страница 33: ...ocessor system without a configuration loaded or after a system fault All controller s outputs are reset the hardware watchdog has not triggered The processor system can only be rebooted using the PAD...
Страница 34: ...eration for the User Program Only one user program at a time can be loaded into a given controller For this user program the following modes of operations are allowed Mode of Operation Description RUN...
Страница 35: ...program cycle requires multiple CPU cycles to be completed These two scenarios are even possible if only one user program exists It is not possible to exchange global data between user programs within...
Страница 36: ...e Use of the execution duration unneeded by the user program e g the difference between actual execution duration in one CPU cycle and the defined Max Duration for Each Cycle s Resource Multitasking E...
Страница 37: ...ograms is possible The use of the same global variables in several user programs can lead to a variety of consequences caused by the reciprocal influence among the user programs Carefully plan the use...
Страница 38: ...CPU cycle considered Max Duration for Each Cycle s of Prg 1 has expired Prg 2 starts Max Duration for Each Cycle s of Prg 2 has expired Prg 3 starts Max Duration for Each Cycle s of Prg 3 has expired...
Страница 39: ...as expired Prg 3 starts Max Duration for Each Cycle s of Prg 3 has expired Prg 4 starts Max Duration for Each Cycle s of Prg 4 has expired completion of the first CPU cycle Completion of the Prg 1 cyc...
Страница 40: ...ion Multitasking mode 3 allows users to verify if multitasking mode 2 ensures proper program execution even in the worst case scenario The example examines user programs named Prg 1 Prg 2 and Prg 3 t...
Страница 41: ...be carefully analyzed prior to performing a reload Examples If a timer action qualifier is deleted due to the reload the timer expires immediately Depending on the remaining settings the Q outputs ca...
Страница 42: ...results in initializing all variables even retain variables and all function block instances Renaming a program results in initializing all contained variables and function block instances This behav...
Страница 43: ...ogram especially under special circumstances or conditions that cannot otherwise be tested Simulating unavailable sensors in cases where the initial values are not appropriate WARNING Physical injury...
Страница 44: ...rocess value is used again for the variable Force Editor The SILworX Force Editor displays all the variables for which forcing is allowed Global and local variables are grouped into two different tabs...
Страница 45: ...continues to be used as the new process value even after the end of the forcing process The previous process value is no longer valid Time Limits A time limit can be defined for global forcing Once t...
Страница 46: ...Absolutely take the following facts into account when forcing or evaluating tests performed with forced global variables Signal force values are only valid until overwritten by the user program Howev...
Страница 47: ...d Stop at Force Timeout switches cannot be changed when a controller is operating and locked i e define these settings prior to locking the controller Table 23 Force Switches and Parameters up to CPU...
Страница 48: ...ace Mounting type and position must be chosen such that heat dissipation is ensured The power dissipation of the installed equipment is decisive for determining the fan components It is assumed that h...
Страница 49: ...account 7 2 Installation and Mounting The safety related HIMatrix controller systems can be installed on mounting surfaces and also in closed enclosures such as control stations terminal boxes and co...
Страница 50: ...with unconnected connectors 100 mm 100 mm 234 9 mm Figure 8 Minimum Clearances Applying for the HIMatrix F60 i The HIMatrix systems must be mounted such that They are not heated up by other devices wi...
Страница 51: ...it can go without jamming it into the two guiding rails which are located on the housing s upper and lower part 2 Apply pressure to the upper and lower extremity of the front plate until the module pl...
Страница 52: ...tage requirements A functional earth is prescribed to improve the electromagnetic compatibility EMC All HIMatrix systems can be operated with earthed L or unearthed Unearthed Operation Unearthed opera...
Страница 53: ...ection Windows in the enclosure in which the HIMatrix system is installed are permitted Increased EMC interferences outside the standard limit values require appropriate measures i For improved EMC ea...
Страница 54: ...gaged unplug the controller s fieldbus connectors to ensure that the fieldbus communication among other stations is not disturbed The fieldbus plugs may only be plugged in again when the controller is...
Страница 55: ...rejected by the PES If the default value 0 ms is set the target cycle time is not taken into account 0 ms Application specific Target Cycle Time Mode Use of Target Cycle Time ms see Table 27 With F 0...
Страница 56: ...Load Allowed ON Configuration download is allowed ON Application specific OFF Configuration download is not allowed Reload Allowed Only applicable with F 03 devices modules ON Application specific ON...
Страница 57: ...eload is not processed if the target cycle time is not sufficient Table 27 Effect of Target Cycle Time Mode Notes on the Minimum Configuration Version Parameter In a new project the latest Minimum Con...
Страница 58: ...erval after which a message is resent after the previous message was not acknowledged by the communication partner 300 30 000 ms Resends increase availability and compensate disturbances in the networ...
Страница 59: ...ld Errors Number of current I O errors UDINT Number of Field Errors Historic Count Counted number of I O errors counter resettable UDINT Number of Field Warnings Number of current I O warnings UDINT N...
Страница 60: ...nce 1970 01 01 UDINT Last System Warning s UDINT Last Field Error ms Date and time of the last I O error in s and ms since 1970 01 01 UDINT Last Field Error s UDINT Last Communication Error ms Date an...
Страница 61: ...troller Value State 0x00 Normal 0x01 Error with 24 V supply voltage 0x02 Battery failure 0x04 Error with 5 V voltage of power supply 0x08 Error with 3 3 V voltage of power supply 0x10 Undervoltage wit...
Страница 62: ...user program switches and parameters can be set in the Properties dialog box of the user program Switch Parameter Function Default value Setting for safe operation Name Name of the user program Arbit...
Страница 63: ...eneration is compatible with SILworX V2 Table 32 System Parameters of the User Program CPU OS V7 and Higher Notes specific to the Code Generation Compatibility Parameter In a new project SILworX selec...
Страница 64: ...an analog input in the user program 1 Define a global variable of type INT 2 Enter an appropriate initial value when defining the global variable 3 Assign the global variable to the channel value Valu...
Страница 65: ...Outputs To write a value in the user program to an analog output 1 Define a global variable of type INT containing the value to be output 2 Enter an appropriate initial value when defining the global...
Страница 66: ...the switch variables used in the example Name Type Description Remark S1_1_pulsed S1_2_pulsed BOOL BOOL Value Value First and second contact of switch 1 S2_1_pulsed S2_2_pulsed BOOL BOOL Value Value...
Страница 67: ...he input module and select Detail View from the context menu 3 Change to the DI XX Channels tab 4 Drag the global variables onto the inputs to be used 5 To assign the variables to the outputs select t...
Страница 68: ...ext menu The Code Generation Resource Name dialog box appears 3 Select CRC Comparison on the Code Generation Resource Name dialog box default value 4 In the Start Code Generation dialog box click OK A...
Страница 69: ...ialog box appears 3 In the IP Address field select the correct address or use the MAC address 4 Enter Administrator in the User Group field 5 Let the Password field empty or cancel the password 6 Sele...
Страница 70: ...ration from the flash memory for the communication system into the NVRAM 7 3 11 Cleaning up a Resource Configuration in the Flash Memory of the Communication System After temporary hardware faults the...
Страница 71: ...r account Furthermore they can perform all SILworX functions Read and Write R W All SILworX functions except for the user management Read only RO Read only access i e the users may not change or archi...
Страница 72: ...ame and password Creating user accounts is not required but is a contribution to a safe operation If a user management scheme is defined for a resource it must contain at least one user with administr...
Страница 73: ...et the system time force restart and reset modules Start system operation for processor modules Read Write Similar to Read Operator but users may also Create programs Translate programs Load programs...
Страница 74: ...system within a device or module as processor module and communication module For HIMatrix systems set the Speed Mode Mbit s and Flow Control Mode to Autoneg in the Ethernet switch settings The param...
Страница 75: ...ulticast and broadcast packets 1024 kbit s Default Broadcast Table 41 Port Configuration Parameters CPU OS and Higher To modify and enter these parameters in the communication system s configuration d...
Страница 76: ...iable value changes from TRUE to FALSE an event is triggered Deactivated If the global variable value changes from FALSE to TRUE an event is triggered Default value Deactivated Checkbox activated deac...
Страница 77: ...esis L Alarm Value Hysteresis or H Alarm Value L Alarm Value Depending on the global variable type H Alarm Priority Priority of the high limit H default value 500 0 1000 H Alarm Acknowledgment Require...
Страница 78: ...s up to V7 7 7 1 Configuring the Resource The first step is to configure the resource The parameter and switch settings associated with the configuration are stored to the NVRAM of the processor syste...
Страница 79: ...ed Forcing Allowed On Off On Forcing Allowed Off Off Forcing not allowed Stop at Force Timeout On Off On STOP upon expiration of the force time On Off No STOP upon expiration of the force time Max Com...
Страница 80: ...een Winter and Summer time is not supported not safe Remaining Force Time DINT ms R Remaining time during Forcing 0 ms if forcing is not active not safe Fan State BYTE 0x00 0x01 R Normal fan ON Fan de...
Страница 81: ...ostart Off Cold Start Warm Start in the Properties menu for the type instance of the corresponding resource With cold start the system initializes all signal values with warm start it reads the signal...
Страница 82: ...ulse delay x number of pulses The pulsed outputs are usually set to TRUE and change to FALSE in succession for the duration of the pulse delay once per cycle 7 7 4 1 Required Signals The following par...
Страница 83: ...pulsed outputs is inserted must be used 3 8 7 7 4 2 Configuring Pulsed Outputs The pulsed outputs must begin with DO 01 Value and reside in direct sequence one after the other ELOP II Factory outputs...
Страница 84: ...consecutive output signals T1 T4 Table 51 Connecting Signals to the Input Module s Output Signals Digital inputs pulsed channels may be arbitrarily connected to the pulsed outputs depending on the har...
Страница 85: ...ctory Hardware Management 2 Select and right click the required resource The context menu for the resource appears 3 Click Online Connection Parameters The overview for the PES connection parameters a...
Страница 86: ...the new user management to the controller Afterwards a user from the new user lists can log in to the controller 7 7 8 Loading a Resource Configuration from the PADT Before a user program can be loade...
Страница 87: ...t in the controller see Chapter 7 7 6 After this action the Control Panel can be accessed again Select Extra Reboot Resource to restart the controller If the controller adopts the STOP VALID CONFIGURA...
Страница 88: ...chapter describes how to configure communication using ELOP II Factory for processor operating systems up to V7 Depending on the application the following elements must be configured Ethernet safeeth...
Страница 89: ...1 Communication System Properties CPU OS up to V7 The parameters ARP MAC Learning IP Forwarding Speed Mode and Flow Control Mode are explained in details in the ELOP II Factory online help i Replaceme...
Страница 90: ...tings Limit Limit the inbound multicast and or broadcast packets Off No limitation Broadcast Limit broadcast packets 128 kbit s Multicast and Broadcast Limit multicast and broadcast packets 1024 kbit...
Страница 91: ...tion Table 58 System Signal of a safeethernet Connection for Setting the Connection Control CPU OS up to V7 The following commands can be used for the Connection Control signal Command Description AUT...
Страница 92: ...in the ELOP II Factory Hardware Management and select P2P Editor on the context menu to open it 2 Select the row for the required resource 3 Click the Connect System Signals button The P2P System Sign...
Страница 93: ...selecting the profile Profiles I through VI are described in details in the ELOP II Factory Hardware Management online help 7 8 4 Configuring the Signals for safeethernet Communication A network toke...
Страница 94: ...ransfer direction Figure 18 Example of Process Signals CPU OS up to V7 The signals for safeethernet communication are defined Monitoring the Transmitted Signals Whenever a data packet is sent the sign...
Страница 95: ...ers the STOP INVALID CONFIGURATION state e g due to unauthorized access to operating system areas it restarts If the user program enters the STOP INVALID CONFIGURATION state again within roughly one m...
Страница 96: ...the Online Test Allowed switch is on the values of signals variables can be manually entered in the corresponding OLT fields and thus forced However the forced values only apply until they are overwr...
Страница 97: ...ribed in the communication manual Version Manual Document number CPU OS V7 and higher SILworX Communication Manual HI 801 101 E CPU OS up to V7 HIMatrix PROFIBUS DP Master Slave Manual HI 800 009 E HI...
Страница 98: ...N STOP VALID CONFIGURATION STOP INVALID CONFIGURATION User log in Operating system load If the memory for the long term diagnosis is full all data older than three days is deleted allowing new entries...
Страница 99: ...n the Action Bar The system log in window opens 3 In the system log in window select or enter the following information IP address of the controller User name and password The Hardware Editor s Online...
Страница 100: ...xists and whether the corresponding sensor or actuator is ok 9 2 Replacing Fans HIMA recommends replacing the fans of the HIMatrix F60 on a regular basis to prevent the fans to fail At normal temperat...
Страница 101: ...s not already been done 2 Log in to the controller with administrator rights 3 In ELOP II Factory Hardware Management right click the required resource 4 On the Online submenu select Control Panel The...
Страница 102: ...ELOP II Factory to load the processor operating system CPU OS V7 and higher into the controller 2 Use ELOP II Factory to load the communication operating system into the controller V12 and higher 3 Us...
Страница 103: ...ev 2 02 Page 103 of 114 10 Decommissioning Remove the supply voltage to decommission the modular controller Afterwards it is possible to pull out the pluggable screw terminal connector blocks for inpu...
Страница 104: ...rt To avoid mechanical damage HIMatrix components must be transported in packaging Always store HIMatrix components in their original product packaging This packaging also provides protection against...
Страница 105: ...v 2 02 Page 105 of 114 12 Disposal Industrial customers are responsible for correctly disposing of decommissioned HIMatrix hardware Upon request a disposal agreement can be arranged with HIMA All mate...
Страница 106: ...12 Disposal System Manual Modular Systems Page 106 of 114 HI 800 191 E Rev 2 02...
Страница 107: ...ive earth PELV Protective extra low voltage PES Programmable electronic system R Read The system variable or signal provides value e g to the user program Rack ID Base plate identification number Inte...
Страница 108: ...9 Securing the F60 Subrack 51 Figure 10 Securing the Cables and Connecting the Shielding 52 Figure 11 Communication System Properties CPU OS up to V7 89 Figure 12 Creating a Port Configuration CPU OS...
Страница 109: ...m Modes of Operation 34 Table 20 Parameters Configurable for Multitasking 36 Table 21 Reloading after Changes 42 Table 22 Effect of the Force Deactivation System Variable 46 Table 23 Force Switches an...
Страница 110: ...ut Signals 84 Table 52 Connecting Signals to the Input Module s Input Signals 84 Table 53 Sub States Associated with STOP up to CPU OS V7 87 Table 54 Permissible Communication Settings for External De...
Страница 111: ...age 111 of 114 Declaration of Conformity For the HIMatrix system declarations of conformity exist for the following directives EMC Directive Low Voltage Directive EX Directive The current declarations...
Страница 112: ...creation F 03 22 definition F 03 75 in general CPU 03 22 recording F 03 23 faults internal 32 permanent in connection with I Os 32 reaction to 31 temporary in connection with I Os 32 forcing restricti...
Страница 113: ......
Страница 114: ...336 HIMA Paul Hildebrandt GmbH Co KG P O Box 1261 68777 Br hl Germany Phone 49 6202 709 0 Fax 49 6202 709 107 E mail info hima com Internet www hima com HI 800 191 E by HIMA Paul Hildebrandt GmbH Co K...
