Parameterizing AS-i Gateways in EcoStruxure Machine Expert

Parameterizing AS-i Gateways in EcoStruxure Machine Expert - Safety

This topic describes the AS-i Gateway-related settings to be made in EcoStruxure Machine Expert - Safety. It contains the following information:

Confirming added AS-i Gateways in EcoStruxure Machine Expert - Safety

How to parameterize an AS-i Gateway in EcoStruxure Machine Expert - Safety

Parameter group: Basic

Parameter group: SafetyResponseTime

Parameter group: SafetyConfiguration

NOTE:

Observe the notes given in section "Notes on distributed automation systems" when parameterizing AS-i Gateway devices.

Confirming added AS-i Gateways in EcoStruxure Machine Expert - Safety

After having added an AS-i Gateway to the bus structure in EcoStruxure Machine Expert and inserting the '8 Bytes Safe Sercos Data' device object, the AS-i Gateway is automatically integrated into the safety-related project. When opening the safety-related project, the list of safety-related devices is synchronized between EcoStruxure Machine Expert and EcoStruxure Machine Expert - Safety. This device synchronization is repeated cyclically as long as the project remains open in EcoStruxure Machine Expert - Safety. When inserting safety-related AS-i Gateways, this insertion must be manually confirmed in EcoStruxure Machine Expert - Safety.

Proceed as follows:

In EcoStruxure Machine Expert, start EcoStruxure Machine Expert - Safety by right-clicking the Safety Logic Controller icon in the 'Devices' tree, and selecting 'EcoStruxure Machine Expert - Safety > Start EcoStruxure Machine Expert - Safety' from the contextual menu.
Login to EcoStruxure Machine Expert - Safety at development access level.
The 'Confirm changed SDIO Devices' dialog appears.

Confirm each inserted AS-i Gateway by selecting the corresponding checkbox and then confirm the dialog with 'OK'. (See numbers (1) and (2) in the following example.)

If you reject the modifications in the device list by clicking 'Cancel', EcoStruxure Machine Expert - Safety is closed.

Example

After the confirmation, the added AS-i Gateways appear as Safety Logic Controller subslots in the EcoStruxure Machine Expert - Safety devices tree ('Devices' window).

Example: AS-i Gateway with device ID SL1.SM2
Parameterize the AS-i Gateway device(s) as described in the following section.

Further Information

The steps how to use, i.e., insert the input and output bits provided by the '8 Bytes Safe Sercos Data' device object into the safety-related code (thus reading the AS-i device status and writing their outputs) are described in the topic "Evaluating and Writing to AS-i I/O Devices in EcoStruxure Machine Expert - Safety"

How to parameterize an AS-i Gateway in EcoStruxure Machine Expert - Safety

You are going to set up a highly distributed system which consists of an AS-i application executed by the AS-i Gateway, a standard (non-safety-related) LMC (PacDrive3) application, and a safety-related SLC application. Keep in mind that the extension of your safety-related application by the AS-i field bus level may influence the function, performance, and overall response time of your system application. There is no superordinate, controller-spanning verification instance (or compiler) that verifies whether the various logics (Gateway, LMC, SLC) in the distributed controller application interact correctly. It is the responsibility of the user to ensure the correct interaction and to avoid any hazardous situation.

In particular, the total safety response time of the entire system has to be inspected and verified precisely as the integration of the AS-i field bus with connected AS-i slaves extends the total safety response time.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify that the safety-related parameters correspond to your risk analysis and consider each possible operating mode and scenario the safety-related application should cover.

Verify that the safety response time of the entire system includes the response times specific to the AS-i Gateway with its connected AS-i I/O slaves.

Validate the total lag-time of the system and thoroughly test the application controlling for lag-time.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

NOTE:

The Safety Logic Controller does not recognize the AS-i slaves (I/O devices) connected to the AS-i field bus. It only communicates with the AS-i Gateway as a Sercos subscriber. Therefore, the safety-related parameters to be set in EcoStruxure Machine Expert - Safety only relate to the functionality of the AS-i Gateway as a Sercos bus device. The AS-i I/O slaves cannot be parameterized in EcoStruxure Machine Expert - Safety.

In the devices tree ('Devices' window), left-click the AS-i Gateway to be parameterized. The parameters are now visible in the Device Parameterization editor on the right of the devices tree in the 'Devices' window.

Example
Set the parameters in the groups 'Basic', 'SafetyResponseTime', and 'SafetyConfiguration'. These parameters are described in the sections below.

Parameter group: Basic

Parameter: MinRequiredFWRev

Default value

Basic Release

Unit

-/-

Description

This parameter is only relevant in case of implementing other firmware versions than the manufacturer-loaded version.

To enter the operational state, the firmware version parameterized here or a newer version must be installed on the module.

The entry 'Test Version' identifies a device firmware version which is not yet released. A safety-related application cannot get approval if devices with a firmware test version are involved.

Parameter: Optional

Default value	No
Unit	-/-
Description	The module can be configured as optional using this parameter. Optional modules do not have to be available (physically present or communicative), i.e., if an optional module is unavailable, this is not signaled by the Safety Logic Controller. This parameter does not influence the module signal or status data.
Possible values	No: This module is not optional. This module has to go to Operational mode after start-up and safety-related communication to the Safety Logic Controller has to be established successfully (indicated by SafeModulOK = SAFETRUE). Processing of the safety-related application on the Safety Logic Controller is delayed after start-up until this state is achieved for the modules set to 'Optional = No'. After start-up, errors on such safety-related modules are indicated by a fast flashing MXCHG LED on the Safety Logic Controller. Furthermore, an entry is made in the logbook. Yes: This module is optional, i.e.,not necessary for the safety-related application. This module is not taken into consideration during start-up, which means that the safety-related application is started even if the modules with 'Optional = Yes' are not in Operational mode or if safety-related communication is unsuccessful. After start-up, errors on such safety-related modules are NOT indicated on the Safety Logic Controller. NO entry is made in the logbook. Start-up: This module is optional, decisions regarding its further behavior are made during start-up: If, during start-up, it is determined that the module is physically present (even if it is not in Operational mode), then the module behaves as if 'Optional = No' was set. If, during start-up, it is determined that the module is not physically present, the module behaves as if 'Optional = Yes' was set.

The Optional parameter is a mechanism to scale your safety-related system for various configurations of your machine design. However, it may be the case that the module(s) that you have designated as optional may be required in some of your alternate machine configurations.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify by means of functional tests that those modules that have the Optional parameter set to 'Yes' or 'Start-up' are available if and when required in alternate machine configurations.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Parameter group: SafetyResponseTime

The safety response time is the time between the arrival of the sensor signal on the input channel of a safety-related input module and the shut-off signal at the output channel of a safety-related module.

The response time calculated in EcoStruxure Machine Expert - Safety does not include response times specific to the AS-i Gateway with its connected AS-i I/O slaves. It only considers the response time of the PacDrive 3 system until the transfer of the I/O image within the AS-i Gateway.

This means: by integrating an AS-i Gateway with connected AS-i slaves, the total safety response time is extended.

In the 'Response Time Calculator' dialog in EcoStruxure Machine Expert - Safety ('Project > Response time calculator' menu item), this is indicated as follows: after selecting an AS-i Gateway (third-party device) as input or/and output module, a message appears in the dialog informing you that the response times of the AS-i Gateway and the connected AS-i slaves have to be added manually to the calculated response time in order to determine the total system response time.

This AS-i specific response time is referred to as t_{RT AS-i} in the following figure. t_{RT AS-i} must include the AS-i bus cycle time, transfer times between Sercos and AS-i bus, processing time in sensor, and application processing in AS-i Gateway (depending on your application).

Further Information

Refer to the documentation provided by Bihl+Wiedemann for details regarding the calculation and determination of AS-i specific response times.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify that the safety response time of the entire system includes the response times specific to the AS-i Gateway with its connected AS-i I/O slaves.

Validate the total lag-time of the system and thoroughly test the application controlling for lag-time.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

The parameters in this group influence the safety response time of the Safety Logic Controller system.

The parameters CommunicationWatchdog, MinDataTransportTime, and MaxDataTransportTime in this group are only applied to the module if ManualConfiguration is set to 'Yes'.

Parameter: ManualConfiguration

Default value	No
Unit	-/-
Description	Specifies whether the module uses its safety response time-relevant parameters (CommunicationWatchdog, MinDataTransportTime, and MaxDataTransportTime) or the values specified in the 'SafetyResponseTimeDefaults' parameter group of the Safety Logic Controller. Managing parameters per module optimizes the system to application-specific requirements regarding the safety response time.
Parameter value	No: The module inherits the CommunicationWatchdog, MinDataTransportTime, and MaxDataTransportTime values from the 'SafetyResponseTimeDefaults' parameter group of the Safety Logic Controller. Yes: The module uses its own parameter values.

Parameter: MinDataTransportTime

Default value	12
Unit	100 µs
Description	Defines the minimum time that is required to transmit a data telegram from a producer to a consumer. If a telegram is received earlier (by the consumer) than specified by this parameter value, communication is considered as invalid. EcoStruxure Machine Expert - Safety provides a calculator dialog to determine this parameter value. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. Each telegram includes a time stamp for time validation of the communication. On receipt of a telegram, the consumer compares this time stamp with the current time. If the schedule is kept, the communication is considered as valid. If a telegram is received earlier than defined by this parameter, communication is considered as invalid and is not further processed. The 'SafeModuleOK' process data item also becomes SAFEFALSE indicating that the safety-related communication of the module is no longer valid. The implications for the rest of the safety-related systems depend on the defined safety-related function.
Value calculation	How to calculate the module-specific MinDataTransportTime value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog, open the 'Manual' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in EcoStruxure Machine Expert is used to calculate the MinDataTransportTime (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. The 'Ring/Double Line' checkbox only influences the MaxDataTransportTime value. The 'Ring/Double Line' checkbox does not influence the MinDataTransportTime value. An entered 'Network Package Loss' does not influence the MinDataTransportTime but only the CommunicationWatchdog value. The 'System Parameters' section is read-only and displays system/module properties set in EcoStruxure Machine Expert. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. The calculated module-specific MinDataTransportTime value is displayed in the 'Result' section. Note the resulting value and enter the value for the MinDataTransportTime parameter in the module parameter grid.
Practical values	Entering the MinDataTransportTime value calculated in EcoStruxure Machine Expert - Safety results in a stable running system. Permissible value range: 12-500

Parameter: MaxDataTransportTime

Default value	250
Unit	100 µs
Description	Defines the maximum time that is allowed to transmit a data telegram from a producer to a consumer. If a telegram is received later (by the consumer) than specified by this parameter value, communication is considered as invalid. EcoStruxure Machine Expert - Safety provides a calculator dialog to determine this parameter value. NOTE: The parameter value influences the safety response time calculated by EcoStruxure Machine Expert - Safety. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. Each telegram includes a time stamp for time validation of the communication. On receipt of a telegram, the consumer compares this time stamp with the current time. If the schedule is kept, the communication is considered as valid. If a telegram is received later than defined by this parameter, communication is considered as invalid and is not further processed. The implications for the rest of the safety-related systems depend on the defined safety-related function.
Value calculation	How to calculate the module-specific MaxDataTransportTime value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog, open the 'Manual' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in EcoStruxure Machine Expert is to be used to calculate the MaxDataTransportTime (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. 'Ring/Double Line' checkbox: Ring and double line bus structures require greater parameter values in order to implement a stable running system. Check 'Ring/Double Line' to take into account the bus structure. It is activated by default which is suitable for a ring bus structure and a double line bus structure. If you are implementing a line structure, the checkbox can be deactivated to decrease the resulting parameter value. Values calculated for a ring/double line structure can be used for a line structure but not vice versa. An entered 'Network Package Loss' does not influence the MaxDataTransportTime but only the CommunicationWatchdog value. The calculated MaxDataTransportTime value is displayed for the module. Module-specific parameters (such as cycle times, set in EcoStruxure Machine Expert) are also displayed in the grid for information purposes. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. Note the resulting value for the module and enter the appropriate value into the MaxDataTransportTime parameter grid field of the module.
Practical values	Entering the MaxDataTransportTime value calculated in EcoStruxure Machine Expert - Safety results in a stable running system. Permissible value range: 12-65,000

Parameter: CommunicationWatchdog

Default value	200
Unit	100 µs
Description	Defines the maximum time period within which a consumer must receive a valid data telegram from a producer in order to consider the safety-related communication as valid and continue the application. The parameter sets a watchdog timer which then monitors whether a consumer receives telegrams from a producer in time. If the watchdog expires, communication is considered as invalid. EcoStruxure Machine Expert - Safety provides a calculator to determine this parameter value. NOTE: The parameter value influences the safety response time calculated by EcoStruxure Machine Expert - Safety. Term definition and background information According to the openSAFETY specification, devices (safety-related I/O modules as well as the Safety Logic Controller) communicate by sending and receiving cyclic data, referred to as openSAFETY telegrams. A telegram generating (sending) device is designated as producer, a receiving device is a consumer. The CommunicationWatchdog value physically depends on the transport time needed for the telegram to be transmitted from a producer to a consumer and influences the worst case response time of the system. The calculated parameter value therefore depends on the MaxDataTransportTime parameter value. If the consumer receives the telegram in time (communication watchdog is not yet expired and the transmission time is within the period specified by the parameters MinDataTransportTime and MaxDataTransportTime), the watchdog timer is restarted and communication is considered as valid. The time stamp contained in the received telegram is not evaluated, only the receipt of a valid telegram is relevant. If no telegram is received (due to delay or loss) and the communication watchdog expires in the consumer, the module is set to the defined safe state. The 'SafeModuleOK' process data item also becomes SAFEFALSE indicating that the safety-related communication of the module is no longer valid.
Value calculation	How to calculate the module-specific CommunicationWatchdog value Select 'Project > Response Time Relevant Parameters'. In the appearing dialog, open the 'Manual' tab. Section 'Variable Parameters': If a differing Sercos III cycle time than set in EcoStruxure Machine Expert is to be used to calculate the CommunicationWatchdog value (e.g., to take cycle time modifications by the application program into account), check 'Make Selectable' and select or enter the desired 'Sercos III Cycle Time'. 'Ring/Double Line' checkbox: Ring and double line bus structures require higher parameter values in order to implement a stable running system. Check 'Ring/Double Line' to take into account the bus structure. It is activated by default which is suitable for a ring or double line bus structure. If you are implementing a line structure, the checkbox can be deactivated to decrease the resulting parameter value. Values calculated for a ring/double line structure can be used for a line structure but not vice versa. By increasing the number of allowed package losses, the system can be more tolerant. This increases the calculated minimum watchdog interval. Enter an integer value (range 0..99) for the number of telegrams that can be lost for the present module. The entered value is applied to the safety-related modules involved. The calculated CommunicationWatchdog value is displayed for the module. Module-specific parameters (such as cycle times, set in EcoStruxure Machine Expert) are also displayed in the grid for information purposes. When modifying these parameters while the dialog is open, the values are updated automatically without closing the calculator dialog. Note the resulting value for the module and enter the appropriate value into the CommunicationWatchdog parameter grid field of the module.
Practical values	For the CommunicationWatchdog value which you have to enter in the parameter grid ('Devices' window), the following applies: For commissioning a system, the CommunicationWatchdog value should be equal to or greater than the largest cycle time of the system (for example, the SercosIII cycle time). A value greater than the calculated CommunicationWatchdog value increases the system availability but also increases the overall worst case response time (thus increasing the required physical distances for mounting safety barrier and perimeter equipment at the machine). Permissible value range: 1-65,535

Parameter group: SafetyConfiguration

Parameter: ConfigID

Each AS-i application is verified by a unique checksum which is generated in ASIMON before copying the configuration data to the AS-i Gateway and commissioning the AS-i application. In ASIMON, this checksum is called ConfigID.

The checksum is used in EcoStruxure Machine Expert - Safety for verifying that the configuration loaded in the AS-i Gateway is valid and corresponds to the AS-i configuration entered in EcoStruxure Machine Expert - Safety.

NOTE:

Each modification in the AS-i application results in a newly calculated unique ConfigID. After a modification of the AS-i application, and consequently entering the new ConfigID value in EcoStruxure Machine Expert - Safety, and rebuilding the safety-related SLC application, also the 'Project CRC' of the SLC application is modified. (The 'Project CRC' is indicated in the 'Project Info' dialog in EcoStruxure Machine Expert - Safety.) Note that a changed 'Project CRC' implies a new acceptance procedure for the entire safety-related project.

Read the ConfigID checksum from the ASIMON configuration tool and enter it as ConfigID value in the parameterization editor.

You can also display the ConfigID at the AS-i Gateway device. Press the 'OK' button at the device to enter the menu and select 'Safety > Safe Sercos > Config IDs (Node and Manager)' to display the ConfigID.

The 'Node' entry on the displayed screen outputs the ConfigID configured on the AS-i Gateway device.

The 'Manager' entry displays the ConfigID which is entered in the safety-related device AS-i Gateway parameters in EcoStruxure Machine Expert - Safety.

NOTE:

If the value is 0, either no communication connection is established between EcoStruxure Machine Expert - Safety and the AS-i Gateway, or communications will be unsuccessful because of the invalid ConfigID.

By entering the checksum in EcoStruxure Machine Expert - Safety, you confirm that you know and consider the mapping of safety-related data to the '8 Bytes Safe Sercos Data' device object in the AS-i application.

WARNING

UNINTENDED EQUIPMENT OPERATION

Verify the mapping of AS-i I/O data to the '8 Bytes Safe Sercos Data' device object and the use of AS-i input/output data bits in the safety-related SLC application.

Verify the interaction between the applications programmed for the AS-i Gateway (with its connected I/O devices) and the PacDrive 3 application (LMC and SLC programs).

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Further Information

Also refer to section "ConfigID by B+W corresponds to safety-related ConfigID parameter".