Safety Included
Fieldbus Infrastructure and Functional Safety
Plants with fieldbus and hazardous areas are well prepared for functional safety applications. The fieldbus infrastructure is used concurrently by the devices for safety-integrated systems and for process control. The amount of work required for the planning, construction, test and operation of these systems is less than for conventional interface technology. Only logic solvers, sensors and actuators are planned for the required safety classes.
The avoidance of errors in process plants is defined by functional safety in the IEC (international electro technical commission) standards 61508 and 61511. Until now, conventional interface technology (4-20 mA) has been used for the transfer of the necessary signals. Since the electronic components can also lead to distortion and to impairment of the signal, its contribution to the safety of the function chain must be considered. Fieldbus systems use digital signals exclusively. Telegrams transfer the data which are detected as either correct or incorrect and are handled accordingly. For this purpose, each telegram transfers a checksum. Equipped with these mechanisms, the fieldbus has found wide application in process automation and has become established as a reliable resource.
Signaling Safety
Higher requirements for the reliability of the data, which is demanded by functional safety, can be implemented through digital safety mechanisms. Specialist working groups have defined the FF-SIF (Foundation fieldbus safety instrumented function) and Profisafe protocols for this purpose. The signal relevant for safety is equipped with additional mechanisms, such as a longer checksum, a transfer counter and passwords. User and additional data are transferred using a standard telegram. The transmitter and receiver can check the reliability and perform their tasks accordingly. This reliability satisfies the requirements up to safety integrity level (SIL) 3.
The fieldbus infrastructure connects the control technology and the field devices. It physically transfers the data and supplies the field devices with current. Power supplies, installation technology, cables and accessories - such as terminators and lightning protection - are part of it. As a rule, it also fulfils the tasks of explosion protection. Because digital mechanisms provide reliability, the fieldbus infrastructure can be regarded as a "tunnel" or "black channel".
Increasing Availability
In devices with ex-certification components are intentionally de-rated. This enables higher power reserves and signifies an expectation of long service life. Power supplies contain the highest number of electronic components. So, they are the critical element in the chain. The Fieldconnex Power Hub offers redundancy, using plug-in modules that provide power in parallel. They are decoupled via simple diodes and carry only about half the load current to extend the service life. If a redundant partner drops out, each of the modules can accept the full load current without transients. This does not interfere with communication. The internal monitoring triggers a message and the module is replaced without tools.
Clever And Simple
The Fieldconnex Segment Protectors protect the trunk from short-circuits which can occur during manual intervention on field devices. T-connectors enable simple series connection and additionally offer a clear and easily monitored position for the terminator. This terminator comprises a network consisting of one resistor and four capacitors. If a component drops out, the basic function of the bus terminator is retained. Fieldbus diagnosis can make this defect visible, while the function of the segment remains intact. Pepperl+Fuchs have commissioned the independent institute Exida to investigate the availability of the high-density Power Hub and R2 Segment Protector series. Exida additionally confirmed SIL 3 capability.
Planning And Installation
The majority of today's installations are prepared for safety-related signals. The High-Power Trunk Concept for explosion protection requires that the trunk is installed with increased safety - very well protected and thus with high availability. In the design of a fieldbus segment for the transfer of safety-relevant signals, a power reserve of 20 to 30% is recommended for the power supply. This is easily achieved. The prerequisites for the parallel operation of process and safety control systems are fulfilled, if:
- The maximum cable lengths of the trunk and spurs are observed;
- The maximum permissible number of fieldbus nodes is observed;
- Only approved fieldbus cables are used;
- The cables are laid with protection, e.g. in conduits;
- The shielding/grounding is installed correctly according to the grounding concept;
- Terminators are installed at each end of the trunk.
In addition, modern diagnosis for the physical layer, such as the Fieldconnex Advanced Diagnostic Module (ADM) accelerates the commissioning with automated checking of the physical layer and documentation. It makes measured values available for determining the actual power reserve during operation. The "black channel" fieldbus is illuminated and monitored for its availability. The ADM transfers grouped signals to the plant operator via a voltage-free contact or directly to the process control system. Maintenance teams receive status information in plain text in plant asset management (PAM) and can increase plant availability with proactive intervention.
Operation And Maintenance
If the steps described above for planning, installation and commissioning are followed, the fieldbus provides a stable infrastructure aligned with safety considerations. It can be monitored with physical layer diagnostics. Via a voltage-free contact or grouped signals integrated in the process control system and detailed status information in PAM, plant operators and maintenance personnel are advised of errors and can react proactively, increasing plant availability. Proactive, planned maintenance precautions replace reactive repairs. The self-diagnostic function of field devices and the monitoring of the physical layer, as well as automated testing, increase the rate of detectable errors and hence the safety of the entire process plant. At the same time, high availability of the overall process is guaranteed.
Problem-free
Additional layers in the FF-SIF and Profisafe protocols provide the safe transfer of signals up to SIL 3. The fieldbus infrastructure is considered here as a black channel or tunnel whose characteristics are irrelevant for safety. This means: From planning to maintenance, only those considerations that ensure the desired plant availability are relevant. Fieldconnex components provide the cumulative experience of the fieldbus experts, embodied in sound, ingenious technology. The High-Power Trunk Concept defined by Pepperl+Fuchs is today the de facto industry standard, so that the majority of existing installations exhibit the required availability.