ATEX, Ex, Intrinsically Safe. ATEX directives (ATmospheres EXplosives, French) Ignition (combustion, deflagration) in hazardous areas

Transcription

1 ATEX, Ex, Intrinsically Safe ATEX directives (ATmospheres EXplosives, French) ATEX 95 equipment directive 94/9/EC (equipments and protections for use in potentially explosive atmosphere) ATEX 137 workplace directive 99/92/EC (requirements for safety&health of workers in potentially explosive atmosphere) For hazardous areas (offshore platforms, petrochemical plants, mines,..) An equipment (Europe) is marked with Ex if its approved under ATEX directive ( CE also implies compliance with ATEX) Ignition (combustion, deflagration) in hazardous areas Co-presence of Oxygen, fuel (gas, mist, vapor, dust), effective ignition source effective ignition source - Open flames (also a cigarette or welding activity) - Electrical or mechanical sparks, lightning strikes, electrostatic discharge - High surface temperature (6 C), adiabatic compre ssion - Radiation 1

2 ATEX, Ex, Intrinsically Safe Hazardous area and risk reduction Hazardous area: co-presence of oxygen and fuel Reducing oxygen end/or fuel (ventilation, clean air, ) -> Inherent safety Few and safe electrical equipments (low energy sparks even if a failure occurs) -> intrinsic safety Intrinsically safe (IS) electrical equipments Equipments with protections for high degree of hazard areas Lowering electrical and thermal energy (not enough to cause an ignition) Protecting electric supply, signal wires, connectors (e.g. galvanic insulation) Prevent autoignition of devices with thermal protections Inherent safety (chemical and process industry) Reducing the amount of hazardous material present at time Replace hazardous materials (e.g. clean with water instead of solvent) Avoid high pressures and high temperatures Derate (equipments and processes can be designed to be capable of withstanding possible faults or deviations from design) 2

3 ATEX, Ex, Intrinsically Safe Hazard identification and assessment a) Hazard identification: A systematic procedure for finding all of the hazards, which are associated with the products. Once a hazard has been recognized, the design can be changed to minimise it, whether or not the degree of risk has been estimated. Unless the hazard is recognized it cannot be addressed in the design. b) Hazard estimation: Determination of the Probability of occurrence of the identified hazards (and of the levels of severity of the possible harm of the considered hazards, see as well EN 15). c) Hazard evaluation: Comparison of the hazards estimated with criteria in order to decidewhether the risk is acceptable or whether the product design must be modified in order to reduce the risk. d) Hazard reduction option analysis: The final step of hazard assessment is the process of identifying, selecting and modifying design changes which might reduce the overall risk from products. Although risks can always be reduced further they can seldom be reduced to zero except by eliminating the activities. 3

4 ATEX, Ex, Intrinsically Safe Ex zones Gas, Mists or Vapors Zone - An atmosphere where a mixture of air and flammable substances in the form of gas, vapor or mist is present frequently, continuously or for long periods. Zone 1 - An atmosphere where a mixture of air and flammable substances in the form of gas, vapor or mist is likely to occur in normal operation occasionally. Zone 2 - An atmosphere where a mixture of air and flammable substances in the form of gas, vapor or mist is not likely to occur in normal operation but, if it does occur, will persist for only a short period. Dusts Zone 2 - An atmosphere where a cloud of combustible dust in the air is present frequently, continuously or for long periods. Zone 21 - An atmosphere where a cloud of combustible dust in the air is likely to occur in normal operation occasionally. Zone 22 - An atmosphere where a cloud of combustible dust in the air is not likely to occur in normal operation but, if it does occur, will persist for only a short period. 4

5 ATEX, Ex, Intrinsically Safe How to understand if an equipment is appropriate for the use - 4 elements are taken in account: group, equipment cat., Atmosphere, Temperature E.g. approved for Ex II 2 GD (Ex zones 1,2,21,22 Gas, vapour, mist, dust) 5

6 ATEX, Ex, Intrinsically Safe 6

7 PROFIBUS PA and Foundation Fieldbus Similar Function Block Model PROFIBUS Simple Master-Slave communication Idea: DP for intrinsically safe applications Easy to configure Worldwide acceptance FOUNDATION TM Fieldbus Distributed Control System Does not need a Master Highly complex configuration Sophisticated Device Description Language Time consuming Device registration process Identical physical layer (IEC ) Requires sophisticated hardware

8 Fieldbus Foundation DCS FF H1 Solution FF-Interface Interface for 2nd FBS Power conditioner Average of 12 devices 4 Average of 12 devices FBS = Field Bus System

9 PROFIBUS PA DCS PROFIBUS-Interface Coupler, Linking device Average of 16 devices 4 Average of 16 devices

10 PROFIBUS PA PROFIBUS PA = PROFIBUS for Process Automation PA is based on the DP and DP Extended protocol DP Master Class 1 controls both DP AND PA field devices Definitions for DP protocol also valid for PA: Parameterization Configuration Cyclic data exchange Diagnostic... Synchronous data transfer with Manchester coding Power AND data are transferred via the same wire Transmission rate is 31.25kbaud s PROFIBUS PA Date 9/19/, Page 1

11 PROFIBUS PA = PROFIBUS DPV1 + IEC A coupler adapts a Profibus-PA network as a DP device electrical isolation power supply of the bus and adaptation between RS485 and IEC baud-rate adaptation (DP to 31.25kbit/s voltage mode) Conversion between UART telegram and 8-bit synchronous telegram 11

12 PROFIBUS PA: THE PHYSICAL LAYER RS485 wire carries data only 9,6K; 19,2K; 45,45K; 93,75K; 187,5K; 1,5M; 3M; 6M; 12M Physics Transmission Rate IEC wire carries data and power 31,25K NRZ (No Return to Zero) Coding Manchester 11 bits per data byte 8 bits per data byte 1 start bit, 8 data bits (LSB first) Character Format 8 data bits (MSB first) 1 parity bit (even parity), 1 stop bit 1 parity bit for each character 1 byte FCS check sum (Frame Check Sequence) Check Sequence 16 bit CRC (Cyclic Redundancy Check) PROFIBUS DP PROFIBUS PA RS 485 MBP-IS DP/PA coupler 12

13 Manchester coding,5/tbit < f < 1/Tbit PROFIBUS PA: THE PHYSICAL LAYER Clock Binary NRZ (PROFIBUS) + 1 Manchester Bitphase L (PROFIBUS-PA)

14 PROFIBUS PA: THE PHYSICAL LAYER Power (2 wires) is supplied by the coupler (normally between 12V-24V) Currents vary between 9 and 4mA depending on Ex zone. Fig. 1 DC Data are modulated at 31.25kbit/s (between,75 and 1 V peak-peak) Fig. 2 AC 14

15 PROFIBUS PA: THE PHYSICAL LAYER Rules for spur, terminations, ) PROFIBUS Spur Line Star 24 V PROFIBUS PA (Main) Line T Branch Termination 15

16 PROFIBUS PA: THE PHYSICAL LAYER Limited power in hazardous area Each device has a current consumption of minimum 1 ma -Individual current consumption -Manchester current (9 ma) -FDE current DC voltage power supply: up to max. 32 volts up to 19 m total line length, up to 3 m Drop/Spur Line length stub lines to the devices: up to 12 m; in hazardous areas maximum 3 m up to 31 devices per line segment 16

17 PROFIBUS PA: THE SEGMENT COUPLER 17

18 PROFIBUS PA: THE COUPLER Segment coupler DP/PA by Siemens Standard Current PA: Voltage PA : 4 ma 19 V [EEx ib] II C Current PA: Voltage PA: 11 ma 12.5 V DP baudrate: kbit/s [EEx ia] II C DP connector: DB9 Current PA: 9 ma DP termination: No Voltage PA: 12.5 V PA connector: screw terminal PA termination: optional (solo Non-Ex) 18

19 PROFIBUS PA: THE FISCO MODEL FISCO (Fieldbus Intrinsically Safe Concept) only one device supplies power to a particular segment Us = 12.5 V Is = 9 ma 1 power supply for the bus with limited energy. Fault Disconnection Electronic. (FDE) Max. one fault at time I SEG < I S I SEG = 55 ma I B1 = 11 ma I B2 = 2 ma I FDE = 12 ma I B3 = 12 ma 11 ma + 2 ma + 12 ma + 12 ma = 55 ma fault 19

20 PROFIBUS PA: FRAMES of Fieldbus Data Link (FDL) RS 485 (PROFIBUS DP) SD2 LE LEr SD2 DA SA FC DATA_UNIT FCS ED MBP (PROFIBUS PA) PMB SOF SD2 LE LEr SD2 DA SA FC DATA_UNIT CRC EOF PMB Preamble (minimum length 16 bit 1,,1,,1,, ) SOF Start Of Frame (1, N+, N-, 1,, N-, N+, ) SD2 Start Delimiter (68H) LE Information length (4 to 249) LEr Information length repeated DA Destination address SA Source address FC Frame Control DATA_UNIT Data field (maximum length 246) FCS Frame Check Sequence CRC Cyclic Redundancy Check (16 bit) ED End Delimiter (16H) EOF End OF Frame (1, N+, N-, N+, N-, 1,, 1) Hamming distance HD = 4 Up to 3 errors detected 11 bytes minimum Hamming distance HD = 4 Up to 3 errors detected 2

21 PROFIBUS PA: FDL Same telegrams of Profibus-DP 1 value = 5 bytes 5 bytes at 31.25kbit/s = 1.28 ms Rough estimation of cycle time 21

22 PROFIBUS PA: FDL Segment coupler same identifiers in DP and PA 9 nodes with 1 value each (5 bytes each) Tcycle = 161 ms (21,3 ms for the master and 15,5 ms for each slave) 1 PROFIBUS DP PROFIBUS PA

23 PROFIBUS PA: LINK AND COUPLER The coupler should adapt also the baud rate (slowing DP) A Link can reduce the DP baud rate acting as a slave DP and a master PA (gateway) PROFIBUS DP PROFIBUS PA Link Coupler 9.6 kbit/s to 12 Mbit/s DP SLAVE DP MASTER kbit/s kbit/s 23

24 PROFIBUS PA: LINK AND COUPLER Up to 244 bytes of data exchange 1 ms PROFIBUS DP Up to 12 Mbit/s DP/PA link PROFIBUS PA Fixed at kbit/s 15,5 ms 15,5 ms 15,5 ms 24

25 PROFIBUS PA: THE PA PROFILE PA Profile Definition on the application layer level Profile defines variables, function blocks, meaning of the data, mapping to communication services... Devices with the same profile implemented can be exchanged Current version of PA Profile is V3. Available as official PROFIBUS International document with order no Pre-defined GSD files for various PA field devices available 25

26 PROFIBUS PA: THE PA PROFILE A value is composed by a floating point (4 bytes) indicating the Measured vakue and a Status (1 byte) Status Measured value DP services cyclic and acyclic Measuring range Filter time Alarm/warning limits Alarm summary TAG DP Services acyclic Profile B (e.g. for pressure transmitters) Manufacturer-specific parameters DP services acyclic 26

27 PROFIBUS PA: THE PA PROFILE (STATUS BYTE) Process or control value (1 or 4 bytes) Quality Quality-sub-status Limit se Quality = bad = bad = ok 1 = uncertain 1 = configuration error (not allowed value) 1 = low limited 1 = good (not cascaded) 1 = not connected 1 = high limited 1 1 = good (cascade) 1 1 = bad device 1 1 = constant 1 = bad sensor 1 1 = no communication (old value) 1 1 = no communication (no value) = out of service If the Status > x8 everything is OK! 27

28 PROFIBUS PA: THE PA PROFILE (the Device model) the function block describes the device function during the operation (cyclic data exchange of analog input/output, alarm limit values, etc.). the physical block encompasses all parameters and functions required to identify the hardware and software (model numbers, vendor ID, etc.). the transducer block contains the parameters which describe the coupling of the signals to the process and are required to preprocess the data in the field device (process temperature and pressure, characteristic curves, sensor type, linearization, etc.) 28

29 PROFIBUS PA: THE PA PROFILE (function block) A function block for an analog input Analog Input Function Block from Operator enable status MODE- and STATUS- Handling status Channel value status simulate value and status field value and status value FB- Algorithm (manual) OUT Automatic OUT (out of service) value Limitation Alarm OUT 29

30 PROFIBUS PA: THE PA PROFILE Pressure transducer, alarms 12 bar 8 bar Linearity range (bar) 2 bar Max allowed value Max value, Linearity range HI-HI-LIM (Alarm threshold +) HI-LIM (Alarm pre-threshold +) LO-LIM (Alarm pre-threshold - ) LO-LO-LIM (Alarm threshold - ) Min value, linearity range PV_SCALE (range) OUT (Valore misurato) bar Min allowed value 3

31 PROFIBUS PA: THE GSD file A EDD (Electronic Device Description) can be provided for diagnostic and additional information PROFIBUS-PA GSD File for description of communication parameters GSD PROFIBUS Configuration Tool PA Field Device DD Device Description File for specification of functionality PROFIBUS Engineering Tool 31

32 PROFISAFE La situazione attuale nel campo della sicurezza funzionale La sicurezza funzionale (safety) è ottenuta per mezzo di bus proprietari L integrazione con il sistema principale è lunga e costosa (tempi sviluppo) Molte volte I/O non sicuri operano sul campo da proteggere DP Master Standard I/O (DP Slave) PROFIBUS DP Bus proprietario dedicato alla safety Livello con I/O Safety 32

33 PROFISAFE Controllo della posizione fisica Se vengono usati più dispositivi slave dello stesso tipo il master non ha il controllo della posizione fisica o di un eventuale cambio di indirizzo DP master (class 2) PC DP master (class 1) CNC PLC DP master (class 2) PROFIBUS DP Ingressi e uscite distribuiti Ingressi e uscite distribuiti 33

34 PROFISAFE Soluzione standard PROFIBUS con ASIC La CPU perde contatto con gli eventi di rete I dati nella dual port RAM sono attuali? I dati nella dual port RAM sono stati trasmessi o no? D Ingressi/uscite CPU + Software applicativo Dual Port RAM PROFIBUS ASIC H D T network interface RS 485 / FO / MBP-IS 34

35 Struttura di PROFIsafe PROFISAFE Software di programmazione standard Tool di programmazione Fail-Safe Standard CPU e Fail-Safe HW Programma applicativo Fail-Safe Fail-Safe FBs with time diversity Standard remote I/O Moduli I/O Fail-Safe Standard PROFIBUS DP PROFIsafe 35

36 PROFISAFE Caratteristiche principali di PROFIsafe Funzioni sicure solo nei nodi PROFIBUS Certificato SIL 3 (IEC6158), AK6(DIN V 1925) e CAT 4 (EN954-1) PROFIBUS DP e PROFIsafe possono operare insieme Specifiche elettriche in secondo PROFIBUS DP PLC con funzione fail-safe Sicurezza per mezzo di software aggiuntivo in ogni componete Componente standard Componente fail-safe I/O Fail-safe I/O Standard Azionam. Dispositivo failsafe 36

37 PROFISAFE Aree industriali con rischi potenziali Industrie di processo: Persone, investimenti, natura Industrie manifatturiere: Persone e macchine Process Control Mainstream Production Cells / Centers Up-/Downstream veleni, pressioni Tempi di reazione.1...1s IEC 61511, NE TÜV Tempi di reazione ms IEC 6158, 6261 ISO BIA/HSE/.. movimenti Inceneritori Trasporti Calore Attuatori e Sensori Automazione Fail-safe Distribuita materiali 37

38 La visione di PROFIBUS Integrazione all interno della rete PROFISAFE PROFIBUS Master + Safety PROFIBUS-I/O PROFIBUS-I/O PROFIBUS Master PROCESS FIELD BUS Repeater DP/PA Monitoring Device PROFIBUS-I/O PROFIBUS-PA-Device PROFIBUS-I/O 38

39 PROFISAFE Il driver Fail-Safe aggiunge nuovi dati Il driver aggiunge elementi extra al campo dati CRC Sequence number Byte di stato/controllo Sync time SD LE LEr SD DA SA FC Data Unit = Standard- or Fail-Safe data FCS ED F-I/O-Data Status / Control byte Sequentie Nummer CRC Standaard- I/O-Data Sender based Counter across F-Data and F-Parameter Max. 12 / 124 Bytes 1 Byte 1 Byte 2 / 4 Bytes* (24 - F-Data) Max. 244 Bytes DP-Data *) 2 Byte for a max. of 12 Byte F I/O data 4 Byte for a max. of 122 Byte F I/O data 39

40 PROFISAFE Sequence number Serve per la sincronizzazione F-Host F-Output Time out Host Cycle Time DP- Cycle Time Time out Time out Host Cycle Time Time out 4

41 PROFISAFE PROFIsafe: Applicabile ad ogni rete PROFIBUS esistente Standard- I /O 7 2 Safety Input Safety-Layer 7 2 Safety Control Safety-Layer 7 2 Safety Output Safety-Layer 7 2 Standard Control = ASICs, collegamenti e cavi (non rilevanti per la safety) = Funzioni non critiche dal punto di vista della safety (esempio: diagnostica) = PROFIsafe": Parti dei sistemi critici dal punto di vista della sicurezza (es. Watchdog timer) = Importanti per la sicurezza ma non descritti nel profilo (es. Safety I/O) Black Channel" = Standard PROFIBUS 41

42 PROFISAFE PROFIsafe: Esempi di applicazioni 42