Passive safety up to SIL3/PLe: simple & cost-effective alternative by Bihl+Wiedemann

Passive safety technology – a cost-effective alternative

In principle, machine safety can be achieved in different ways but passive safety is becoming increasingly more important in fieldbus solutions – mainly due to the associated cost advantages and reduced complexity.

 

What is so special about passive safety?

What distinguishes passive safety technology from classic fieldbus solutions for functional safety? With classic fieldbus solutions, a safe output is required for every actuator. The advantage: All actuators can be safely switched off individually. However, this level of flexibility is not always required, especially when entire groups of actuators have to be de-energized simultaneously. In this case, passive safety is a good and cost-effective alternative. This is because having many safe outputs greatly increases the total cost of the application. With passive safety, all outputs can be switched off and controlled without safety individually or, if required, entire groups of actuators can be switched off safely using a single safe output — simply by switching off the supply voltage to all connected actuators in the drive string.

 

How can passive safety be realized with ASi?

To establish passive safety, you must make sure that the actuator cannot be externally supplied with power when the supply is switched off. In a best case scenario, the power supply for the actuators is galvanically isolated from the supply for communication and sensor systems.

 

This supply principle has always been used with ASi — especially the B+W modules. In the smart wiring system, the profile cables are separated from each other — as a system string in the lower part of the module — with the yellow ASi cable transmitting control signals and energy, and the black profile cable providing auxiliary energy. This can be realized up to a safety level of SIL3 or PLe.

 

Thanks to the smart wiring system ASi, communication and power supply of the module via ASi are always maintained if the periphery is selectively switched off via AUX line. This means that none of the participants in the bus communication fail — as happens often with Ethernet-based systems — and there are no unforeseen effects on other system parts. Through the bus, the module can additionally detect and report that the AUX voltage has been de-energized. This information can also be evaluated for diagnostics through the existing communication with the control system via ASi.


Fig.: In the event of a switch-off, communication and power supply to the sensor system are maintained via the yellow ASi cable (left figure) whereas no communication can take place in a comparable setup with Ethernet-based systems (right figure).

 

In practice, it may also be necessary to install several switched and unswitched AUX lines in the system in order to manage individual drive strings separately from one another. In the event of a switch-off, the safety-relevant actuators can be selectively de-energized from the switched AUX line. The non-safety-relevant peripherals, such as the sensors, are supplied with power via the unswitched AUX line. This means that not only bus communication, but also information from the sensors, remains available for these modules.


Within a system, different AUX lines can be used to de-energize individual drives or several drives.

 

The ASi wiring system also offers the possibility to realize the power supply of the periphery via the yellow ASi cable in addition to the bus communication. Therefore, it may not be necessary to lay an additional unswitched AUX if all non-safety-related peripherals in the string can be supplied from the yellow cable. For this purpose, B+W offers a wide range of products in its portfolio that reliably supply power to the sensors from ASi and the actuators from AUX.


In the event of a switch-off, power continues to be supplied to the connected sensor system via the yellow ASi cable so that communication is maintained, and the drive string can be switched off via AUX.

Save valuable resources

The principle of passive safety with Bihl+Wiedemann minimizes the use of cost-intensive, decentralized safe outputs in the field. This means that the same functional safety can be achieved with less effort. Generally speaking, with ASi you need almost no expensive plugs or sockets and only a single cable. This significantly reduces installation times and material costs. In addition, valuable resources such as expensive assembly and planning time, but also copper or plastic, which are required to manufacture the components, can be saved on a large scale. There is also a positive environmental effect when it comes to disposal – less waste is produced.

 

Less connectors – More connection

What are the options for applying passive safety in the application?

Through Bihl+Wiedemann's broad product portfolio, you can easily integrate passive safety into your system — and use different IP protection classes. With our IP20 products, passively safe junctions can be utilized in a cost-optimized way inside the switching cabinet. It is also possible to shut down the AUX line locally in the field by integrating our dust and splash-proof IP67 modules into your system, while benefiting from a drastically reduced wiring effort with ASi. What's more, ASi can be seamlessly integrated into almost all commonly used automation systems.


Advantages of passive safety with Bihl+Wiedemann

    Safety up to
    SIL3/PLe

     

    The yellow ASi profile cable is used to transmit control signals and power and the black profile cable for auxiliary power. In this way, it can be ensured that all connected actuators are no longer supplied when the auxiliary power is switched off. Safety up to SIL3/PLe is easily possible. With 4-core round cable solutions, this level of safety can only be achieved with great effort.

    Sinking hardware
    costs

    In safety-related applications, a separate costly safe output is generally required for every actuator. With passive safety, on the other hand, a cost-effective standard output can be used for the operational switching of each actuator. In this case, it is possible to implement safety-related disconnection of actuator groups with just one safe output.

    Sensor systems
    always accessible

    The yellow ASi cable transmits control signals and power up to 8 A without interruption. This means that when the auxiliary power is switched off or the black profile cable disconnected, the sensor system remains accessible in the event of a safety situation.

    Efficient power
    supply

    The black profile cable transmits 16 A or 20 A, depending on the cable cross-section – thus significantly more power than typical M12 round cable solutions. This allows plenty of current to be distributed at a low price per meter. For example, this would be ideal for IO-Link solutions and for motors in conveyor applications. Learn more about efficient power supply.

    Savings potential through passive safety

    When you implement passive safety through Bihl+Wiedemann systems, you benefit from fewer safe outputs plus all the cost advantages that ASi offers. Thanks to profile cables and piercing technology, the wiring costs are significantly lower with ASi than with other fieldbus systems – you save up to 68 percent. This is because you do not need various pre-assembled connection cables and also spend less costly time on assembly. Read our wiring cost comparison for more information.

     

    Go to the wiring cost comparison

    Products by Bihl+Wiedemann

    For the simple setup of passive safety, you only need one safety monitor with local outputs combined with a contact extension. Operational switching of the actuators can be achieved with non-safe standard Bihl+Wiedemann products that are suitable for passive safety. This is because almost all of our new ASi-5 modules, such as the various ASi-5 modules with integrated IO-Link master, and many of our ASi-3 modules, meet the requirements for passive safety.

    Be sure to check the technical requirements

    Passive safety can only be established if the following technical requirements are met:

     

    • Safe disconnection must be implemented in accordance with the requirements of the Machinery Directive 2006/42/EC and safety standards such as EN ISO 13849-1 or EN 62061.
    • The galvanic isolation of passively safe switched potentials as well as other potentials must always be ensured or prevented by excluding faults (e.g. protected laying of cables, protected installation of passive safety devices).

     

    What this means, in concrete terms for ASi systems, is that it is the easiest way to exclusively use ASi modules where the compliance with passive safety is explicitly stated in the data sheet. Furthermore, all modules with ASi and AUX should be supplied in an isolated manner via the yellow and black profile cables.

    Supply via M12 cable

    Conduction of passively safe AUX potentials as well as other potentials through common round cables is typically not designed for passive safety – e.g. supplying ASi and AUX via an M12 plug connection. This is because a cross-circuit between passively safe AUX and external potential cannot be ruled out.

     

    Depending on the application, it is nevertheless possible to verify that such a fault case always leads to a safe state by carrying out a precise safety assessment of the entire cabling section concerned. Under this circumstance, passive safety is still ensured - despite having switched and unswitched potential shared in a round cable.

    ASi and AUX supply via a common M12 plug connection is typically not passively safe

    Use of non-passive safety modules

    A single non-passive safety module connected to the switched AUX cable prevents a passively safe structure. This is because the individual modules are to be considered as an overall system in this respect. Therefore, all modules used must be qualified – in switched AUX – for passive safety.

    A single non-passive safety module connected to the switched AUX cable prevents a passively safe structure

    FAQs about passive safety

    Without passive safety, one cannot assume that safe switch-off/disconnection of AUX on a standard I/O module will result in a safe state (I/Os de-energized), as this is not guaranteed. The module continues to draw energy via AS-i, and in the event of a fault, the energy might be fed back via AS-i into the AUX network, which is safely switched off.

     

    Thus, the safety achieved by the safe switch-off cannot be guaranteed in the event of a fault. Furthermore, it can lead to unplanned downtimes and increased effort in system planning, installation and commissioning.

    Safe switch-off (passive safety) is standardized by the Machinery Directives 2006/42/EC, EN ISO 13849-1 and EN 62061.

    Passive safety is applicable when the safe state of the machine's plant components, which are to be provided with passive safety, can be achieved by de-energizing them (active current principle).

    All components that have a connection to different supply potentials and are in the path of a machine's safe switch-off must be passively safe.

    Unfortunately, in order to use such products to add passive safety in a machine that was not previously safeguarded by passive safety, it is not enough to just replace the modules. In this case, a new safety assessment must be carried out on the machine.

    This information can be found in our data sheets under the "Environment" category. As part of our continuous product maintenance, some devices are retroactively upgraded to allow their use in passively safe-switched paths. In such cases, the data sheet also indicates the ID number from which the product is suitable.

    Passive safety is maintained if external sensors and their supply are supplied via the outputs from the same passively safe switched AUX potential.

    If passive distributors which are supplied either only from ASi or from AUX are used for the power supply, potential separation and therefore passive safety is not required.

     

    If passive distributors which carry ASi and AUX potential are used for power distribution, passive safety is required in order to be able to safely perform de-energized switching in the event of a shutdown. This information can be found in the data sheet.

    Distributed, passive safety junctions can be achieved by a safe output module with an AUX connection. The subsequent "conversion" from M12 socket to ribbon cable is done via a passive distributor.

    This could also be of interest to you

    Functional safety

    Learn how to seamlessly integrate safe sensors and actuators as well as safety monitors into all common automation systems with ASi Safety. Safe and unsafe signals can be transmitted on the same line.

    PLC independent safety technology

    Discover the advantages of our safety and wiring technology, which is system and manufacturer-neutral. In this way, it enables simple, fast and thus cost-effective commissioning.

    Muting

    Discover how easy muting is with Bihl+Wiedemann's muting modules. All signals required for muting can be connected to a single module.

    Selection of Mode of Safe Operation

    Read all about how our TÜV-certified device facilitates "selection of mode of sfae operation selection": A standard HMI allows you to safely select up to 5 different operating modes for a maximum of 6 plant sections – each with unique safety functions.

    Do you have questions about the Passive Safety technology from Bihl+Wiedemann?

    ASi – A resource-saving technology

    Thanks to the greatly reduced wiring effort with AS-Interface, you save assembly and material costs. This saves valuable resources.

     

    More information!