Lenze E94AYAD-SM300 User Manual
EDS94AYAD
.,4z
Ä.,4zä
Manual
L-force | 9400
E94AYAD - SM300
Safety module
Please read these instructions and the documentation of the standard device before you
start working!
Observe the safety instructions given therein!
1 Safety engineering
Contents
1.1 Basics 1.1-1.......................................................
1.1.1 Introduction 1.1-1..........................................
1.1.2 Drive-based safety with L-force | 9400 1.1-1....................
1.1.3 Terms and abbreviations of the safety engineering 1.1-2..........
1.1.4 Important notes 1.1-3.......................................
1.1.5 Safety instructions 1.1-4.....................................
1.1.6 Application as directed 1.1-4.................................
1.1.7 Hazard and risk analysis 1.1-5................................
1.1.8 Standards 1.1-5............................................
1.1.9 Overview of sensors 1.1-5....................................
1.2 Device modules 1.2-1...............................................
1.2.1 Slot 1.2-1..................................................
1.2.2 Function mode of the safety modules 1.2-2.....................
1.2.3 Safety module SM300 1.2-3..................................
1.2.4 Connection of safety sensors 1.2-8............................
Safety engineering
Contents
1
1.3 Safety functions 1.3-1...............................................
1.3.1 Integration into the application of the controller 1.3-1...........
1.3.2 Error states 1.3-3...........................................
1.3.3 Safe torque off 1.3-5........................................
1.3.4 Safe stop 1 1.3-7...........................................
1.3.5 Safe PROFIsafe connection 1.3-9..............................
1.4 Acceptance 1.4-1...................................................
1.4.1 Description 1.4-1...........................................
1.4.2 Periodic inspections 1.4-1....................................
EDS94AYAD EN 2.2
1-1
1.1 Basics
1.1.1 Introduction
Safety engineering
Basics
Introduction
With increasing automation, protection of persons against hazardous
movements is becoming more important. Functional safety describes the
measures needed by means of electrical or electronic equipment to reduce
or remove danger caused by failures.
During normal operation, safety equipment prevents people accessing
hazardous areas. In certain operating modes, e.g. set-up mode, work needs
to be carried out in hazardous areas. In these situations the machine
operator must be protected by integrated drive and control measures.
Drive-based safety provides the conditions in the controls and drives to
optimise the safety functions. Planning and installation expenditure is
reduced. In comparison to the use of standard safety engineering,
drive-based safety increases machine functionality and availability.
1.1
1.1.1
1
1.1.2 Drive-based safety with L-force | 9400
The controllers of the L-force|9400 range can be equipped with a safety
module. The functional range of the safety module types varies in order to
optimally implement different applications.
”Drive-based safety” stands for applied safety functions, which can be used
for the protection of persons working on machines.
The motion functions are continued to be executed by the controller. The
safety modules monitor the safe compliance with the limit values and
provide the safeinputsand outputs. When the limit values areexceededthe
safety modules start the control functions according to EN 60204-1 directly
in the controller.
The safety functions are suitable for applications according to IEC 61508
SIL 3 and meet, depending on the module, the requirements of EN 954,
part 1 up to control category 4.
EDS94AYAD EN 2.2
1.1-1
1
1.1
1.1.3
Safety engineering
Basics
Terms and abbreviations of the safety engineering
1.1.3 Terms and abbreviations of the safety engineering
Abbreviation Meaning
9400 Lenze servo controller
EC_S0 Error-Class Stop 0
EC_S1 Error-Class Stop 1
EC_S2 Error-Class Stop 2
EC_FS Error-Class Fail-Safe
Cat. Category according to EN 954-1
OSSD Output Signal Switching Device, tested signal output
PS PROFIsafe
PWM Pulse width modulation
S-DI Safe input (Safe Digital Input)
S-DO Safe output (Safe Digital Output)
SIL Safety Integrity Level according to IEC 61508
SM Safety module
Optocoupler
supply
OFF state Signal state of the sensors when they are activated or respond
ON state Signal state of the sensors in normal operation
Abbreviation Safety function
SDI Safe direction
SLI Safely limited increment
SLS Safely limited speed
SOS Safe operating stop
SS1 Safe stop 1
SS2 Safe stop 2
SSM Safe speed monitor
STO Safetorqueoff
Supply of optocouplers to control the driver
Formerly: safe standstill
1.1-2
EDS94AYAD EN 2.2
1.1.4 Important notes
Safety engineering
Basics
Important notes
The following pictographs and signal words are used in this documentation
to indicate dangers and important information:
1.1
1.1.4
1
Safety instructions
Application notes
Structure of safety instructions:
Danger!
(characterises the type and severity of danger)
Note
(describes the danger and gives information about how to
prevent dangerous situations)
Pictograph and signal word Meaning
Danger of personal injury through dangerous electrical
voltage.
Danger!
Danger!
Stop!
Pictograph and signal word Meaning
Reference to an imminent danger that may result in death or
serious personal injury if the corresponding measures are
not taken.
Danger of personal injury through a general source of
danger.
Reference to an imminent danger that may result in death or
serious personal injury if the corresponding measures are
not taken.
Danger of property damage.
Reference to a possible danger that may result in property
damage if the corresponding measures are not taken.
Special safety instructions
and application notes for UL
and UR
Note!
Tip!
Pictograph and signal word Meaning
Warnings!
Warnings!
Important note to ensure troublefree operation
Useful tip for simple handling
Reference to another documentation
Safety or application note for the operation of a
UL-approved device in UL-approved systems.
Possibly the drive system is not operated in compliance with
UL if the corresponding measures are not taken.
Safety or application note for the operation of a
UR-approved device in UL-approved systems.
Possibly the drive system is not operated in compliance with
UL if the corresponding measures are not taken.
EDS94AYAD EN 2.2
1.1-3
1
1.1
1.1.5
1.1.5 Safety instructions
1.1.6 Application as directed
Safety engineering
Basics
Safety instructions
The safety modules SMx (E94AYAx) may only be used together with Lenze
drive controllers of the L-force | 9400 (E94A...) series.
Any other use shall be deemed inappropriate!
Installation/commissioning
ƒ Only skilled personnel are permitted to install and commission the
safety functions.
ƒ All control components must comply with the demands of the hazard
and risk analysis.
ƒ Install the controllers in control cabinets with IP54 protection.
ƒ Wiring with insulated wire end ferrules or rigid cable is vital.
ƒ For modules without integrated short-circuit monitoring:
– All safety-relevant external cables (e.g. control cables for safety
functions, feedback contacts) outside the control cabinet must be
protected, e.g. by a cable duct.
– In this connection, make sure that short circuits cannot occur!
– For further measures see ISO 13849-2.
ƒ If external forces act on the drive axes, additional brakes are necessary.
The effect of the gravitational force on hanging loads must be
especially observed!
Danger!
If the request for the safety function is cancelled, the drive will
restart automatically.
You must provide external measures which ensure that the drive
only restarts after a confirmation (EN 60204).
During operation
1.1-4
Danger!
When the “safe torque off” (STO) function is used, an
”emergency-off” according to EN 60204 is not possible without
additional measures. There is no electrical isolation, no service
switch or repair switch between motor and controller!
“Emergency-off” requires an electrical isolation, e.g. by a central
mains contactor!
After theinstallation is completed,the operator mustcheck the wiringof the
safety function.
The functional test must be repeated at regular intervals. The time intervals
to be selected depend on the application, the entire system and the
corresponding risk analysis. The inspection interval should not exceed one
year.
EDS94AYAD EN 2.2
Safety engineering
Basics
Hazard and risk analysis
1
1.1
1.1.7
Residual hazards
1.1.7 Hazard and risk analysis
Incaseof ashort-circuitof twopowertransistors aresidualmovement of the
motorofupto180°/numberofpolepairsmayoccur!(Example:4-pole
motor ⇒residual movement max. 180 °/2 = 9 0 °)
This residual movement must be considered in the risk analysis, e.g. safe
torque off for main spindle drives.
This documentation can only accentuate the need for a hazard analysis. The
user of drive-based safety must concentrate on dealing with the standards
and legal position.
Before putting a machine into circulation, the manufacturer of the machine
must carry out a hazard analysis according to the Machinery Directive
89/392/EEC to find out the hazards related to the application of the
machine. To achieve a level of safety as high as possible the Machinery
Directive contains three principles:
ƒ Removing or minimising the hazards by the construction itself.
ƒ Taking the protective measures required against hazards that cannot
be removed.
ƒ Documentation of the existing residual risks and training of the user
regarding these risks.
The execution of the hazard analysis is specified in EN 1050, guidelines for
risk assessment. The result of the hazard analysis determines the category
of safety-based control modes according to EN 954-1 which the
safety-oriented parts of the machine control must comply with.
1.1.8 Standards
Safety regulations are confirmed by laws and other governmental
guidelines and measures and the prevailing opinion among experts, e.g. by
technical regulations.
The regulationsandrules to be appliedmustbe observed in accordancewith
the application.
1.1.9 Overview of sensors
Passive sensors
Passive sensors are two-channel switching elements with contacts. The
connecting cables and the sensor function must be monitored.
The contacts must switch simultaneously. Nevertheless, safety functions
will be activated as soon as at least one channel is switched.
The switches must be wired according to the closed-circuit principle.
Examples of passive sensors:
EDS94AYAD EN 2.2
ƒ Door contact switch
ƒ Emergency-off control units
1.1-5
1
1.1
1.1.9
Safety engineering
Basics
Overview of sensors
Active sensors
Sensor inputs
Active sensors are units with two-channel semiconductor outputs (OSSD
outputs). Drive-based safety integrated in this device series allows for test
pulses < 1 ms to monitor the outputs and cables.
P/N-switching sensors switch the positive and negative cable or signal and
earth cable of a sensor signal.
Theoutputsmust switchsimultaneously. Nevertheless,safetyfunctions will
be activated as soon as at least one channel is switched.
Examples of active sensors:
ƒ Lightgrid
ƒ Laser scanner
ƒ Control
For sensor inputs that are not used ”no sensor” m ust be parameterised. It is
monitored that no sensor signal is applied.
Connected deactivated sensors can create the false impression of safety
technology being provided. For this reason, a deactivation of sensors by
parameter setting only is not permissible and not possible.
1.1-6
EDS94AYAD EN 2.2
1.2 Device modules
1.2.1 Slot
1.2.1.1 Mounting
Safety engineering
Device modules
Slot
The slot for the safety modules is marked in the documentation with M4. It
is the lowest slot in the controller (see overview).
1.2
1.2.1
1
1.2.1.2 Dismounting
1.2.1.3 Module exchange
Every module exchange is detected by the basic device and documented in
a logbook.
When the module is replaced by the same type no restrictions arise.
When the module isreplacedby a different type, the drive is inhibited bythe
controller. The inhibit can only be deactivated when the parameter setting
of the required safety module complies with the plugged safety module.
E94AYAX001
E94AYCXX001H
EDS94AYAD EN 2.2
1.2-1
1
M
SMx
PWM
µC
PC
3x
3x
Xx
1.2
1.2.2
Safety engineering
Device modules
Function mode of the safety modules
1.2.2 Function mode of the safety modules
C00214
Disconnecting paths
The code C00214 must comply with the plug-in safety module type so that
thecontrollerisabletooperate.
The transmission of the pulse width modulation is safely (dis-)connected by
thesafetymodule. Hencethe driversdonot createa rotating field.The motor
is safely switched to torqueless operation (STO).
SSP94SM320
Fig. 1.2-1 Disconnecting paths of the safety modules
SMx Safety module SM100/SM300
xx Input / output terminal
C Control section
μC Microcontroller
PWM Pulse width modulation
PPowersection
M Motor
Safety status
Fail-safe status
1.2-2
When the controlleri s switched off by a safety module,the”Safe torque off”
status is set (C00183 = 101).
If internal errors of the safety modules are detected, the motor is safely
switched to torque-free operation (fail-safe status).
EDS94AYAD EN 2.2
Loading...