Siemens SIMATIC S7 F, SIMATIC S7 FH User Manual

Important Information List of Safety Notes

Contents

SIMATIC

Programmable Controllers S7 F/FH Systems

Manual

Product Overview

Getting Started

Safety Mechanisms

Configuration

Programming

Operation and Maintenance

Safety

Fail-Safe Function Blocks

Appendices

1 2 3 4 5 6 7 8

This manual is part of the documentation package with the order number:

6ES7988-8FA10-8BA0

Edition 02/2003

A5E00085588-03

Check Lists

References

Glossary, Index

A B

Safety Guidelines

This manual contains notices intended to ensure personal safety, as well as to protect the products and connected equipment against damage. These notices are highlighted by the symbols shown below and graded according to severity by the following texts:

! !

Safety Note

Contains important information on the acceptance and safety-related use of the product.

Warning

indicates that death, severe personal injury or substantial property damage can result if proper precautions are not taken.

Caution

indicates that minor personal injury can result if proper precautions are not taken.

Note

draws your attention to particularly important information on the product, handl i ng the product , or to a particular part of the documentation.

Qualified Personnel

Only qualified personnel should be allowed to install and work on this equipment. Qualified persons are defined as persons who are authorized to commission, to ground and to tag circuits, equipment, and systems in accordance with established safety practices and standards.

Correct Usage

Note the following:

Trademarks

The reproduction, transmission or use of this document or its contents is not permitted without express written authority. Offenders will be liable for damages. All rights, including rights created by patent grant or registration of a utility model or design, are reserved.

Siemens AG

Automation and Drives Industrial Automation Systems Postfach 4848, D- 90327 Nuern be rg

Siemens Aktiengesellschaft A5E00085588-03

This device and its components may only be used for the applications described in the catalog or the technical description, and only in connection with devices or components f rom other manufacturers which have been approved or recommended by Siemens.

This product can only function correctly and safely if it is transported, stored, s et up, and install ed correctly, and operated and maintained as recommended.

SIMATIC®, SIMATIC HMI® and SIMATIC NET® are registered trademarks of SIEMENS AG. Some of the other designations used in these documents are also registered trademarks; the owner’s rights

may be violated if they are used by third parties for their own purposes.

Disclaimer of Liability

We have checked t he contents of this manual for agreem ent with the hardware and s oftware described. Since de viations cannot be precluded entirel y, we cannot guarantee full a greement. However, the data in this m anual are reviewed regul arly and any necessary corrections included in subsequent editions. Suggestions for improvement are welcom e d.

©Siemens AG 2003 Technical data subject to change.

Warning

Important Information

Purpose of the Manual

The information contained in this manual enables you to configure and program S7 F/FH Systems using S7 F Systems V5.2.

Target Group

This manual is intended for system planners, configuration engineers and programmers. Knowledge of STEP 7 and CFC is assumed in most areas.

Contents

This manual describes how to work with the S7 F/FH Systems using S7 F-Systems V5.2 software. It consists of instructive chapters and reference chapters (descriptions of the fail-safe function blocks and check lists for acceptance). The manual covers the following topics:

• Safety Mechanisms

• Configuration

• Programming

• Maintenance

• Safety

• Fail-Safe Blocks

Scope of the Manual

The S7 F Systems V5.2 Options Package including Authorization License V5.0

F-Copy License 6ES7 833 1CC00 6YX0 V5.0

Module Order Number As of Version

6ES7 833 1CC00 0YX0 V5.2

Fail-Safe Systems A5E00085588-03 iii

Important Information

What’s New?

The following changes are new in the S7 F Systems V5.2:

Topic Chapter

New Fail-Safe Blocks Fail-Safe Blocks Introduction to the F_Shutdown Logic Getting Started Support of the new ET 200S failsafe modules to the S7 F/FH

Systems Enhanced usability Programming

Standards, Certificates and Approvals

The S7 FH System and the fail-safe F-I/O’s are certified for use in safety mode up to the following levels:

Throughout the document

• Requirement classes AK1 to AK6

DIN V VDE 0801

• SIL1 to SIL3 (Safety Integrity Level) in accordance with IEC 61508

• Categories 1 to 4 in accordance with EN 954-1

Place in the Information Landscape

This manual is part of the documentation package for the S7 F/FH System.

System Documentation Package Order Number

S7 F Systems • Safety Engineering in SIMATIC S7

• Programmable Controllers,

S7 F/FH Systems

• ET200 S Distributed I/O System Fail- Safe Modules

• Automation Systems S7-300 Fail-Safe Signal Modules

CD-ROM

in accordance with DIN V 19250/

6ES7988-8FB10-8BA0

You can also obtain all the SIMATIC S7 documentation as a dedicated SIMATIC S7 collection on CD-ROM.

iv A5E00085588-03

Fail-Safe Systems

How to Use this Manual

To help you find specific information quickly, the manual contains the following aids:

• There is a complete table of contents at the beginning of the manual.

• A heading indicating the contents of each section is provided in the left-hand

column on each page of each chapter.

• Following the appendices, you will find a glossary in which important technical terms used in the manual are defined.

• At the end of the manual you will find a detailed index, which makes it easy for you to find the information you are looking for.

Additional Support

For any unanswered questions about the use of products presented in this manual, contact your local Siemens representative:

http://www.siemens.com/automation/partner

Important Information

Training Center

We offer courses to help you get started with the S7 automation system. Contact your regional training center or the central training center in Nuremberg (90327), Federal Republic of Germany.

Telephone: +49 (911) 895–3200

http://www.sitrain.com

H/F Competence Center

The H/F Competence Center in Nuremberg offers special workshops on SIMATIC S7 fail-safe and fault-tolerant automation systems. The H/F Competence Center can also provide assistance with onsite configuration, commissioning, and troubleshooting.

Telephone: +49 (911) 895-4759 Fax: +49 (911) 895-5193

For questions about workshops, etc., contact: hf-cc@nbgm.siemens.de For Safety Integrated questions (system, wiring, etc.), contact:

cocsi@nbgm.siemens.de

Fail-Safe Systems A5E00085588-03 v

Important Information

A&D Technical Support

Available worldwide, 24 hours a day:

Nuernberg

Johnson City

Worldwide (Nuremberg) Technical Support

Local time: 24 hours per day/365 days per year

Telephone: +49 (0) 180 5050–222 Fax: +49 (0) 180 5050-223 E-mail: adsupport@

siemens.com

GMT: +1:00

Europe/Africa (Nuremberg) Authorization

Local time: M - F 8:00 a.m. to 5:00 p.m.

Telephone: +49 (0) 180 5050–-222 Fax: +49 (0) 180 5050-223 E-mail: adsupport@

siemens.com GMT: +1:00 In general, English and German are spoken by Technical Support and Authorization staff.

United States (Johnson City) Technical Support and

Authorization

Local time: M - F 8:00 a.m. to 5:00 p.m. Telephone: +1 (0) 770 740–3505 Fax: +1 (0) 770 740–3699 E-mail: isd-callcenter@

sea.siemens.com

GMT: -5:00

Asia/Australia (Beijing) Technical Support and

Authorization

Local time: M - F 8:00 a.m. to 5:00 p.m.

Telephone: +86 10 64 75 75 75 Fax: +86 10 64 74 74 74 E-mail: adsupport.asia@

GMT: +8:00

Beijing

siemens.com

vi A5E00085588-03

Fail-Safe Systems

Service & Support on the Internet

In addition to our paper documentation, we also provide all of our technical information on the Internet at:

http://www.siemens.com/automation/service&support

Here, you will find the following information:

• Newsletter providing the latest information on your products

• Exact documents for your requirements, which you can access by performing

an online search in Service & Support

• Forum in which users and experts worldwide exchange ideas

• Your local Automation & Drives contact, who can be accessed in our Contacts

database

• Information about local service, repair, and replacement parts. Much more information can be found under "Services“.

Important Information

Fail-Safe Systems A5E00085588-03 vii

Important Information

viii A5E00085588-03

Fail-Safe Systems

Safety Notes

Keep Safety and Standard Functions Se parat e............................................................. 1- 19

Public Network Safety F-CPU Communication Not Allowed..........................................3-12

Safety Rules for Safety Operation....................................................................................4-2

CPU containing safety program must have a password ..................................................4-3

I/O Group Diagnosis.........................................................................................................4-5

Modify Variables can cause Shutdown ............................................................................4-7

Limiting Access through ES..............................................................................................4-8

Password Protection.........................................................................................................4-8

Safety Program and CPU Passwords should be different ...............................................4-9

Authorized use of Password...........................................................................................4-10

Compiler Generated Values off-limits...............................................................................5-5

Comparison Changes Signature ......................................................................................5-6

Symbol Table Entries for F-Blocks cannot be changed .................................................5-10

Do not change automatically inserted F-Control Blocks. ...............................................5-11

Incorrect changes to fail-safe blocks input parameters may result in the

Safety Program and its outputs being disabled. .............................................5-12

During simulation of Input Channels the Simulation value is always available

on the block’s output. ......................................................................................5-22

Automatic Reintegration may not always be possible....................................................5-25

Startup Protection to handle short power failures in the F-I/O. ......................................5-26

Automatic Reintegration through F_QUITES.................................................................5-27

Default MAX_CYC..........................................................................................................5-30

Safety Program must be re-compiled if S7 connections used for CPU-CPU

Communication have changed........................................................................5-32

Use F_LIM_R for plausibility check of standard to F-data conversion...........................5-37

When Deactivating Safety Mode....................................................................................5-40

F-Blocks outputs’ always use the preset initial values. ..................................................5-44

Safety Program on Memory Card...................................................................................5-48

Downloading...................................................................................................................5-49

OB Cycle Times Changes Restricted.............................................................................5-50

Password Protection Level............................................................................................. 5- 54

Download Operation Aborted.........................................................................................5-55

Safety Program disable if change to failsafe outputs.....................................................5-56

ES changes can change signature.................................................................................5-56

Simulation Warning (V5.0 and below) ............................................................................5-59

Simulation Warning (V5.1 and above)............................................................................5-61

Allowable F Control Block comparison changes............................................................5-75

Checking online comparison output ...............................................................................5-76

Simulation of PROFIsafe devices not permitted...............................................................6-1

Duplicate Masters must be avoided .................................................................................6-2

Safety measures must be followed...................................................................................6-2

Pulse Detection.................................................................................................................7-9

Archive STEP 7 Projects ................................................................................................7-14

Do Not Change PAR_ID and COMPLEM parameters .....................................................8-2

Do not change automatically supplied FB inputs .............................................................8-4

Fail-safe FB numbers .......................................................................................................8-7

Fail-Safe Systems A5E00085588-03

Safety Notes

Safety Program can be installed in OB 3x ONLY.............................................................8-8

Do NOT change CRC_IMP input....................................................................................8-26

Use F_LIM_R for plausibility check of standards to F-data conversion.........................8-35

Reintegration through User Acknowledgement with F_QUITES....................................8-45

PD_FLAG not to be interconnected................................................................................8-56

F_SHUTDN in slowest configured OB............................................................................8-74

Fail-Safe Systems

x A5E00085588-03

1 Product Overview 1-1

1.1 Overview ...........................................................................................................1-1

1.2 Basic Configuration Variants.............................................................................1-4

1.3 Components of an S7 F System.......................................................................1-7

1.4 Hardware Components .....................................................................................1-8

1.5 Software Components.....................................................................................1-10

1.6 Installing the S7 F Systems Optional Package...............................................1-11

1.6.1 Getting Started Information Applicable to All Use-Case-Scenarios................1-11

1.6.2 Use-case-scenarios ........................................................................................1-12

1.7 Working with F-Systems .................................................................................1-19

2 Getting Started 2-1

2.1 Introduction........................................................................................................2-1

2.2 S7 F System - Getting Started..........................................................................2-4

2.2.1 S7 F System, Setting up the Hardware.............................................................2-4

2.2.2 Configuring the S7 F System ............................................................................2-6

2.2.3 S7 F System, Creating a Fail-Safe User Program............................................2-8

2.2.4 Starting Up the S7 F System ..........................................................................2-11

2.2.5 S7 F System, Monitoring Errors......................................................................2-12

2.3 Fault-Tolerant S7 FH System - Getting Started..............................................2-13

2.3.1 Fault-Tolerant S7 FH System, Setting Up the Hardware................................2-13

2.3.2 Configuring the Fault-Tolerant S7 FH System................................................2-15

2.3.3 Fault-Tolerant S7 FH System, Creating a Fail-Safe User Program................2-16

2.3.4 Starting Up a Fault-Tolerant S7 FH System ...................................................2-16

2.3.5 Fault-Tolerant S7 FH System, Monitoring Errors............................................2-17

3 Safety Mechanisms 3-1

3.1 Introduction to the Safety Mechanisms.............................................................3-1

3.2 Safety Mode...................................................................................................... 3-2

3.3 Fault Reactions .................................................................................................3- 3

3.4 Startup of an F-System .....................................................................................3-4

3.5 Self-Tests and Command Tests .......................................................................3-5

3.6 Logical and Timed-Based Progr am Execution Monitoring................................3-5

3.7 Fail-Safe User Times ........................................................................................3-7

3.8 Password Protection for F-Systems..................................................................3-8

3.9 Safety-Related Comm unication ........................................................................3-9

3.9.1 Communication Between the Safety Program and the

Standard User Program .................................................................................. 3-10

3.9.2 Communication Between F-Run-Time Groups...............................................3-11

3.9.3 Communication Between the F-CPU and F-I/Os............................................3-11

3.9.4 Safety-Related Communication Between F-CPUs .........................................3-12

Fail-Safe Systems A5E00085588-03

Contents

4 Configuration 4-1

4.1 Overview ...........................................................................................................4-1

4.2 Hardware Configuration and Par ameter Assignment .......................................4-1

4.3 CPU Parameter Assignment.............................................................................4- 3

4.4 Parameter Assignment of F-I/Os.......................................................................4-4

4.5 Configuring Redundant F-I/Os ..........................................................................4-6

4.6 Configuring the Network s and Connections......................................................4-6

4.7 Programming Device Functions in STEP 7......................................................4-7

4.8 Setting up, Modifying and Cancelling Access Rights........................................4-8

4.8.1 Setting up Access Rights for the CPU ..............................................................4-8

4.8.2 Entering/Changing the Password for the Safety Program................................4-9

4.8.3 Cancelling Access Rights for the Safety Program..........................................4-10

4.9 Configuration in Run .......................................................................................4-11

5 Programming 5-1

5.1 Overview ...........................................................................................................5-1

5.1.1 Structure of the Safety Program .......................................................................5-1

5.1.2 Blocks of the Safety Program............................................................................5-2

5.2 Creating Safety Programs.................................................................................5-4

5.2.1 Creating a Safety Program - Basic Procedure.................................................5-4

5.2.2 Safety Notes for Programming..........................................................................5-5

5.2.3 Defining the Program Structure.........................................................................5-7

5.2.4 Inserting CFC Charts ........................................................................................5-8

5.2.5 Inserting Run-Time Groups...............................................................................5-9

5.3 Inserting and Interconnecting Fail-Safe Blocks...............................................5-10

5.3.1 Inserting Fail-Safe Blocks ...............................................................................5-10

5.3.2 Automatically Inserted F-Blocks......................................................................5-11

5.3.3 Interconnecting and Assigning Parameters to F-Blocks.................................5-12

5.3.4 Defining the Run Sequence............................................................................5-14

5.3.5 Interconnecting F-Driver Blocks......................................................................5-16

5.3.6 Passivation and Reintegration of the Input and Output Channels..................5-24

5.3.7 Programming Startup Protection.....................................................................5-28

5.3.8 Example: Reintegration after Startup of the Safety Program..........................5-29

5.3.9 Assigning Parameters to the F Cycle Time Monitoring...................................5-30

5.3.10 Interconnecting F Communication Blocks.......................................................5-31

5.4 Processing of the Safety Program .................................................................. 5-39

5.4.1 Managing Safety Program s............................................................................. 5- 39

5.4.2 Deactivating Safety Mode ...............................................................................5-40

5.4.3 Activating Safety Mode ...................................................................................5-42

5.4.4 Compiling a Safety Program ........................................................................... 5- 43

5.4.5 Creating Fail-Safe Block Types.......................................................................5-44

5.4.6 Downloading a Safety Program ......................................................................5-47

5.4.7 Downloading the Entire Safety Program.........................................................5-48

5.4.8 Changes to the Safety Program in RUN Mode..............................................5-49

5.4.9 Downloading Changes....................................................................................5-54

5.4.10 Testing the Safety Program ............................................................................5-56

5.4.11 Testing a Safety Program Offline with S7-P LC Sim.........................................5-57

5.4.12 Changing Fail-Safe Constants in CFC Test Mode..........................................5-62

5.4.13 Displaying Information.....................................................................................5-65

5.4.14 Saving reference data.....................................................................................5-66

5.4.15 Comparing Safety Programs...........................................................................5-67

5.4.16 Logging the Safety Program ...........................................................................5-76

5.4.17 Printing the Safety Program............................................................................5-77

Fail-Safe Systems

xii A5E00085588-03

Contents

6 Operation and Maintenance 6-1

6.1 Operation and Maintenance of the F-Systems .................................................6-1

6.2 Rules for Operation...........................................................................................6-1

6.3 Working with the Safety Program .....................................................................6-2

6.4 Changing the Safety Program...........................................................................6-3

6.5 Replacing Software and Hardware Components..............................................6-4

6.6 Uninstalling the S7 F/FH System......................................................................6-5

7 Safety 7-1

7.1 Standards, Certificates and Ap prov als..............................................................7-1

7.2 Safety Requirements .........................................................................................7- 4

7.3 System Configuration........................................................................................7-7

7.4 Monitoring Times...............................................................................................7-8

7.4.1 Configuring the Monitoring Times for F/FH Systems........................................7-8

7.4.2 Calculation of the Minimum Monitoring Times................................................7-10

7.5 Acceptance of an F-System............................................................................7-14

7.5.1 Initial Acceptance of a Safety Program...........................................................7-15

7.5.2 Acceptance of Changes to the Safety Program..............................................7-20

7.5.3 Acceptance of F-Block Types .........................................................................7-22

7.5.4 Responsibilities and Qual if icati ons .................................................................7-22

8 Fail-Safe Blocks 8-1

8.1 Overview ...........................................................................................................8-1

8.1.1 Fail-Safe Blocks ................................................................................................8-1

8.1.2 F-Data Types.....................................................................................................8-2

8.1.3 Block I/Os..........................................................................................................8-4

8.1.4 Block Numbers..................................................................................................8-6

8.1.5 Installation in Cyclic Interrupt OBs....................................................................8-8

8.2 Driver Blocks for F-I/Os.....................................................................................8-9

8.2.1 F_CH_DI .........................................................................................................8-10

8.2.2 F_CH_DO........................................................................................................8-13

8.2.3 F_CH_AI..........................................................................................................8-16

8.2.4 Common Features of the Driver Blocks..........................................................8-22

8.3 Blocks for F Communication Between CPUs..................................................8-25

8.3.1 F_SENDBO.....................................................................................................8-27

8.3.2 F_RCVBO .......................................................................................................8-29

8.3.3 F_SENDR........................................................................................................8-31

8.3.4 F_RCVR..........................................................................................................8-33

8.4 Blocks for Converting Data .............................................................................8-35

8.4.1 F_BO_FBO......................................................................................................8-36

8.4.2 F_I_FI..............................................................................................................8-37

8.4.3 F_R_FR...........................................................................................................8-38

8.4.4 F_TI_FTI..........................................................................................................8-39

8.4.5 F_FBO_BO......................................................................................................8-40

8.4.6 F_FI_I..............................................................................................................8-41

8.4.7 F_FR_R...........................................................................................................8-42

8.4.8 F_FR_FI..........................................................................................................8-43

8.4.9 F_FTI_TI..........................................................................................................8-44

8.4.10 F_QUITES.......................................................................................................8-45

8.5 F-System Blocks .............................................................................................8-47

8.5.1 F_S_BO...........................................................................................................8-48

8.5.2 F_R_BO ..........................................................................................................8-49

8.5.3 F_S_R.............................................................................................................8-51

8.5.4 F_R_R.............................................................................................................8-52

Fail-Safe Systems A5E00085588-03

xiii

Contents

8.5.5 F_START ........................................................................................................8-54

8.6 F Control Blocks..............................................................................................8-55

8.6.1 F_CYC_CO.....................................................................................................8-56

8.6.2 F_M_DI8..........................................................................................................8-58

8.6.3 F_M_DI24........................................................................................................8-61

8.6.4 F_M_DO8........................................................................................................8-64

8.6.5 F_M_DO10......................................................................................................8-66

8.6.6 F_M_AI6..........................................................................................................8-68

8.6.7 F_PLK .............................................................................................................8-70

8.6.8 F_PLK_O.........................................................................................................8-71

8.6.9 F_SHUTDN.....................................................................................................8-72

8.6.10 F_TEST...........................................................................................................8-77

8.6.11 F_TESTC ........................................................................................................8-78

8.6.12 F_TESTM........................................................................................................8-79

8.6.13 DB_RES..........................................................................................................8-80

8.6.14 DB_INIT...........................................................................................................8-81

8.6.15 FAIL_MSG.......................................................................................................8-82

8.6.16 RTG_LOGIC....................................................................................................8-83

8.6.17 SFC F_CTRL...................................................................................................8-84

8.7 Logic Blocks with the BOOL Data Type..........................................................8-85

8.7.1 F_AND4...........................................................................................................8-85

8.7.2 F_OR4.............................................................................................................8-87

8.7.3 F_XOR2 ..........................................................................................................8-88

8.7.4 F_NOT.............................................................................................................8-89

8.7.5 F_2OUT3.........................................................................................................8-89

8.7.6 F_XOUTY........................................................................................................8-91

8.8 Comparison Blocks for Two Input Values of the Same Type .........................8-92

8.8.1 F_LIM_HL........................................................................................................8-92

8.8.2 F_LIM_LL........................................................................................................8-94

8.8.3 F_2oo3_R........................................................................................................8-96

8.8.4 F_1oo2_R........................................................................................................8-98

8.9 Flip-Flop Blocks.............................................................................................8-100

8.9.1 F_RS_FF.......................................................................................................8-100

8.9.2 F_SR_FF.......................................................................................................8-102

8.10 IEC Pulse and Counter Blocks......................................................................8-103

8.10.1 F_CTUD........................................................................................................8-103

8.10.2 F_TP..............................................................................................................8-105

8.10.3 F_TON...........................................................................................................8-107

8.10.4 F_TOF...........................................................................................................8-109

8.11 Pulse Blocks..................................................................................................8-111

8.11.1 F_F_TRIG .....................................................................................................8-111

8.11.2 F_R_TRIG.....................................................................................................8-112

8.11.3 F_LIM_TI.......................................................................................................8-113

8.12 Arithmetic Blocks with the INT Data Type.....................................................8-114

8.12.1 F_LIM_I.........................................................................................................8-114

8.13 Arithmetic Blocks with the REAL Data Type.................................................8-115

8.13.1 F_ADD_R......................................................................................................8-115

8.13.2 F_SUB_R......................................................................................................8-116

8.13.3 F_MUL_R......................................................................................................8-117

8.13.4 F_DIV_R........................................................................................................8-118

8.13.5 F_ABS_R ......................................................................................................8-119

8.13.6 F_MAX3_R....................................................................................................8-120

8.13.7 F_MID3_R.....................................................................................................8-121

8.13.8 F_MIN3_R.....................................................................................................8-122

Fail-Safe Systems

xiv A5E00085588-03

Contents

8.13.9 F_LIM_R........................................................................................................8-123

8.13.10 F_SQRT........................................................................................................8-124

8.13.11 F_AVEX_R....................................................................................................8-125

8.13.12 F_SMP_AV....................................................................................................8-127

8.14 Multiplex Blocks ............................................................................................8-128

8.14.1 F_MUX2_R....................................................................................................8-128

8.15 Error Handling...............................................................................................8-129

8.15.1 Error Handling of Driver Blocks.....................................................................8-130

8.15.2 Error Information at the Outputs of the Driver Blocks...................................8-132

8.15.3 Errror Information in the Diagnostic Buffer....................................................8-134

8.15.4 Error Information at the Output RETVAL ......................................................8-140

8.16 Run Times.....................................................................................................8-141

8.16.1 Run Times of the Fail-Safe Blocks................................................................8-141

A Check Lists A-1

A.1 Life Cycle of the Fail-Safe Programmable Controllers..................................... A-1

A.2 Check List of the Certified Modules ................................................................. A-5

A.3 Check List of the Certified F-Blocks.................................................................A-7

A.4 Check List of the Safety Parameters of the F-Drivers ................................... A-10

B References B-1

Glossary Glossary-1

Index Index-1

Fail-Safe Systems A5E00085588-03

Contents

Fail-Safe Systems

xvi A5E00085588-03

1 Product Overview

1.1 Overview

SIMATIC S7 F/FH Systems

The S7 F/FH Programmable Controllers (F-Systems) are used in systems with increased safety requirements. The aim of the S7 F/FH System is to control processes that can immediately be returned to a safe state. In other words, when these processes are suddenly shut down, it represents no danger to either man or the environment.

Safety Requirements

The S7 F/FH System fulfills the following safety requirements:

• Requirement classes AK1 to AK6 in accordance with DIN V 19250/DIN V VDE 0801

• SIL1 to SIL3 (Safety Integrity Level)

• Categories 1 to 4 in accordance with EN 954-1

Principle Behind the Safety Functions

Fail-safe behavior is achieved by means of safety functions primarily in the software. Safety functions are executed by the S7 F/FH programmable controller in order to return the system to a safe state, or keep it in a safe state when a hazardous event occurs.

The safety function for the process can be executed by means of a user safety function or a fault reaction function. If the F-System can no longer execute its actual user safety function in the event of a fault, it executes the fault reaction function. For example, the associated outputs are switched off and the Safety Program or parts of the Safety Program are disabled, if necessary.

For example: The F-System has to open a valve when there is excess pressure (user safety function). In the event of a dangerous fault occurring in the CPU, all the outputs are switched off (fault reaction function), thus opening the valve and returning the other actuators to a safe state valve would be opened.

in accordance with IEC 61508

. If the F-System were intact, only the

Fail-Safe Systems A5E00085588-03

1-1

Product Overview

The safety functions are primarily incorporated in the following components:

• In the safety-related user program on the central processing unit

• In the fail-safe input/output modules

Safety and Availability

To increase the availability of the automation system and consequently avoid process downtimes as a result of failures in the F-System, fail-safe systems can be optionally configured for high availability (fault tolerance). This increased availability can be achieved by means of redundant components (power supply, central processing unit and communication and I/O systems).

The fail-safe and fault-tolerant S7 F/FH Systems allow production to continue without causing any harm to people or the environment.

Use in Process Engineering

The figure below shows integration options for the S7 F/FH Systems in process automation systems with PCS 7.

Fail-Safe Systems

1-2 A5E00085588-03

Product Overview

Operator Stations (OS)

Central engineering system (ES)

S7 F Sys

F-SMs

Standard SMs

ET 200M ET 200M

Standard SMs

ET 200S

Standard SMs

...

Standard Ethernet

Industrial Ethernet or PROFIBUS

S7-400H S7 FH Sys S7-400 Standard

F-SMs

ET 200M ET 200M

Boiler prot. Emerg. stop

Burner, coal mill

Fail-Safe Systems A5E00085588-03

1-3

Product Overview

7 F System

safe signal modules

1.2 Basic Configuration Variants

This section describes the two basic configuration variants of F-Systems:

• Fail-safe S7 F System

• Fail-safe, fault-tolerant S7 FH System

S7 F System

The S7 F System is a fail-safe automation system consisting of at least the following components:

• An F-capable CPU module such as CPU 417-4 H that can run a fail-safe (F) user program

• One or more fail-safe inputs/outputs (F-I/Os) in a distributed I/O device (redundancy optional)

The following figure shows the hardware and software components of an F System.

modules.

You can expand the configuration with standard S7-400 and S7-300

Operator Station (system visualization)

Programming device

Programmable controller S

ET 200M distributed I/O device Fail-

(optionally redundant)

ET 200M distributed I/O device Standard modules (optionally redundant)

ET 200S distributed I/O device Standard modules

Fail-Safe Systems

1-4 A5E00085588-03

Product Overview

S7 FH System

The S7 FH System is a fail-safe, fault-tolerant automation system consisting of at least the following components:

• A fault-tolerant S7 400H system (master and standby) running a fail-safe (F)

• One or more fail-safe inputs/outputs (F-I/Os) in a distributed I/O device

The following figure shows an example of an S7 FH configuration with a redundant CPU, shared, switched distributed I/O modules connected via a redundant system bus.

user program

(redundancy optional)

Redundant system bus (PROFIBUS or Ethernet)

Operator station (System visualization)

Redundant PROFIBUS - DP

Programmable controller

S7 FH System

ET 200M distributed I/O device Fail - safe signal modules (optionally redundant)

ET 200M distributed I/O device Standard modules (optionally redun dant)

Fail-Safe Systems A5E00085588-03

1-5

Product Overview

Combination of Standard, Fault-Tolerant and Fail-Safe Components

Standard, fault-tolerant (H) and fail-safe (F) components and systems can be used together as follows:

• Standard systems, H systems, F Systems and FH Systems can be used together in a single system.

• Standard modules and F-I/Os can be used together in a single automation system.

• A safety-related F user program can be run together with a non-safety-related standard user program in a fail-safe (F) or fail-safe, fault-tolerant (FH) system.

The fact that fail-safe (F), fault-tolerant (H) and standard components can be combined has the following advantages:

• You can set up a fully integrated automation system in which you can make use of the innovation of the standard CPUs and, at the same time, use fail-safe components independently of standard components such as FMs or CPs. You can configure and program the whole system using standard tools such as HWCONFIG and CFC.

• The fact that you can combine standard and fail-safe program parts in a single CPU reduces acceptance costs because only fail-safe program parts are subject to acceptance procedures. Maintenance costs can also be reduced by locating as many functions as possible in the standard section, which can be modified during operation.

Fail-Safe Systems

1-6 A5E00085588-03

Product Overview

1.3 Components of an S7 F System

The figure below shows the hardware and software components required for the configuration and operation of the S7 F.

S7 F programmable controller

F user program

Programming device

Optional package S7 F Systems with

•

Configuration tool

•

F library

•

Safety program editing

F run - time license

distributed I/O device (optionally redundant)

F - I /Os

Interaction of the Components

The S7 F System consists of hardware and software components that have to be combined with one another in order to configure an S7 F System.

Wiring the F-I/Os

The F-I/Os must be wired with the sensors and actuators in such a way as to ensure that the desired safety level can be achieved.

Configuring the Hardware

The configuration set using HWCONFIG must correspond to the hardware configuration; in other words, the circuit diagram of the I/O system must be reflected in the parameter settings. The F-capable CPU must be configured.

Creating the F User Program

You create the fail-safe user program in CFC using fail-safe blocks from the "Failsafe Blocks" library. For the connection to the F-I/Os you use F Channel and Module driver blocks, to which you have to assign parameters. Some of the parameters are assigned automatically as a result of the hardware configuration of the F-I/Os.

When the executable F user program is generated, safety tests are carried out automatically and additional fault detection functions incorporated.

Fail-Safe Systems A5E00085588-03

1-7

Product Overview

Compatibility of standard and fail-safe components in a programmable logic controller

If you use a safety protector in the ET 200M, then you can operate fail-safe signal modules with the S7-300 standard signal modules in an ET 200M even in safety mode in SIL 3.

The safety protector protects the fail-safe signal modules from possible overvoltage in the event of a fault. To do this, the fail-safe signal modules must be inserted in the ET 200M configuration to the right of the safety protector, and all the standard signal modules must be inserted to the left of the safety protector.

1.4 Hardware Components

An F System consists of hardware components that fulfill certain safety requirements, such as:

• A CPU such as the CPU 417-4H with an F-Copy License

• F-I/Os

You can also expand the F System with standard components.

F-Capable CPUs

For S7 F/FH Systems, the CPU (e.g. the CPU 417-4 H as of V2.0) with an F-Copy License is used either individually or as a fault-tolerant master/standby system. The F-Copy License permits you to use the CPU as an F-CPU (i.e. to run a failsafe user program on it).

An F-capable CPU is a CPU that is approved for use in the S7 F/FH. It only becomes an F-CPU if there is an F user program running on it. Otherwise, a standard S7 program runs on the CPU. A combination of standard and F user programs is possible because the safety-related data of the F user program is protected from the influence of non-safety-related data. The CPU must be configured as an F-CPU in this case as well.

Safety-relevant sections of the user program must be password-protected on the CPU and in the ES/programming device against unauthorized access. In addition, comprehensive self-tests run on the CPU. These ensure a high rate of fault detection.

F-I/Os

The following F-I/Os are available: For ET 200M:

• SM 326; DI 24 x 24 V DC; with Diagnostic Interrupt

• SM 326; DI 8 x NAMUR; with Diagnostic Interrupt

• SM 326; DO 10 x 24 V DC/2A, with Diagnostic Interrupt

• SM 336; AI 6 x 13Bit, with Diagnostic Interrupt

Fail-Safe Systems

1-8 A5E00085588-03

Product Overview

ET 200M F-I/Os can be used in a single-channel or redundant configuration: Please refer to the manual: Automation System S7-300 Fail-Safe Signal Modules’

For ET 200S:

• PM-E F 24 VDC PROFIsafe Power Module

• 4/8 F-DI 24 VDC PROFIsafe Digital Electronic Mod ul e

• 4 F-DO 24 VDC/2 A PROFIsafe Digital Electronic Module

• PM-D F PROFIsafe Power Module

Please refer to the manual: ET 200S Distributed I/O System, Fail-Safe Modules

Standard Components

The restrictions for fault-tolerant systems apply to the use of standard components. You will find the restrictions for standard components in safety mode of fail-safe

signal modules in the safety information in Chapter 3 of the "S7-300 Programmable Controller, Fail-Safe Signal Modules".

Additional Information

You can find detailed descriptions of the hardware components for the S7 F/FH Systems in the following manuals:

• S7-400, M7-400 Programmab le Con tr ol lers , Insta llati on and Modu le Data

• S7-400H Programmable Controller, Fault-Tolerant Systems

• S7-300 Programmable Controller, Fail-Safe Signal Modules

• ET 200S Distributed I/O System, Fail-Safe Modules

Fail-Safe Systems A5E00085588-03

1-9

Product Overview

1.5 Software Components

The S7 F Systems have the following software components:

• S7 F Systems (Programming)

• S7 F Configuration Pack (Configuration of the F-I/O’s)

• The fail-safe user program (F user program) on the CPU

The S7 F Systems Optional Package

The S7 F Systems optional package is available for the configuration and programming of the S7 F System. This gives you:

• Support for the configuration of the F-I/Os with HWCONFIG.

• The "Failsafe Blocks" library for the programming of fail-safe user programs.

• Support for the processing of the F user program and for the integration of fault

detection functions in the F user program.

Fail-Safe User Program

A fail-safe user program is referred to below simply as a Safety Program. You create Safety Programs with CFC using the fail-safe blocks contained in a

library shipped with the S7 F Systems optional package. The fail-safe blocks contain fault detection and fault reaction functions, as well as functions for programming safety functions. In other words, they ensure that failures and faults are detected and that an appropriate reaction is initiated that will keep the Fsystem in a safe state or return it to a safe state.

The user program on the CPU can be made up of safety-related sections (Safety Program) and not safety-related sections (Standard Program). The Safety Program is written in separate CFC charts. A combination of F and standard blocks in one chart is not permissible and is detected during compilation. Data transfers between the standard and the Safety Program are carried out via conversion blocks.

During compilation, certain fault detection and fault reaction functions are automatically added to the Safety Program. The S7 F Systems optional package also provides functions for comparing Safety Programs and supporting the acceptance of Safety Program s .

Additional Information

You can find detailed information in the following sections.

• Configuration

• Programming

• Fail-Safe Blocks

and in the context-sensitive help information.

Fail-Safe Systems

1-10 A5E00085588-03

Product Overview

1.6 Installing the S7 F Systems Optional Package

Before using an existing project with S7 F Systems V5.2, please read this entire section which provides you with:

• getting started information applicable to the three use-case-scenarios described below.

• the three use-case-scenarios are as follows, please select the one that best suits your needs:

1. Compiling/editing current projects based on Failsafe Blocks (V1_1) a. Upgrading a PC/Programming Device/Workstation containing S7 F

Systems V5.1 Optional Package

b. Installing S7 F Systems V5.2 Optional Package on a new

PC/Programming Device/Workstation

2. Upgrading current projects based on Failsafe Blocks (V1_1) to Failsafe Blocks (V1_2)

3. Modifying or creating projects based on Failsafe Blocks (V1_2)

1.6.1 Getting Started Information Applicable to All Use-Case-Scenarios

Installing the Optional Package

1. Start the PC/Programming Device/Workstation that has the STEP 7 basic software package installed. Make sure that there are no open STEP 7 applications.

2. Insert the optional package product CD.

3. Run the SETUP.EXE program on the CD.

4. Follow the setup program instructions.

Reading the Readme File

The readme file (S7 F Systems – Readme) contains important, up-to-date information about the software. You can display this file on completion of the setup program, or open it later using the Start > Simatic > Product Notes > English menu command. It is located in the S7ftl directory of STEP 7.

Starting the Optional Package

The optional package does not contain any applications that have to be started explicitly. Support for configuration and programming of the F-Systems is integrated in SIMATIC Manager, HWCONFIG and CFC.

Fail-Safe Systems A5E00085588-03

1-11

Product Overview

Displaying the Integrated Help System

Context-sensitive help information is available for the optional package dialog boxes. Help can be displayed at any time during configuration or programming by pressing F1, or clicking the Help button. You can obtain more help information by choosing the Help > Contents > Calling Help on Optional Packages > S7-

400F/FH – Working with F Systems.

Authorization

Authorization is required for the S7 F Systems optional package. Authorization can be installed in the same way as STEP 7 and the optional packages. You can find information on how to install and work with the authorization component in the readme file and in STEP 7’s main help system.

Note

SIMATIC S7 F Systems V5.0 lic en se al so su pports V5.2

F-Copy License

An F-Copy License permits you to use the CPU as an F-CPU (e.g. to run a Safety Program on it).

1.6.2 Use-case-scenarios

Scenario 1: Compiling/Editing Current Projects based on Failsafe Blocks (V1_1)

1. a. Upgrading From S7 F-Systems V5.1 to S7 F-Systems V5.2 to Support Failsafe Blocks (V1_1) Projects

Use this scenario if you have: An existing PC/Programming Device/Workstation with S7 F Systems V5.1 Optional

Package installed, and you wish to use existing projects based on Failsafe Blocks (V1_1).

Fail-Safe Systems

1-12 A5E00085588-03

Product Overview

Software Requirements

The following software packages must be installed on the PC/programming device in order to use, modify, or create projects based on Failsafe Blocks (V1_1) library with S7 F Systems V5.2:

• S7 F Systems V5.2

• STEP 7 V5.1.3 or higher

• CFC V5.2.4

• S7 H Systems Optional Package V5.1or higher (required for S7 FH Systems)

Procedure

If S7 F Systems V5.1 is already installed, the projects based on Failsafe Blocks (V1_1) library are supported without an y addit ional pr oc ed ures .

1.b. Installing S7 F Systems V5.2 on a New PC to Support Failsafe Blocks (V1_1) Projects

Use this scenario if you have: Purchased a new PC/Programming Device/Workstation, and you wish to use

projects based on Failsafe Blocks (V1_1) library.

Software Requirements

The following software packages must be installed on the PC/programming device in order to use, modify, or create projects based on Failsafe Blocks (V1_1) library with S7 F Systems V5.2:

• S7 F Systems V5.2

• STEP 7 V5.1.3 or higher

• CFC V5.2.4

• S7 H Systems Optional Package V5.1or higher (required for S7 FH Systems)

Procedure

1. If S7 F Systems V5.2 is installed, uninstall it.

2. Install S7 F Systems V5.1

3. Install S7 F Systems V5.2

4. If you had PCS7 Driver Blocks or PCS7 Library installed, you must also install

Fail-Safe Systems A5E00085588-03

these.

1-13

Product Overview

Scenario 2: Upgrading Failsafe Blocks (V1_1) Projects to Failsafe Blocks (V1_2)

Use this scenario if you wish to: Upgrade current projects based on Failsafe Blocks (V1_1) to the new Failsafe

Blocks (V1_2) library contained in S7 F Systems V5.2. You must have the minimum software requirements to allow this.

Software/Firmware Requirements

The following software packages must be installed on the PC/Programming Device/Workstation in order to upgrade projects based on Failsafe Blocks (V1_1) library to Failsafe Blocks (V1_2):

• S7 F Systems V5.2

• STEP7 V5.2 or higher

• S7 H Systems Optional Package V5.1 or higher (required for S7 FH Systems)

• CFC V5.2.4

• CPU S7-417F/FH V3.1 or higher

ET 200S fail-safe module drivers are available, but this requires CFC V6.0.

Fail-Safe Systems

1-14 A5E00085588-03

+ 324 hidden pages

Siemens SIMATIC S7 F, SIMATIC S7 FH User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Important Information

Safety Notes

Contents

1 Product Overview

1.1 Overview

1.2 Basic Configuration Variants

1.3 Components of an S7 F System

1.4 Hardware Components

1.5 Software Components

1.6 Installing the S7 F Systems Optional Package

1.6.1 Getting Started Information Applicable to All Use-Case-Scenarios

1.6.2 Use-case-scenarios