Download

Remote I/O system u-remote
Modules for functional safety manual (Original)
Letʼs connect.
Content
1
1.1
1.2
1.3
About this documentation
Symbols and notes
Complete documentation
Standard process data
2Safety
2.1 General safety notice
2.2 Intended use
2.3 Use in a potentially explosive atmosphere
2.4 Achieving the safety level
2.5 Legal notice
3
3
3
4
5
5
6
6
6
7
3
3.1
3.2
3.3
3.4
3.5
3.6
System description safe I/O modules
Sample design
Transition diagramm
Current-/voltage characteristic of inputs
Registration of safe I/O modules on the safety control
Safety address
Operation with and without test pulses
9
9
10
10
11
11
12
4
4.1
4.2
4.3
4.4
4.5
4.6
System description safe power-feed modules
Sample design
Transition diagramm Modules switchable by PF-O-xDI-SIL Configuration
Switch-off delay time
Operation with and without test pulses
13
14
15
16
16
17
17
5
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
Detailed descriptions of safe modules
General technical data Data width dependent on the coupler used
Digital in- and output module UR20-4DI-4DO-PN-FSOE
Digital input module UR20-8DI-PN-FSOE
Digital in- and output module UR20-4DI-4DO-PN-FSPS
Digital input module UR20-8DI-PN-FSPS
Safe power-feed module UR20-PF-O-1DI-SIL
Safe power-feed module UR20-PF-O-2DI-SIL
Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
19
19
20
21
28
34
41
47
52
57
6
Installation and replacement
7
7.1
7.2
7.3
63
Example applications
Example applications for safe I/O modules
Dual-channel emergency stop monitoring
Dual-channel light curtain monitoring (AOPD type 4) and emergency
stop monitoring
7.4 Dual-channel emergency stop and cable-pull switch monitoring
7.5 Dual-channel safety door monitoring with automatic reset and
emergency stop
7.6 Safety mat
7.7 Dual-channel 2-hand monitoring with automatic start
7.8 Dual-channel safety door monitoring with magnetic switch,
automatic reset and emergency stop
7.9 Dual-channel safety door monitoring, spring-operated interlock
with manual reset and emergency stop
7.10Dual-channel safety door monitoring, magnetically operated interlock
with manual reset and emergency stop
7.11 Dual-channel safety door monitoring with proximity sensors,
automatic reset and emergency stop
7.12Dual-channel safety door monitoring, spring-operated interlock,
controlled shutdown with manual reset and emergency stop
7.13 Dual-channel safety door monitoring with automatic reset and
controlled shutdown and emergency stop
7.14 Cascading
65
65
67
8
8.1
8.2
LED displays and troubleshooting
Safe I/O modules
Safe power-feed modules
81
81
83
9
9.1
9.2
Accessories and replacement parts
Accessories
Replacement parts
85
85
85
ANNEX
Checklist for the use of u-remote safety modules
EC Declaration of Conformity
TÜV Certificate
68
69
70
71
72
73
74
75
76
77
78
79
A-2
A-5
A-7
Manufacturer
Weidmüller Interface GmbH & Co. KG
Klingenbergstraße 16
32758 Detmold, Germany
Phone +49 5231 14-0
Fax
+49 5231 14-292083
[email protected]
www.weidmueller.com
Document No. 1484600000
Revision
02/September 2015
2
u-remote Modules for functional safety manual
1484600000/02/09.2015
1 About this documentation | Symbols and notes
1
About this documentation
1.1
Symbols and notes
The safety notices in this documentation are designed
according to the severity of the danger.
The situation-dependent safety notices may contain the following warning symbols:
Symbol
Warning against hazardous electrical
voltage
DANGER
Imminent risk to life!
Notes with the signal word “Danger” warn
you of situations which will result in serious
injury or death if you do not follow the instructions given in this manual.
Warning against explosive atmospheres
Warning against electromagnetic fields
Warning against electrostatically charged
components
WARNING
Possible danger to life!
Notes with the signal word “Warning” warn
you of situations which may result in serious
injury or death if you do not follow the instructions given in this manual.
Warning against automatic startup
Instruction: wear conductive footwear
CAUTION
Instruction: disconnect before working
Risk of injury!
Notes with the signal word “Caution” warn
you of situations which may result in injury
if you do not follow the instructions given in
this manual.
ATTENTION
Material damage!
Notes with the signal word “Attention” warn you of hazards
which may result in material damage.
Text next to this arrow are notes which are
not relevant to safety, but provide important
information about proper and effective work
procedures.
1484600000/02/09.2015
Meaning
Instruction: unplug before opening
Instruction: observe the documentation
▶▶ All instructions can be identified by the black triangle
next to the text.
–– Lists are marked with a tick.
1.2
Complete documentation
u-remote Modules for functional safety manual
This manual contains product-specific
information and notes about the use of
u-remote safe modules. It supplements but
does not replace the u-remote manual. The
manual is available to download on the
Weidmüller website.
3
1 About this documentation | Complete documentation
4
u-remote Modules for functional safety manual
1484600000/02/09.2015
2 Safety | General safety notice
2
Safety
This section includes general safety instructions for handling
the u-remote system. Specific safety instructions for specific
tasks and situations are given at the appropriate places in
the documentation.
2.1
General safety notice
Work on the u-remote products may only be performed by
qualified electricians with the support of trained persons.
As a result of their professional training and experience, an
electrician is qualified to perform the necessary work and
identify any potential risks.
Before any work is carried out on the products (installation, maintenance, retrofitting), the power supply must be
switched off and secured against being switched on again.
Work may be carried out with safety extra-low voltage.
When working during continued operations, the emergency
stop mechanisms must not be made ineffective.
If a malfunction on a u-remote product cannot be fixed after
following the recommended measures (see the chapter 7),
the product in question must be sent back to Weidmüller.
Weidmüller assumes no liability If the base or electronic
module has been tampered with!
Electrostatic discharge
u-remote products can be damaged or destroyed by electrostatic discharge. When handling the products, the necessary safety measures against electrostatic discharge (ESD)
according to IEC 61340-5-1 and IEC 61340-5-2 must be
observed.
All devices are supplied in ESD-protected packaging. The
packing and unpacking as well as the installation and disassembly of a device may only be carried out by qualified personnel and in accordance with the ESD information.
Fusing
If safe I/O modules or safe power-feed modules are installed
within a u-remote station, a SELV/PELV power supply has to
be applied to ensure the safety functions.
The operator must set up the equipment so that it is protected against overloading. The upstream fuse must be designed
such that it does not exceed the maximum load current. The
maximum permissible load current of the u-remote components can be found in the technical data.
To meet UL-specifications in accordance with UL 248-14,
a UL-certified automatic fuse (e.g. ABB Type S201-B16)
or a 8 A fuse with a medium time-lag (e.g. ESKA Part No.
522.226) must be used.
All connections of the u-remote components are protected
against voltage pulses and overcurrent in accordance with
IEC 61131-2, Zone B. The operator has to decide whether
additional overvoltage protection according to IEC 62305
is required. Voltages that exceed +/-30 V may cause the destruction of couplers and modules.
A feed-in power supply with secure isolation must be used.
Earthing (functional earth FE)
Each u-remote I/O module is fitted with an FE spring on the
underside which creates an electrical connection to the DIN
rail. In order to establish a secure connection, the assembly
must be carried out carefully in accordance with the instructions (see chapter 7 of the u-remote manual). The module is
earthed by connecting the DIN rail to the protective earth via
the earth terminal.
Shielding
Shielded lines are to be connected with shielded plugs and
fixed on a shield bus in compliance with the relevant standard (see u-remote manual, chapter 8).
Open equipment
u-remote products are open equipment that may only be installed and operated in lockable housings, cabinets or electrical operations rooms. Only trained and authorised personnel
may access the equipment.
For applications requiring functional safety, the surrounding
housing must meet at least IP54.
The standards and guidelines applicable for the assembly
of switch cabinets and the arrangement of data and supply
lines must be complied with.
1484600000/02/09.2015
u-remote Modules for functional safety manual
5
2 Safety | Intended use
2.2
Intended use
2.4
The products of the u-remote series are intended for use in
industrial automation. A u-remote station with bus coupler
and connected modules is intended for the decentralised
control of systems or sub-systems. All modules of a station
are integrated into a fieldbus structure and connected to
the superordinate control unit via the fieldbus coupler. The
u-remote safe I/O modules (UR20-*FS*) as well as the safe
power-feed modules (PF-O-xDI-SIL) are intended for connecting equipment providing functional safety. Therefore safe I/O
modules must be operated via a safety control.
The u-remote products conform to protection class IP 20 (in
accordance with DIN EN 60529), they can be used in potentially explosive atmospheres rated as Zone 2 (as per Directive
94/9/EC).
The observance of the supplied documentation is part of the
intended use. The products described in this manual may
only be used for the intended applications and only in connection with certified third-party devices or components.
2.3
Use in a potentially explosive atmosphere
If u-remote products are used in potentially explosive atmospheres, the following notes are also applicable:
–– Staff involved in assembly, installation and operation must
be qualified to perform safe work on electrical systems
protected against potentially explosive atmospheres.
–– For applications in potentially explosive atmospheres, the
requirements according to IEC 60079-15 must be
observed.
–– The housing enclosing must be ATEX/IECEx certified
meeting the requirements of protection class IP 54,
accessible only by use of a tool.
–– The housing enclosing must meet the requirements of
explosion protection type Ex n or Ex e.
–– Sensors and actuators that are located in Zone 2 or in a
safe zone can be connected to the u-remote station.
–– Devices are for use in an area of not more than pollution
degree 2 in accordance with EN 60664-1.
–– Provision shall be made to prevent the rated voltage from
being exceeded by transient disturbances of more than
140% of the rated voltage.
–– When the temperature under rated conditions exceeds
70 °C at the conductor or conduit entry point, or 80 °C at
the contact, the temperature specification of the selected
cable shall be in compliance with the actual measured
temperature values.
–– A visual inspection of the u-remote station is to be performed once per year.
6
Notes on functional safety
Safety Integrity Level (SIL)
The safety requirements necessary for the safety functions
of an application are determined in a risk analysis. Here, the
probability of the safety functions failing is important. In an
operating mode with a high rate of demand or continuous
demand, the probability of dangerous failure per hour (PFH)
must be taken into consideration, whereas in an operating
mode with a lower rate of demand, the probability of dangerous failure on demand (PFD) must be taken into consideration. According to IEC 61508 and IEC 62061, the safety
requirements are graded by the failure limit values as follows:
Safety requirements by failure limit values
PFD
PFH
SIL 3
< 10
< 10-7
SIL 2
≥ 10-3 to < 10-2
≥ 10-7 to < 10-6
SIL 1
≥ 10-2 to < 10-1
≥ 10-6 to < 10-5
-3
Performance level (PL)
According to DIN EN ISO 13849-1, the degree to which a
safety function contributes to risk minimisation is defined
as the performance level. A distinction is made between the
five levels PLa to PLe with an increasing contribution to risk
minimisation.
Safety categories
Safety categories according to DIN EN ISO 13849-1 describe
a minimum level of applicable safety and to what extent
monitoring is required.
Category B: The safety-related components of machine
controls and/or their safety equipment as well as their
components must be designed, selected, assembled and
combined to the state of the art such they can withstand the
expected conditions.
Category 1: The requirements of Category B must be met.
Use of proven safety-related components.
Category 2: The requirements of Category B must be met
with the use of proven safety principles. The safety functions
must be verified by the machine controls at suitable intervals
(depending on the application and the type of machine).
Category 3: The requirements of Category B must be met
with the use of proven safety principles. Controls must be designed so that a single failure in the control system does not
lead to a loss of safety function(s), and whenever reasonably
practicable, the single failure shall be detected with suitable
means which meet the state of the art.
Category 4: The requirements of Category B must be met
along with the use of proven safety principles. Controls must
u-remote Modules for functional safety manual
1484600000/02/09.2015
2 Safety | Legal notice
be designed so that a single failure in the control system
does not lead to a loss of safety function(s), and whenever
reasonably practicable, a single failure is detected during or
prior to the next demand upon the safety function, or if this
is not possible, an accumulation of faults does not lead to
the loss of the safety function(s).
Requirements on sensors / signal generators
The sensors / signal generators being connected must meet
the following requirements:
–– Only signal generators that are suited for the respective
required safety level may be used.
–– Positively opening control switches must be used in
accordance with IEC 60947-5-1 (designated with this
).
symbol:
–– Only use components that have been proven in operation.
–– Depending on the established risk level, switches (e.g. for
position monitoring) may have to have a redundant
design.
–– Depending on the required safety level, control devices
may have to have a redundant design. In this regard,
make sure to take into account the applicable C standards.
2.5
Legal notice
The u-remote series products are CE-compliant in accordance with Directive 2004/108/EC (EMC Directive) and
Directive 2006/95/EC (Low Voltage Directive). They also
meet the requirements of the ATEX Directive 94/9/EG.
1484600000/02/09.2015
u-remote Modules for functional safety manual
7
8
u-remote Modules for functional safety manual
1484600000/02/09.2015
3 System description of safe I/O modules | Sample design
3
System description of safe I/O modules
This chapter contains product-specific information and notes about the use of safe I/O modules. Please also observe the system description in the u-remote manual.
The u-remote system provides safe I/O modules for both
safety protocols Fail safe over EtherCAT (FSOE) and
PROFIsafe. Attached to a safety control they enable the
selective switching off of plant devices.
Single channel architectures (1oo1) as well as dual channel
architectures (1oo2) can be realised with the safe inputs and
outputs, also mixed operation is possible. In case of failure of
the safety control the modules change into the safe status.
Safety function
The safety function of the safe I/O modules is that the informations of the inputs (type 3 according to EN 61131-2,
N-switching respectively) are being transferred to the safety
control via a black channel. Vice versa the informations from
the safety control are being transferred to the outputs.
A safe input will send the input information “false” to the
safety control if a signal is within the inactive range or a fault
has been detected.
The safe outputs will be deactivated if the output information
“false” is sent from the safety control or a fault has been detected (safe status see technical data).
3.1
Sample design
Safe I/O modules can be placed at any position in the
u-remote station. The only exceptions are safety segments
built up from safe power feed modules (s. section 4.1). No
safe I/O module with outputs (UR20-4DI-4DO-PN-FSOE or
UR20-4DI-4DO-PN-FSPS) may be placed within a safety
segment.
The following picture exemplifies how to design a u-remote
station with safe I/O modules.
Safety control
M
DI
DO FS* DO
AO DO
DI
DO
FS* DO DO
DI
X1
X2
Example set-up of safe I/O modules (FS*) in a u-remote station
1484600000/02/09.2015
u-remote Modules for functional safety manual
9
3 System description of safe I/O modules | Transition diagramm
3.2
Transition diagramm
State 1
State 2
Parameter received from safety control
Waiting for parameter
Running
red
ccu
eo
ilur
Fa
Unrecoverable fault
Acknowledgement
by safety control
State 3
Fault
Fai
lur
er
eso
lve
d
State 4
Requesting
acknowledgement
by safety control
Transition diagramm for safe I/O modules
3.3
Current-/voltage characteristics of the fail
safe digital inputs
[mA]
[mA]
4
4
Inputs "off"
Inputs "on"
3
3
2
2
1
1
0
0
2
4
6
8
10
Current-/voltage characteristic for P-switching inputs
10
Inputs "off"
12
14
16
18
20 [V]
0
0
2
4
6
8
Inputs "on"
10
12
14
16
18
20 [V]
Current-/voltage characteristic for PN-switching inputs
u-remote Modules for functional safety manual
1484600000/02/09.2015
3 System description of safe I/O modules | Registration of safe I/O modules on the safety control
3.4
Please use e.g. a ball pen to set the DIP switches and avoid sharp-edged tools.
Registration of safe I/O modules on the
safety control
Safe I/O modules need to get registered on a safety control
using an engineering tool. Via the web server the safe I/O
modules can only be observed but not be parameterised or
forced.
PROFIsafe
For the commissioning of safe I/O modules running with the
PROFIsafe safety protocol you will need the Weidmüller CPD
tool which is available to download on the website. According to the parameter settings this software tool calculates a
check sum, wich will be transferred to the safety control in
Siemens STEP7 and on the TIA portal.
With PROFIsafe modules: Make sure that
switches without identification marking always
remain in position “Zero”.
Setting the safety address
▶▶ Before snapping the module onto the DIN rail please set
the safety address according to the project planning via
the DIP switches on the electronic unit.
▶▶ Snap the module onto the DIN rail and continue the
installation of the u-remote station.
Fail-Safe-over-EtherCAT
For the commissioning of safe I/O modules running with
the Fail safe over EtherCAT safety protocol you will need
TwinCAT as well as a TwinSAFE safety control. The FSOE
modules have been tested using the TwinSAFE-Logic
EL6900 system (Beckhoff) and TwinCAT 2.11.2247
(Beckhoff).
3.5
1
3
5
7
6
4
2
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
1
0
1
0
0
1
0
Example: Address „1234“ is represented by setting
0000010011010010.
1484600000/02/09.2015
1 0
8
2
16
0
32
3
64
1
128
6
256
4
512
7
1024
5
2048
8
9
10
11
1234
2
4
Safety address
Decimal/binary conversion table
binary
1 0
8
9
10
11
Before commissioning the safety address (F-address) has to
be set on each safe I/O module using the DIP switches on
the electronic unit. This address is indicated by the project
planning. The safety control transfers the safety address to
the module on each commissioning.
The safety address (decimal) has to be converted into a binary value and then set using the DIP switches .
decimal
0
0000010011010010
DIP switches for setting the safety address on a PROFIsafe module (example setting: 1234)
Changing the safety address
To change the safety address after the module has been assigned to the control please act as follows:
▶▶ Pull out the electronic unit.
▶▶ Set all DIP switches to position „Zero“.
▶▶ Slide the electronic unit back into the module and turn on
the module/station.
▶▶ Please wait until the status LED of the module lights alternating red and green (3 s green, 1 s red).
Only now the old safety address has been deleted and the
new one can be set.
▶▶ Pull out the electronic unit again and set the new safety
address.
▶▶ Slide the electronic unit back into the module and turn on
the module/station.
The status LED of the module lights green and the new safety address will be displayed on the web server.
u-remote Modules for functional safety manual
11
3 System description of safe I/O modules | Operation with and without test pulses
3.6
Operation with and without test pulses
Test pulses can be enabled for the inputs of the safe I/O
modules so that the highest safety levels are achievable (see
technical data). The test pulse width is determined by the
input delay.
DI X (PN)
AUX-O X
AUX-O Y
DI Y (P)
1
2
3
4
3.7
Processing time
The response time for each input or output of a safe I/O
module is <10 ms. The processing time of a signal within the
safety chain can be calculated as follows:
Processing time =
Input delay (parameterised)
+ Response time input (<10 ms)
+ Response time output (<10 ms)
+ Data transfer from and to the PLC
+ PLC computing time
+24 V DC
Safety relay
DI X (PN)
AUX-O X
AUX-O Y
DI Y (P)
1
2
Sensor
3
4
Exemplary operation with test pulses
Test pulses must be disabled, whenever an external device
generating own test pulses is connected.
DI X (PN)
AUX-O X
AUX-O Y
DI Y (P)
1
DI X (PN)
AUX-O X
AUX-O Y
DI Y (P)
1
2
3
GND
+24 V DC
4
2
Safety relay
with
OSSD
outputs
+24 V DC
3
4
Exemplary operation of the safe I/O module without test pulses
The active output signal always includes test pulses, the
width of which is parameterisable.
12
u-remote Modules for functional safety manual
1484600000/02/09.2015
4 System description of safe power-feed modules 
4
System description of safe power-feed modules
This chapter contains product-specific information and notes about the use of safe powerfeed modules. Please also observe the system
description in the u-remote manual.
The UR20-PF-O-xDI-SIL modules are controlled using contact-based safety transducers and/or safety transducers with
OSSD inputs.
Each UR20-PF-O-xDI-SIL module safely switches off all following modules that are supplied by the output current path
and thus creates a safety segment. A survey of the switchable modules is shown at the end of this section. The safety
segment extends either to the next PF-O module or to the
end of the station. A safety-related input circuit together with
pulsed inputs is used for detecting broken wires and short
circuits.
Three types of safe power-feed modules are available in the
u-remote system:
–– UR20-PF-O-1DI-SIL (one safe input)
–– UR20-PF-O-2DI-SIL (two safe inputs)
–– UR20-PF-O-2DI-DELAY-SIL (two safe inputs, delayed
switching off possible)
Thereby the following safety functions can be implemented:
–– Up to two dual-channel safety circuits (AND linked), e.g.
for emergency stop switch, safety door contacts and
safety light curtains
–– A range of output modules within a u-remote station is
safely supplied with power via the switched 24 V Safe
output.
–– UR20-PF-O-xDI-SIL modules can be cascaded.
Safe power-feed module UR20-PF-O-1DI-SIL
Safety function
The safety function of the safe power-feed modules is
that the safe output “24 V Safe” is being switched according to the informations of the inputs (Type 3 according to
EN 61131-2, N-switching respectively). The safe status is
“24 V switched off” (current path for outputs and the output
“24 V Safe” is switched off).
Safe power-feed module UR20-PF-O-2DI-SIL and UR20-PF-O-2DI-DELAY-SIL
1484600000/02/09.2015
u-remote Modules for functional safety manual
13
4 System description of safe power-feed modules | Sample design
4.1
Sample design
The following picture exemplifies how to design a safety segment using a safe power-feed module. All output modules
arranged within the safety segment will be switched safely.
Input modules can be arranged within the safety segment,
only they do not fulfill any safety function and are not influenced by the UR20-PF-O-xDI-SIL module.
To switch the 24 V Safe voltage back on, either an automatic
or a manual start can be selected.
–– Automatic start: the safe output current path is switched
on immediately after resetting the safety circuit(s).
WARNING
Possible danger to life!
The option “Automatic start” might only be
used, after a risk analysis has shown that the
application is suitable.
Safe I/O modules with outputs may not be positioned within a safety segment.
For detailed planning please also observe the
notes in the section „Configuration“.
–– Manual start: the output current path is only switched on
again if the start button has been held down for a preset
length of time.
1
DI
FB
24 V
PF-O
DO SIL DO
AO DO
DI
DO PF-O DO DO
DI
UIN 24 V
UOUT 24 V Safe
UOUT 24 V
24 V
24 V
Example set-up of a safety segment (1) with UR20-PF-O-xDI-SIL
14
u-remote Modules for functional safety manual
1484600000/02/09.2015
4 System description of safe power-feed modules | Transition diagramm
4.2
Transition diagramm
State 1
Idle
24 V Safe off
SS1 off
Safety circuit active1
Manual start mode or autostart mode after power on
Safety circuit inactive3
2
Sa
no fety
del circ
ay uit
Delay time
expired
State 3
Wait for power off
24 VSafe on
SS1 off
ina
ve
cti
t a ode
i
u
irc t m
y c tar
fet ual s
a
S an
M
cti
ve 3
Manual start
key pressed
Au
tos
tar
t
State 2
Wait for start
24 V Safe off
SS1 off
mo
S
de, afet
no y cir
t a cu
fte it a
r p ct
ow ive 1
er
on
Safety circuit active1
Autostart mode
Safety circuit inactive3
delay
State 4
Running
24 V Safe on
SS1 on
1) Both channels of a safety circuit must get active within a discrepancy time of 0.5s max.
2) The 24 V Safe output remains on until delay time is expired.
3) At least one channel of the safety circuit.
Transition diagramm of safe power-feed modules
With the delay SIL module (UR20-PF-O-2DI-DELAY-SIL)
switching off can be delayed by a defined time so that,
for example, a machine can be shut down in a controlled
manner. The delay time can be set in four steps between
0 and 60 seconds (corresponds to stop category 1 as per
EN 60204).
1484600000/02/09.2015
u-remote Modules for functional safety manual
15
4 System description of safe power-feed modules | Modules switchable by UR20-PF-O-xDI-SIL
4.3
Modules switchable by UR20-PF-O-xDI-SIL
Safely switchable output modules:
–– UR20-4DO-P
–– UR20-4DO-P-2A
–– UR20-4DO-PN-2A
–– UR20-8DO-P
–– UR20-8DO-P-2W-HD
–– UR20-16DO-P
–– UR20-16DO-P-PLC-INT
–– UR20-4DO-N
–– UR20-4DO-N-2A
–– UR20-8DO-N
–– UR20-2PWM-PN-0.5A
–– UR20-2PWM-PN-2A
–– UR20-4AO-UI-16
–– UR20-4AO-UI-16-HD
–– UR20-4AO-UI-16-DIAG
–– UR20-4AO-UI-16-DIAG-HD
Configuration
A UR20-PF-O-xDI-SIL module can be positioned anywhere in
the u-remote station. Multiple UR20-PF-O-xDI-SIL modules
and thus safety segments can be set up in a single station.
When planning a u-remote station with UR20-PF-O-xDI-SIL
modules, the following requirements must be met:
In case a N-switching output module is positioned within a
safety segment the connected load needs to be switched
against +24 V Safe.
The relay output modules UR20-4RO-CO-255 and UR204RO-SSR-255 are not safely switchable, therefore they must
not switch any safety function.
The digital counter module UR20-1CNT-1DO-100 will not be
switched since it is supplied via the input current path.
16
4.4
–– The overall current consumption of all switchable modules within a safety segment must be lower than 100 mA
(see table in section 4.5).
–– Each safety segment might include at most 12 switchable modules.
–– The switch-off delay time for the safe input channels
within a safety circuit is 500 ms ± 10 ms.
–– The load output is not designed for either inductive or
capacitive loads.
–– The feed-in of the UR20-PF-O-xDI-SIL module must be
safeguarded with a 8-A super fast fuse.
–– A SELV/PELV power supply must be used.
–– The safely shut-off systems/applications must get their
power exclusively from the safe feed-in module
UR20-PF-O-xDI-SIL. Likewise, it must not be possible to
feed external energy into the safety segment elsewhere.
–– Relay modules can be located within a safety segment,
however their outputs cannot be safely shut off in case of
a malfunction.
–– At the SS1 output of the UR20-PF-O-2DI-DELAY-SIL, only
systems/equipment that do not feed any power back into
the system in the event of a malfunction can be connected.
–– Any external short circuits in the wiring of the safe output
must be avoided.
–– Fault exclusion as per EN ISO 13849-2 must be provided.
u-remote Modules for functional safety manual
1484600000/02/09.2015
4 System description of safe power-feed modules | Switch-off delay time
4.5
Switch-off delay time
4.6
The turn-off time of a UR20-PF-O-xDI-SIL module is 20 ms,
caused by the hardware and firmware delay time. The time
required until the output voltage even of the last switchable
module of a safety segment is below 5 V, can be calculated
as follows:
Switch off delay [ms] =
Turn-off time of a UR20-PF-O-xDI-SIL module
+ Sum of all modules’ hardware delay
Switch-off delay and current consumption
Hardware delay [ms]
Current consumption [mA]
UR20-4DO-P
2
8
UR20-4DO-P-2A
2
8
UR20-4DO-PN-2A
3
15
UR20-8DO-P
1
15
UR20-8DO-P-2W-HD
1
15
UR20-16DO-P
1
10
UR20-16DO-P-PLC-INT
1
10
UR20-4DO-N
2
8
UR20-4DO-N-2A
2
8
UR20-2PWM-PN-0.5A
5
10
UR20-2PWM-PN-2A
5
10
UR20-4AO-UI-16
150*
10
UR20-4AO-UI-16-HD
150*
10
UR20-4AO-UI-16-DIAG
150*
10
UR20-4AO-UI-16-DIAG-HD
150*
10
*The delay time is always 150 ms, irrespective of the amout of these modules.
Operation with and without test pulses
All safe power-feed modules provide a test pulse evaluation,
so that the highest safety levels can be achieved (see technical data).
1
S11 / S31
S12 / S32
S21 / S41
S22 / S42
2
3
4
+24 V DC
Safety relay
1
S11 / S31
S12 / S32
S21 / S41
S22 / S42
2
Sensor
3
4
Exemplary operation with test pulses
The safe power-feed module UR20-PF-O-2DI-DELAY-SIL
might also be operated without test pulses. This is mandatory whenever an external device producing own test pulses
is connected.
Test pulses can be enabled or disabled using the DIP-switches at the module.
+24 V DC
1
S11 / S31
S12 / S32
S21 / S41
2
1
3
4
S22 / S42
Safety relay
with
OSSD
outputs
...
1
4
2
3
GND
4
S11 / S31
1
S21 / S41
3
S12 / S32
S22 / S42
2
+24 V DC
4
Exemplary operation of the UR20-PF-O-2DI-DELAY-SIL without test pulses
1484600000/02/09.2015
u-remote Modules for functional safety manual
17
18
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | General technical data
5
Detailed descriptions of safe modules
5.1
General technical data
Type of connection
“PUSH IN”
Line connection cross-section
Single-wired
0.14 – 1.5 mm2 (AWG 16 – 26)
Fine-wired
0.14 – 1.5 mm2 (AWG 16 – 26)
Height
120 mm (128 mm with release lever)
Width
11.5 mm
Depth
76.0 mm
Dimensions
Protection class (DIN EN 60529)
IP 20
Flammability rating UL 94
V-0
Temperature data
Operation
-20 °C to +60 °C
Storage, transport
-40 °C to +85 °C
Humidity
Operation, storage, transport
5 % to 95 %, non-condensing as per IEC 61131-2
Air pressure
Operation
≥ 795 hPa (altitude ≤ 2000 m) as per IEC 61131-2
Storage, transport
≥ 700 hPa (altitude ≤ 3000 m) as per IEC 61131-2
Vibration resistance
5 Hz ≤ f ≤ 8.4 Hz: 3.5-mm amplitude as per IEC 60068-2-6
8.4 Hz ≤ f ≤ 150 Hz: 1-g acceleration as per IEC 60068-2-6
Shock resistance
15 g for 11 ms, half sinewave, as per IEC 60068-2-27
Potential isolation
Test voltage
Max. 28.8 V within a channel
500 V DC field/system
Pollution severity level
2
Overvoltage category
II
cULus
UL 508 pending
Potentially explosive atmosphere Zone 2
ATEX Directive 94/9/EC
EMC
EN 61000 (Partial standards as per requirements of IEC 61131-2)
Explosion protection
EN 60079-0:2009 and EN 60079-15:2010
PLC
IEC 61131-2
FS
DIN EN ISO 13849-1, IEC 61508, IEC 62061
Approvals and Standards*
* Unless otherwise noted within the product-specific technical data.
You can find all product-specific technical data in the corresponding product description.
1484600000/02/09.2015
u-remote Modules for functional safety manual
19
5 Detailed descriptions of safe modules | Data width dependent on the coupler used
5.2
Data width dependent on the coupler used
Data width
Order No.
Module
Configuration
Bytes
Parameter
Bytes
Diagnostics
Process data
Input
Output
Bytes
Bytes
Bytes
UR20-FBC-PB-DP
1334870000
UR20-FBC-PB-DP
—
8
47
—
—
1335030000
UR20-PF-O-1DI-SIL
3
—
47
4
—
1335040000
UR20-PF-O-2DI-DELAY-SIL
3
—
47
4
—
1335050000
UR20-PF-O-2DI-SIL
3
—
47
4
—
1335060000
UR20-4DI-4DO-PN-FSPS
7
26
47
5
5
1335070000
UR20-8DI-PN-FSPS
max. Data (in Bytea)
7
26
47
5
5
244
244
244
244
244
UR20-FBC-PN-IRT
1334880000
UR20-FBC-PN-IRT
4
10
47
4
4
1335030000
UR20-PF-O-1DI-SIL
4
—
47
5
1
1335040000
UR20-PF-O-2DI-DELAY-SIL
4
—
47
5
1
1335050000
UR20-PF-O-2DI-SIL
4
—
47
5
1
1335060000
UR20-4DI-4DO-PN-FSPS
4
23
47
6
6
1335070000
UR20-8DI-PN-FSPS
4
23
47
6
6
260
4362
1408
512
512
256
4096
3328
1024
1024
max. Data (in Bytea)
UR20-FBC-EC
1334910000
UR20-FBC-EC
1335030000
UR20-PF-O-1DI-SIL
4
—
47
4
—
1335040000
UR20-PF-O-2DI-DELAY-SIL
4
—
47
4
—
1335050000
UR20-PF-O-2DI-SIL
4
—
47
4
—
1529780000
UR20-8DI-PN-FSOE
4
5
47
6
6
1529800000
UR20-4DI-4DO-PN-FSOE
max. Data (in Bytea)
4
5
47
6
6
1514 pro telegramm + CoE
1514 pro telegramm + CoE
1514 pro telegramm + CoE
1024
1024
UR20-FBC-EIP
1334910000
UR20-FBC-EC
8
—
—
2/10
2/10
1335030000
UR20-PF-O-1DI-SIL
4
—
47
4
—
1335040000
UR20-PF-O-2DI-DELAY-SIL
4
—
47
4
—
1335050000
UR20-PF-O-2DI-SIL
4
—
47
4
—
264
—
—
496/504
496/504
-
11
47
2/10
2/10
max. Data (in Bytea)
UR20-FBC-DN
1334900000
1335030000
UR20-PF-O-1DI-SIL
4
—
47
4
—
1335040000
UR20-PF-O-2DI-DELAY-SIL
4
—
47
4
—
1335050000
UR20-PF-O-2DI-SIL
4
—
47
4
—
264
400
47
496/504
496/504
max. Data (in Bytea)
20
UR20-FBC-DN
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Data width dependent on the coupler used
Data width
Order No.
Module
Configuration
Bytes
Parameter
Bytes
Diagnostics
Process data
Input
Output
Bytes
Bytes
Bytes
UR20-FBC-CAN
1334890000
UR20-FBC-CAN
—
47
—
—
1335030000
UR20-PF-O-1DI-SIL
2
47
4
—
1335040000
UR20-PF-O-2DI-DELAY-SIL
2
47
4
—
1335050000
UR20-PF-O-2DI-SIL
2
47
4
—
3055
256
256
max. Daten (in Byte)
128
—
UR20-FBC-MOD-TCP
Order No.
Module
Process data
Input
Output
Bytes
Bytes
1335030000
UR20-PF-O-1DI-SIL
4 Bytes
—
1335040000
UR20-PF-O-2DI-DELAY-SIL
4 Bytes
—
1335050000
UR20-PF-O-2DI-SIL
4 Bytes
—
The register structure for UR20-FBC-MOD-TCP see u-remote manual, section 5.4.
1484600000/02/09.2015
u-remote Modules for functional safety manual
21
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
5.3
Digital in- and output module UR20-4DI-4DO-PN-FSOE
4DI·4DO
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DO 0 (PN)
GND
DO 1 (P)
GND
DO 2 (PN)
GND
DO 3 (P)
GND
22
4DI·4DO
1
1
2
3
4
1
2
2
3
4
1
3
2
3
4
1
4
2
3
4
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DO 0 (PN)
GND
DO 1 (P)
GND
DO 2 (PN)
GND
DO 3 (P)
GND
1
1
2
3
4
GND Safety relay
24 V DC with OSSD
outputs
1
2
2
3
4
1
3
2
3
4
1
4
2
3
4
Digital in- and output module UR20-4DI-4DO-PN-FSOE (Order No. 1529780000)
Connection diagram UR20-4DI-4DO-PN-FSOE (Examples)
The digital in- and output module UR20-4DI-4DO-PN-FSOE is
a safe I/O module for the Safety over EtherCAT protocol (FailSafe-over-EtherCAT, FSoE). The module provides four digital
in- and outputs respectively, it can detect up to four binary
control signals and control up to four actuators each with a
maximum of 0.5 A. Two in- and outputs respectively can be
parameterised P- or N-switching.
Sensors can be connected to connectors 1 and 2 using a
2-wire, 3-wire or 4-wire connection. In the event that the
available supply current of 0.8 A per plug will not suffice, the
sensor supply must be realised using the auxiliary outputs
of another module (e.g. potential distribution module) within
the same power segment.
Actuators can be connected to connectors 3 and 4 using a
2-wire connection. A status LED is assigned to each channel.
The module electronics supply the outputs with power from
the output current path (IOUT).
A test pulse check of the inputs can be parameterised as a
cross-circuit detection between input singal and supply voltage, between different input signals or other signals. Thus an
input gets active only when the signal of the dedicated auxiliary output is pending. The test pulses must be disabled, if a
safety relay with OSSD outputs generating own test pulses is
connected.
The active output signal always includes test pulses for the
purpose of cross-circuit and error detection. The test pulse
width can be parameterised.
A safety sensor that is being connected in a dual channel mode (safety architecture of category 4 acc. to
DIN EN ISO 13849) must allocate the PN and the P-input of
one connector.
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Module status LED
Green: Communication on system bus
3 s green/1 s red: Waiting for parameters
1 s green/1 s red: Waiting for acknowledgement by safety control
Red: Collective error diagnostic
4DI-4DO
1.1
Yellow: Input 0 active
1.3
Red: Error sensor supply or input 0 or input 1
1.4
Yellow: Input 1 active
2.1
Yellow: Input 2 active
2.3
Red: Error sensor supply or input 2 or input 3
2.4
Yellow: Input 3 active
3.1
Yellow: Output 0 active
3.2
Red: Error output 0
3.3
Yellow: Output 1 active
3.4
Red: Error output 1
4.1
Yellow: Output 2 active
4.2
Red: Error output 2
4.3
Yellow: Output 3 active
4.4
Red: Error output 3
LED indicators UR20-4DI-4DO-PN-FSOE, error messages see Chapter 7
System
bus
Config.
switch
µC
Type 3
USYS
DO 0
•
•
DO 3
µC
µC
DC
DC
UIN
24 V DC
UOUT
DI 0
•
•
DI 3
GND
4x
4x
2x
DOx
1
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
2
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
3
DO 0 (PN)
GND
DO 1 (P)
GND
4
DO 2 (PN)
GND
DO 3 (P)
GND
GND
Block diagram UR20-4DI-4DO-PN-FSOE
1484600000/02/09.2015
u-remote Modules for functional safety manual
23
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Technical data UR20-4DI-4DO-PN-FSOE (Order No. 1529780000)
System data
Data
Process and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data according to EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level inputs
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
Achievable safety level outputs
Diagnostic Coverage (DC) inputs
PLd, Categorie 2
PLe, Categorie 4
PLe, Categorie 4
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
90%
99%
Diagnostic Coverage (DC) outputs
99%
MTTFD (Mean Time To Failure dangerous) inputs
> 100 Years (840 Years)
MTTFD (Mean Time To Failure dangerous) outputs
> 100 Years (279 Years)
Safety-related data according to EN 62061 (Regard the entire safety chain!)
Achievable safety level inputs
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
Achievable safety level outputs
PFH (Probability of Failure per hour in 1/h) inputs
SILCL 3
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PFH (Probability of Failure per hour in 1/h) outputs
Fault reaction time
SILCL 2
SILCL 3
10-8
2,94*10-9
5,56*10-9
Single-channel circuit 1oo1
5 s
Safety-related data according to EN 61508 (Regard the entire safety chain!)
Achievable safety level inputs
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
Achievable safety level outputs
PFH (Probability of Failure per hour in 1/h) inputs
SIL 3
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PFH (Probability of Failure per hour in 1/h) outputs
PFD (Probability of Failure per Demand) inputs
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
8,77*10-4
1,85*10-5
1,85*10-5
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
HFT (Hardware Failure Tolerance) outputs
24
10-8
2,17*10-10
2,17*10-10
PFD (Probability of Failure per Demand) outputs
HFT (Hardware Failure Tolerance) inputs
SIL 2
SIL 3
0
1
1
SFF (Safe Failure Fraction) inputs and outputs
98%
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle
Classification acc. to EN 61508-2:2010
Type B
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Technical data UR20-4DI-4DO-PN-FSOE (Order No. 1529780000)
Inputs
Number
4, two of which are parameterisable P- or N-switching
Input Type
Type 1 and 31) as per IEC 61131-2 (N-switching based on the standard)
Input filter
Input delay adjustable from 1 to 100 ms
Response time
< 10 ms
Low input voltage
P-switching: < 5 V; N-switching: > -5 V to +24 V
High input voltage
P-switching: >11 V; N-switching: < -11 V to +24 V
Sensor supply
Max. 0.8 A per plug, total max. 1.6 A
Sensor connection
2-wire, 3-wire, 4-wire
Reverse polarity protection
yes
Module diagnosis
yes
Individual channel diagnosis
yes
1) Minimum rate of change in transition range: 1 V/s. Deviating from EN 61131-2 the following applies for PN-inputs in P-switching mode:The input will be read “inactive” if the input
voltage considerably exceeds the module supply voltage.
Outputs
Number
4, two of which are parameterisable P- or N-switching
Type of load
Ohmic, inductive, lamp load
Response time
< 10 ms
Output current
per channel
0.002 to 0.5 A
per module
max. 2 A
Breaking energy (inductive)
150 mJ/channel
Switching frequency
Resistive load (min. 47 Ω)
10 Hz
Inductive load (DC 13)
0.2 Hz without free-wheeling diode
10 Hz with suitable free-wheeling diode
Lamp load (12 W)
10 Hz
Actuator connection
2-wire
Short-circuit-proof
yes
Protective circuit
Constant current with thermal switch-off
Response time of the current limiting circuit
< 100 µs
Module diagnosis
yes
Individual channel diagnosis
yes
Safe status
P-switching: < 5 V, < 2 mA
N-switching: > -2 mA (referred to +24 V DC)
1484600000/02/09.2015
u-remote Modules for functional safety manual
25
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Technical data UR20-4DI-4DO-PN-FSOE (Order No. 1529780000)
Supply
Supply voltage
24 V DC +20 %/-15 %
Current consumption from system current path ISYS
8 mA
Current consumption from output current path IOUT
20 mA + output current + current consumption from the auxiliary outputs
General data
Weight (operational status)
93 g
Additional general data, see Section 5.1.
26
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Overview of the editable parameter UR20-4DI-4DO-PN-FSOE
Channel
Description
Options
Default
0 ... 1
Input delay
1 ms (0) / 3 ms (1) / 10 ms (2) / 100 ms (3)
1 ms
0 ... 1
Test pulse1)
disabled (0) / enabled (1)
disabled
0
Input polarity
P-switching / N-switching
P-switching
0 + 1
Input dual channel mode (inputs 0 + 1)
single channel (0) / dual channel (1)
single channel
0 + 1
Discrepancy time
5 ms (0) / 50 ms (1) / 2 s (2) / 30 s (3)
5 ms
2 ... 3
Input delay
1 ms (0) / 3 ms (1) / 10 ms (2) / 100 ms (3)
1 ms
2 ... 3
Test pulse
disabled (0) / enabled (1)
disabled
2
Input polarity
P-switching / N-switching
P-switching
2 + 3
Input dual channel mode (inputs 2 + 3)
single channel (0) / dual channel (1)
single channel
2 + 3
Discrepancy time
5 ms (0) / 50 ms (1) / 2 s (2) / 30 s (3)
5 ms
4 ... 5
Output test pulse duration (output 0 ... 1)
0.5 ms (0) / 1 ms (1) / 3 ms (2) / 10 ms (3)
0.5 ms
4
Output polarity
P-switching / N-switching
P-switching
4 + 5
Output dual channel mode (outputs 0 + 1)
single channel (0) / dual channel (1)
single channel
6 ... 7
Output test pulse duration (output 2 ... 3)
0.5 ms (0) / 1 ms (1) / 3 ms (2) / 10 ms (3)
0.3 ms
6
Output polarity
P-switching / N-switching
P-switching
6 + 7
Output dual channel mode (outputs 2 + 3)
single channel (0) / dual channel (1)
single channel
1)
1) Test pulse must be disabled if a safety relay with OSSD outputs generating own test pulses is connected.
The test pulse width depends on the parameterised input
delay:
Input delay [ms]
1
3
10
100
Test pulse width [ms]
0.5
1
3
10
1
The module independently performs a plausibility test for the
relevant pair of inputs or outputs, if the dual channel mode
is parameterised. On this it will be checked if both inputs or
outputs become active or inactive simultaneously within the
discrepancy time.
2
DO (PN)
1
DO (P)
3
DO (PN)
1
DO (P)
3
DO (PN)
1
DO (P)
3
External circuit of a PN/P-output pair
The outputs of UR20-4DI-4DO-PN-FSOE can be wired as follows:
3
Options for the external circuit of the outputs
Circuit diagramm Parameterising
1
2
3
2 x single channel, P-switching
or
dual channel, P-switching
2 x single channel, first channel N-switching
dual channel, first channel N-switching
1484600000/02/09.2015
2
4
2
24 V DC
4
2
4
External circuit of the outputs
u-remote Modules for functional safety manual
27
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Diagnostic data UR20-4DI-4DO-PN-FSOE
Name
Error indicator
0
Module Type
1
Error byte 2
2
Error byte 3
Channel Type
Diagnostic bits
per channel
Number of channels
28
Byte
3
4
Bit
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0 ... 7
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
5
6
Channel error
7
Channel 8 error
...
Channel 10 error
8
...
10
0
1
2
3
4
5
6
7
Diagnostic data UR20-4DI-4DO-PN-FSOE
Description
Default
Module error
Internal error
Reserved
Channel error
Reserved
Reserved
Reserved
0
1
1
0
0
1
0
0
0
Failure code
0
0
0
0
Communication fault
0
0
0
1
1
1
0
1
1
1
0
Number of diagnostic bit per
channel
Number of similar channels per
module
Error at channel 0
Error at channel 1
Error at channel 2
Error at channel 3
Error at channel 4
Error at channel 5
Error at channel 6
Error at channel 7
0 ... 7 Reserved
0
0
0
0
0
0
0
0
Name
Byte
Channel 11 error
11
Channel 12 error
12
Channel 13 error
13
Channel 14 error
14
Channel 15 error
15
Channel 16 error
16
Channel 17 error
17
Channel 18 error
18
0x03
0
0
0
0
0
0
0
0
0
0
0
0
0
0x77
0
8
8
0
0
0
0
0
0
0
0
Bit
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
Description
Default
Input 0, Test error
Input 0, Cross connection
Input 0, Discrepancy error
Input 0, Other error
Reserved
Input 1, Test error
Input 1, Cross connection
Input 1, Discrepancy error
Input 1, Other error
Reserved
Input 2, Test error
Input 2, Cross connection
Input 2, Discrepancy error
Input 2, Other Error
Reserved
Input 3, Test error
Input 3, Cross connection
Input 3, Discrepancy error
Input 3, Other Error
Reserved
Output 0, Shortcut
Output 0, Cross connection
Output 0, Readback error
Output 0, Other Error
Reserved
Output 1, Shortcut
Output 1, Cross connection
Output 1, Readback error
Output 1, Other error
Reserved
Output 2, Shortcut
Output 2, Cross connection
Output 2, Readback error
Output 2, Other error
Reserved
Output 3, Shortcut
Output 3, Cross connection
Output 3, Readback error
Output 3, Other error
Reserved
Channel 19 error 19
...
...
0 ... 7 Reserved
Channel 42 error 42
Time stamp
43-46
time stamp [µs] (32bit)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSOE
Process data* inputs UR20-4DI-4DO-PN-FSOE
Byte
Bit
IB0
IX0.0
IX0.1
IX0.2
IX0.3
Description
DI0
DI1
DI2
DI3
*Standard data format
Process data* outputs UR20-4DI-4DO-PN-FSOE
Byte
Bit
QB0
QX0.0
QX0.1
QX0.2
QX0.3
Description
DO0
DO1
DO2
DO3
*Standard data format
1484600000/02/09.2015
u-remote Modules for functional safety manual
29
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
5.4
Digital input module UR20-8DI-PN-FSOE
8DI·PN
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DI 4 (PN)
AUX-O 4
AUX-O 5
DI 5 (P)
DI 6 (PN)
AUX-O 6
AUX-O 7
DI 7 (P)
30
8DI·PN
1
1
2
3
4
1
2
2
3
4
1
3
2
3
4
1
4
2
3
4
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DI 4 (PN)
AUX-O 4
AUX-O 5
DI 5 (P)
DI 6 (PN)
AUX-O 6
AUX-O 7
DI 7 (P)
1
1
2
GND
3 24 V DC
4
1
2
2
3
4
Safety relay
with OSSD
outputs
1
Safety relay
with OSSD
24 V DC
outputs
2
GND
1
3
2
3
4
1
4
2
3
4
Digital input module UR20-8DI-PN-FSOE (Best.‑Nr. 1529800000)
Connection diagram UR20-8DI-PN-FSOE (*switchable)
The UR20-8DI-PN-FSOE digital input module is a safe I/O
module for the Safety over EtherCAT protocol (Fail-Safeover-EtherCAT, FSoE). The module can detect up to 8 binary
control signals. Two sensors can be connected to each connector using a 2-wire, 3-wire or 4-wire connection. In the
event that the available supply current of 0.8 A per plug will
not suffice, the sensor supply must be realised using the auxiliary outputs of another module (e.g. potential distribution
module) within the same power segment.
A status LED is assigned to each channel. The module electronics supply the connected sensors with power from the
input current path (IIN)
A test pulse check of the inputs can be parameterised as a
cross-circuit detection between input singal and supply voltage, between different input signals or other signals. Thus an
input gets active only when the signal of the dedicated auxiliary output is pending. The test pulses must be disabled, if a
safety relay with OSSD outputs generating own test pulses is
connected.
A safety sensor that is being connected in a dual channel mode (safety architecture of category 4 acc. to
DIN EN ISO 13849) must allocate the PN and the P-input of
one connector.
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
Module status LED
Green: Communication on system bus
3 s green/1 s red: Waiting for parameters
1 s green/1 s red: Waiting for acknowledgement by safety control
Red: Collective error diagnostic
8DI-PN
1.1
Yellow: Input 0 active
1.3
Red: Error sensor supply or input 0 or input 1
1.4
Yellow: Input 1 active
2.1
Yellow: Input 2 active
2.3
Red: Error sensor supply or input 2 or input 3
2.4
Yellow: Input 3 active
3.1
Yellow: Input 4 active
3.3
Red: Error sensor supply or input 4 or input 5
3.4
Yellow: Input 5 active
4.1
Yellow: Input 6 active
4.3
Red: Error sensor supply or input 6 or input 7
4.4
Yellow: Input 7 active
LED indicators UR20-8DI-PN-FSOE, error messages see Chapter 7
System
bus
Config.
switch
µC
Type 3
USYS
µC
DC
UIN
µC
DC
DI 0
•
•
•
•
DI 7
AUX-O 0
•
•
•
•
AUX-O 7
1
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
2
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
3
DI 4 (PN)
AUX-O 4
AUX-O 5
DI 5 (P)
4
DI 6 (PN)
AUX-O 6
AUX-O 7
DI 7 (P)
UOUT
Block diagram UR20-8DI-PN-FSOE
1484600000/02/09.2015
u-remote Modules for functional safety manual
31
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
Technical data UR20-8DI-PN-FSOE (Order No. 1529800000)
System dat
Data
Process, parameter and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data as per EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PLd, Categorie 2
PLe, Categorie 4
Diagnostic Coverage (DC)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
90%
99%
MTTFD (Mean Time To Failure dangerous)
> 100 Years (840 Years)
Safety-related data as per EN 62061 (Regard the entire safety chain!)
Achievable safety level
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
SILCL 2
SILCL 3
PFH (Probability of Failure per hour in 1/h)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
10-8
2,94*10-9
Fault reaction time
Single-channel circuit 1oo1
10 s
Safety-related data as per EN 61508 (Regard the entire safety chain!))
32
Achievable safety level
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
SIL 2
SIL 3
PFH (Probability of Failure per hour in 1/h)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
10-8
2,17*10-10
PFD (Probability of Failure per Demand)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
8,77*10-4
1,85*10-5
HFT (Hardware Failure Tolerance)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
0
1
SFF (Safe Failure Fraction)
98%
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle.
Classification acc. to EN 61508-2:2010
Type B
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
Technical data UR20-8DI-PN-FSOE (Order No. 1529800000)
Inputs
Number
8, four of which are parameterisable P- or N-switching
Input Type
Type 1 and 31) as per IEC 61131-2 (N-switching based on the standard)
Input filter
Input delay adjustable from 1 to 100 ms
Response time
< 10 ms
Low input voltage
P-switching: < 5 V; N-switching: > -5 V against +24 V
High input voltage
P-switching: >11 V; N-switching: < -11 V against +24 V
Sensor supply
Max. 0.8 A per plug, total max. 3.2 A
Sensor connection
2-wire, 3-wire, 4-wire
Reverse polarity protection
yes
Module diagnosis
yes
Individual channel diagnosis
yes
1) Minimum rate of change in transition range: 1 V/s. Deviating from EN 61131-2 the following applies for PN-inputs in P-switching mode:The input will be read “inactive” if the input
voltage considerably exceeds the module supply voltage.
Supply
Supply voltage
24 V DC +20 %/-15 %
Current consumption from system current path ISYS
8 mA
Current consumption from output current path IOUT
20 mA + output current + current consumption from the auxiliary outputs
General data
Weight (operational status)
93 g
Additional general data, see Section 5.1.
1484600000/02/09.2015
u-remote Modules for functional safety manual
33
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
Overview of the editable parameter UR20-8DI-PN-FSOE
Channel
Description
Options
Default
0 ... 1
Input delay
1 ms (0) / 3 ms (1) / 10 ms (2) / 100 ms (3)
1 ms
0 ... 1
Test pulse1)
disabled (0) / enabled (1)
disabled
0
Input polarity
P-switching / N-switching
P-switching
0 + 1
Input dual channel mode (inputs 0 + 1)
single channel (0) / dual channel (1)
single channel
0 + 1
Discrepancy time
5 ms (0) / 50 ms (1) / 2 s (2) / 30 s (3)
5 ms
2 ... 3
Input delay
1 ms (0) / 3 ms (1) / 10 ms (2) / 100 ms (3)
1 ms
2 ... 3
Test pulse
disabled (0) / enabled (1)
disabled
2
Input polarity
P-switching / N-switching
P-switching
2 + 3
Input dual channel mode (inputs 2 + 3)
single channel (0) / dual channel (1)
single channel
2 + 3
Discrepancy time
5 ms (0) / 50 ms (1) / 2 s (2) / 30 s (3)
5 ms
4 ... 5
Input delay
1 ms (0) / 3 ms (1) / 10 ms (2) / 100 ms (3)
1 ms
4 ... 5
Test pulse
disabled (0) / enabled (1)
disabled
4
Input polarity
P-switching / N-switching
P-switching
4 + 5
Input dual channel mode (inputs 4 + 5)
single channel (0) / dual channel (1)
single channel
4 + 5
Discrepancy time
5 ms (0) / 50 ms (1) / 2 s (2) / 30 s (3)
5 ms
6 ... 7
Input delay
1 ms (0) / 3 ms (1) / 10 ms (2) / 100 ms (3)
1 ms
6 ... 7
Test pulse1)
disabled (0) / enabled (1)
disabled
6
Input polarity
P-switching / N-switching
P-switching
6 + 7
Input dual channel mode (inputs 6 + 7)
single channel (0) / dual channel (1)
single channel
6 + 7
Discrepancy time
5 ms (0) / 50 ms (1) / 2 s (2) / 30 s (3)
5 ms
1)
1)
1) Test pulse must be disabled if a safety relay with OSSD outputs is connected that generates own test pulses.
The test pulse width depends on the parameterised input
delay:
Input delay [ms]
1
3
10
100
Test pulse width [ms]
0.5
1
3
10
The module independently performs a plausibility test for the
relevant pair of inputs, if the dual channel mode is parameterised. On this it will be checked if both inputs become active or inactive simultaneously within the discrepancy time.
34
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
Diagnostic data UR20-8DI-PN-FSOE
Name
Error indicator
Byte
0
Module Type
1
Error byte 2
2
Error byte 3
Channel Type
Diagnostic bits
per channel
Number of
channels
3
4
Bit
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0 ... 7
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
5
6
Channel error
7
Channel 8 error
...
Channel 10 error
8
...
10
1484600000/02/09.2015
0
1
2
3
4
5
6
7
Diagnostic data UR20-8DI-PN-FSOE
Beschreibung
Default
Module error
Internal error
Reserved
Channel error
Reserved
Reserved
Reserved
0
1
1
0
0
1
0
0
0
Failure code
0
0
0
0
Communication fault
0
0
0
0
1
0
1
1
1
1
0
Number of diagnostic bit per
channel
Number of similar channels per
module
Error at channel 0
Error at channel 1
Error at channel 2
Error at channel 3
Error at channel 4
Error at channel 5
Error at channel 6
Error at channel 7
0 ... 7 Reserved
0
0
0
0
0
0
0
0
Name
Byte
Channel 11 error
11
Channel 12 error
12
Channel 13 error
13
Channel 14 error
14
Channel 15 error
15
Channel 16 error
16
Channel 17 error
17
Channel 18 error
18
0x03
1
0
0
0
0
0
0
0
0
0
0
0
0
0x7A
0
8
8
0
0
0
0
0
0
0
0
Bit
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
Beschreibung
Input 0, Test error
Input 0, Cross connection
Input 0, Discrepancy error
Input 0, Other error
Reserved
Input 1, Test error
Input 1, Cross connection
Input 1, Discrepancy error
Input 1, Other error
Reserved
Input 2, Test error
Input 2, Cross connection
Input 2, Discrepancy error
Input 2, Other error
Reserved
Input 3, Test error
Input 3, Cross connection
Input 3, Discrepancy error
Input 3, Other error
Reserved
Input 4, Test error
Input 4, Cross connection
Input 4, Discrepancy error
Input 4, Other error
Reserved
Input 5, Test error
Input 5, Cross connection
Input 5, Discrepancy error
Input 5, Other error
Reserved
Input 6, Test error
Input 6, Cross connection
Input 6, Discrepancy error
Input 6, Other error
Reserved
Input 7, Test error
Input 7, Cross connection
Input 7, Discrepancy error
Input 7, Other error
Reserved
Channel 19 error 19
...
...
0 ... 7 Reserved
Channel 42 error 42
Time stamp
43-46
time stamp [µs] (32bit)
Default
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
u-remote Modules for functional safety manual
35
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSOE
Process data* inputs UR20-8DI-PN-FSOE
Byte
Bit
IB0
IX0.0
IX0.1
IX0.2
IX0.3
IX0.4
IX0.5
IX0.6
IX0.7
Description
DI0
DI1
DI2
DI3
DI4
DI5
DI6
DI7
* Standard data format
36
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
5.5
Digital in- and output module UR20-4DI-4DO-PN-FSPS
4DI·4DO
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DO 0 (PN)
GND
DO 1 (P)
GND
DO 2 (PN)
GND
DO 3 (P)
GND
4DI·4DO
1
1
2
3
4
1
2
2
3
4
1
3
2
3
4
1
4
2
3
4
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DO 0 (PN)
GND
DO 1 (P)
GND
DO 2 (PN)
GND
DO 3 (P)
GND
1
1
2
3
4
GND
24 V DC
Safety relay
with OSSD
outputs
1
2
2
3
4
1
3
2
3
4
1
4
2
3
4
Safe I/O module UR20-4DI-4DO-PN-FSPS (Order No. 1335060000)
Connection diagram UR20-4DI-4DO-PN-FSPS
The digital in- and output module UR20-4DI-4DO-PN-FSPS
is a safe I/O module for the PROFIsafe protocol. The module
provides four digital in- and outputs respectively, it can detect up to four binary control singals and control up to four
actuators each with a maximum of 0.5 A. Two in- and outputs respectively can be parameterised P- or N-switching.
Sensors can be connected to connectors 1 and 2 using a
2-wire, 3-wire or 4-wire connection. In the event that the
available supply current of 0.8 A per plug will not suffice, the
sensor supply must be realised using the auxiliary outputs
of another module (e.g. potential distribution module) within
the same power segment.
Actuators can be connected to connectors 3 and 4 using a
2-wire connection. A status LED is assigned to each channel.
The module electronics supply the outputs with power from
the output current path (IOUT).
A test pulse check of the inputs can be parameterised as a
cross-circuit detection between input singal and supply voltage, between different input signals or other signals. Thus an
input gets active only when the signal of the dedicated auxiliary output is pending. The test pulses must be disabled if a
safety relay with OSSD outputs generating own test pulses is
connected.
The active output signal always includes test pulses for the
purpose of cross-circuit and error detection. The test pulse
width can be parameterised.
A safety sensor that is being connected in a dual channel mode (safety architecture of category 4 acc. to
DIN EN ISO 13849) must allocate the PN and the P-input of
one connector.
1484600000/02/09.2015
u-remote Modules for functional safety manual
37
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Module status LED
Green: Communication on system bus
3 s green/1 s red: Waiting for parameters
1 s green/1 s red: Waiting for acknowledgement by safety control
Red: Collective error diagnostic
4DI-4DO
1.1
Yellow: Input 0 active
1.3
Red: Error sensor supply or input 0 or input 1
1.4
Yellow: Input 1 active
2.1
Yellow: Input 2 active
2.3
Red: Error sensor supply or input 2 or input 3
2.4
Yellow: Input 3 active
3.1
Yellow: Output 0 active
3.2
Red: Error output 0
3.3
Yellow: Output 1 active
3.4
Red: Error output 1
4.1
Yellow: Output 2 active
4.2
Red: Error output 2
4.3
Yellow: Output 3 active
4.4
Red: Error output 3
LED indicators UR20-4DI-4DO-PN-FSPS, error messages see Chapter 7
System
bus
Config.
switch
µC
Type 3
USYS
DO 0
•
•
DO 3
µC
µC
DC
DC
UIN
24 V DC
UOUT
DI 0
•
•
DI 3
GND
4x
4x
2x
DOx
1
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
2
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
3
DO 0 (PN)
GND
DO 1 (P)
GND
4
DO 2 (PN)
GND
DO 3 (P)
GND
GND
Block diagram UR20-4DI-4DO-PN-FSPS
38
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Technical data UR20-4DI-4DO-PN-FSPS (Order No. 1335060000)
System data
Data
Process and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data as per EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level inputs
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
Achievable safety level outputs
Diagnostic Coverage (DC) inputs
PLd, Categorie 2
PLe, Categorie 4
PLe, Categorie 4
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
90%
99%
Diagnostic Coverage (DC) outputs
99%
MTTFD (Mean Time To Failure dangerous) inputs
> 100 Years (840 Years)
MTTFD (Mean Time To Failure dangerous) outputs
> 100 Years (279 Years)
Safety-related data as per EN 62061 (Regard the entire safety chain!)
Achievable safety level inputs and outputs
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
Achievable safety level outputs
PFH (Probability of Failure per hour in 1/h) inputs
SILCL 3
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PFH (Probability of Failure per hour in 1/h) outputs
Fault reaction time
SILCL 2
SILCL 3
10-8
2,94*10-9
5,56*10-9
Single-channel circuit 1oo1
5 s
Safety-related data as per EN 61508 (Regard the entire safety chain!)
Achievable safety level inputs and outputs
PFH (Probability of Failure per hour in 1/h) inputs
SIL 3
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PFH (Probability of Failure per hour in 1/h) outputs
PFD (Probability of Failure per Demand) inputs
2,17*10-10
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PFD (Probability of Failure per Demand) outputs
HFT (Hardware Failure Tolerance) inputs
8,77*10-4
1,85*10-5
1,85*10-5
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
HFT (Hardware Failure Tolerance) outputs
0
1
1
SFF (Safe Failure Fraction) inputs and outputs
98%
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle.
Classification acc. to EN 61508-2:2010
Type B
1484600000/02/09.2015
10-8
2,17*10-10
u-remote Modules for functional safety manual
39
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Technical data UR20-4DI-4DO-PN-FSPS (Order No. 1335060000)
Inputs
Number
4, two of which are parameterisable P- or N-switching
Input Type
Type 1 and 31) as per IEC 61131-2 (N-switching based on the standard)
Input filter
Input delay adjustable from 1 to 100 ms
Response time
< 10 ms
Low input voltage
P-switching: < 5 V; N-switching: > -5 V to +24 V
High input voltage
P-switching: >11 V; N-switching: < -11 V to +24 V
Sensor supply
Max. 0.8 A per plug, total max. 1.6 A
Sensor connection
2-wire, 3-wire, 4-wire
Reverse polarity protection
yes
Module diagnosis
yes
Individual channel diagnosis
yes
1) Minimum rate of change in transition range: 1 V/s. Deviating from EN 61131-2 the following applies for PN-inputs in P-switching mode:The input will be read “inactive” if the input
voltage considerably exceeds the module supply voltage.
Outputs
40
Number
4, two of which are parameterisable P- or N-switching
Type of load
Ohmic, inductive, lamp load
Response time
< 10 ms
Output current
per channel
0.002 to 0.5 A
per module
max. 2 A
Breaking energy (induktive)
150 mJ/channel
Switching frequency
Resistive load (min. 47 Ω)
10 Hz
Inductive load (DC 13)
0.2 Hz without free-wheeling diode
10 Hz with suitable free-wheeling diode
Lamp load (12 W)
10 Hz
Actuator connection
2-wire
Short-circuit-proof
yes
Protective circuit
Constant current with thermal switch-off
approx. 1,1 A (P-switching), approx. 3,5 A (N-switching)
Response time of the current limiting circuit
< 100 µs
Module diagnosis
yes
Individual channel diagnosis
yes
Reactionless
no
Safe status
P-switching: < 5 V, < 2 mA
N-switching: >-2 mA (referred to +24 V DC)
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Technical data UR20-4DI-4DO-PN-FSPS (Order No. 1335060000)
Supply
Supply voltage
24 V DC +20 %/-15 %
Current consumption from system current path ISYS
8 mA
Current consumption from output current path IOUT
20 mA + output current + current consumption from the auxiliary outputs
General data
Weight (operational status)
93 g
Additional general data, see Section 5.1.
1484600000/02/09.2015
u-remote Modules for functional safety manual
41
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Overview of the editable parameter UR20-4DI-4DO-PN-FSPS
Channel
Description
Options
Default
0 ... 1
Input delay
1 ms / 3 ms / 10 ms / 100 ms
1 ms
0 ... 1
Test pulse*
disabled / enabled
disabled
0
Input polarity
P-switching / N-switching
P-switching
0 + 1
Input dual channel mode (inputs 0 + 1)
single channel / dual channel
single channel
0 + 1
Discrepancy time
5 ms / 50 ms / 2 s / 30 s
5 ms
2 ... 3
Input delay
1 ms / 3 ms / 10 ms / 100 ms
1 ms
2 ... 3
Test pulse*
disabled / enabled
disabled
2
Input polarity
P-switching / N-switching
P-switching
2 + 3
Input dual channel mode (inputs 2 + 3)
single channel / dual channel
single channel
2 + 3
Discrepancy time
5 ms / 50 ms / 2 s / 30 s
5 ms
4 ... 5
Output test pulse duration (output 0 ... 1)
0,5 ms / 1 ms / 3 ms / 10 ms
0.5 ms
4
Output polarity
P-switching / N-switching
P-switching
4 + 5
Output dual channel mode (outputs 0 + 1)
single channel / dual channel
single channel
6 ... 7
Output test pulse duration (output 2 ... 3)
0,3 ms / 1 ms / 3 ms / 10 ms
0,3 ms
6
Output polarity
P-switching / N-switching
P-switching
6 + 7
Output dual channel mode (outputs 2 + 3)
single channel / dual channel
single channel
*Test pulse must be disabled if a safety relay with OSSD outputs generating own test pulses is connected.
The test pulse width depends on the parameterised input
delay:
Input delay [ms]
1
3
10
100
Test pulse width [ms]
0.5
1
3
10
1
The module independently performs a plausibility test for the
relevant pair of inputs or outputs, if the dual channel mode
is parameterised. On this it will be checked if both inputs or
outputs become active or inactive simultaneously within the
discrepancy time.
2
DO (PN)
1
DO (P)
3
DO (PN)
1
DO (P)
3
DO (PN)
1
DO (P)
3
External circuit of a PN/P-output pair
The outputs of UR20-4DI-4DO-PN-FSPS can be wired as follows:
3
Options for the external circuit of the outputs
Circuit diagramm Parameterising
1
2
3
42
2 x single channel, P-switching
or
dual channel, P-switching
2 x single channel, first channel N-switching
dual channel, first channel N-switching
2
4
2
24 V DC
4
2
4
External circuit of the outputs
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Diagnostic data UR20-4DI-4DO-PN-FSPS
Name
Error indicator
Byte
0
Module Type
1
Error byte 2
2
Error byte 3
Channel Type
Diagnostic bits
per channel
Number of channels
3
4
Bit
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0 ... 7
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
5
6
Channel error
7
Channel 8 error
...
Channel 10 error
8
...
10
1484600000/02/09.2015
0
1
2
3
4
5
6
7
Diagnostic data UR20-4DI-4DO-PN-FSPS
Description
Default
Module error
Internal error
Reserved
Channel error
Reserved
Reserved
Reserved
0
1
1
0
0
1
0
0
0
Failure code
0
0
0
0
Communication fault
0
0
0
1
1
1
0
1
1
1
0
Number of diagnostic bit per
channel
Number of similar channels per
module
Error at channel 0
Error at channel 1
Error at channel 2
Error at channel 3
Error at channel 4
Error at channel 5
Error at channel 6
Error at channel 7
0 ... 7 Reserved
0
0
0
0
0
0
0
0
Name
Byte
Channel 11 error
11
Channel 12 error
12
Channel 13 error
13
Channel 14 error
14
Channel 15 error
15
Channel 16 error
16
Channel 17 error
17
Channel 18 error
18
0x03
0
0
0
0
0
0
0
0
0
0
0
0
0
0x77
0
8
8
0
0
0
0
0
0
0
0
Bit
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
Description
Input 0, Test error
Input 0, Cross connection
Input 0, Discrepancy error
Input 0, Other error
Reserved
Input 1, Test error
Input 1, Cross connection
Input 1, Discrepancy error
Input 1, Other error
Reserved
Input 2, Test error
Input 2, Cross connection
Input 2, Discrepancy error
Input 2, Other Error
Reserved
Input 3, Test error
Input 3, Cross connection
Input 3, Discrepancy error
Input 3, Other Error
Reserved
Output 0, Shortcut
Output 0, Cross connection
Output 0, Readback error
Output 0, Other Error
Reserved
Output 1, Shortcut
Output 1, Cross connection
Output 1, Readback error
Output 1, Other error
Reserved
Output 2, Shortcut
Output 2, Cross connection
Output 2, Readback error
Output 2, Other error
Reserved
Output 3, Shortcut
Output 3, Cross connection
Output 3, Readback error
Output 3, Other error
Reserved
Channel 19 error 19
...
...
0 ... 7 Reserved
Channel 42 error 42
Time stamp
43-46
time stamp [µs] (32bit)
Default
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
u-remote Modules for functional safety manual
43
5 Detailed descriptions of safe modules | Digital in- and output module UR20-4DI-4DO-PN-FSPS
Process data* inputs UR20-4DI-4DO-PN-FSPS
Byte
Bit
IB0
IX0.0
IX0.1
IX0.2
IX0.3
Description
DI0
DI1
DI2
DI3
*Standard data format
Process data* outputs UR20-4DI-4DO-PN-FSPS
Byte
Bit
QB0
QX0.0
QX0.1
QX0.2
QX0.3
Description
DO0
DO1
DO2
DO3
*Standard data format
44
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
5.6
Digital input module UR20-8DI-PN-FSPS
8DI·PN
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DI 4 (PN)
AUX-O 4
AUX-O 5
DI 5 (P)
DI 6 (PN)
AUX-O 6
AUX-O 7
DI 7 (P)
8DI·PN
1
1
2
3
4
1
2
2
3
4
1
3
2
3
4
1
4
2
3
4
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
DI 4 (PN)
AUX-O 4
AUX-O 5
DI 5 (P)
DI 6 (PN)
AUX-O 6
AUX-O 7
DI 7 (P)
1
1
2
3
GND
24 V DC
4
1
2
2
3
4
Safety relay
with OSSD
outputs
1
Safety relay
with OSSD
24 V DC outputs
2
GND
1
3
2
3
4
1
4
2
3
4
Digital input module UR20-8DI-PN-FSPS (Best.‑Nr. 1335070000)
Connection diagram UR20-8DI-PN-FSPS (*switchable)
The UR20-8DI-PN-FSPS digital input module is a safe I/O
module for the PROFIsafe protocol. The module can detect
up to 8 binary control signals. Two sensors can be connected
to each connector using a 2-wire, 3-wire or 4-wire connection. In the event that the available supply current of 0.8 A
per plug will not suffice, the sensor supply must be realised
using the auxiliary outputs of another module (e.g. potential
distribution module) within the same power segment.
A status LED is assigned to each channel. The module electronics supply the connected sensors with power from the
input current path (IIN)
A test pulse check of the inputs can be parameterised as a
cross-circuit detection between input singal and supply voltage, between different input signals or other signals. Thus an
input gets active only when the signal of the dedicated auxiliary output is pending. The test pulses must be disabled if a
safety relay with OSSD outputs generating own test pulses is
connected.
A safety sensor that is being connected in a dual channel mode (safety architecture of category 4 acc. to
DIN EN ISO 13849) must allocate the PN and the P-input of
one connector.
1484600000/02/09.2015
u-remote Modules for functional safety manual
45
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
Module status LED
Green: Communication on system bus
3 s green/1 s red: Waiting for parameters
1 s green/1 s red: Waiting for acknowledgement by safety control
Red: Collective error diagnostic
8DI-PN
1.1
Yellow: Input 0 active
1.3
Red: Error sensor supply or input 0 or input 1
1.4
Yellow: Input 1 active
2.1
Yellow: Input 2 active
2.3
Red: Error sensor supply or input 2 or input 3
2.4
Yellow: Input 3 active
3.1
Yellow: Input 4 active
3.3
Red: Error sensor supply or input 4 or input 5
3.4
Yellow: Input 5 active
4.1
Yellow: Input 6 active
4.3
Red: Error sensor supply or input 6 or input 7
4.4
Yellow: Input 7 active
LED indicators UR20-8DI-PN-FSPS, error messages see Chapter 7
System
bus
Config.
switch
µC
Type 3
USYS
µC
DC
UIN
µC
DC
DI 0
•
•
•
•
DI 7
AUX-O 0
•
•
•
•
AUX-O 7
1
DI 0 (PN)
AUX-O 0
AUX-O 1
DI 1 (P)
2
DI 2 (PN)
AUX-O 2
AUX-O 3
DI 3 (P)
3
DI 4 (PN)
AUX-O 4
AUX-O 5
DI 5 (P)
4
DI 6 (PN)
AUX-O 6
AUX-O 7
DI 7 (P)
UOUT
Block diagram UR20-8DI-PN-FSPS
46
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
Technical data UR20-8DI-PN-FSPS (Order No. 1335070000)
System data
Data
Process, parameter and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data as per EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
PLd, Categorie 2
PLe, Categorie 4
Diagnostic Coverage (DC)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
90%
99%
MTTFD (Mean Time To Failure dangerous)
> 100 Years (840 Years)
Safety-related data as per EN 62061 (Regard the entire safety chain!)
Achievable safety level
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
SILCL 2
SILCL 3
PFH (Probability of Failure per hour in 1/h)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
10-8
2,94*10-9
Fault reaction time
Single-channel circuit 1oo1
10 s
Safety-related data as per EN 61508 (Regard the entire safety chain!)
Achievable safety level
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
SIL 2
SIL 3
PFH (Probability of Failure per hour in 1/h)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
10-8
2,17*10-10
PFD (Probability of Failure per Demand)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
8,77*10-4
1,85*10-5
HFT (Hardware Failure Tolerance)
Single-channel circuit 1oo1
Dual-channel circuit 1oo2
0
1
SFF (Safe Failure Fraction)
98%
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle.
Classification acc. to EN 61508-2:2010
Type B
1484600000/02/09.2015
u-remote Modules for functional safety manual
47
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
Technical data UR20-8DI-PN-FSPS (Order No. 1335070000)
Inputs
Number
8, four of which are parameterisable P- or N-switching
Input Type
Type 1 and 31) as per IEC 61131-2 (N-switching based on the standard)
Input filter
Input delay adjustable from 1 to 100 ms
Response time
< 10 ms
Low input voltage
P-switching: < 5 V; N-switching: > -5 V to +24 V
High input voltage
P-switching: >11 V; N-switching: < -11 V to +24 V
Sensor supply
Max. 0.8 A per plug, total max. 3.2 A
Sensor connection
2-wire, 3-wire, 4-wire
Reverse polarity protection
yes
Module diagnosis
yes
Individual channel diagnosis
yes
1) Minimum rate of change in transition range: 1 V/s. Deviating from EN 61131-2 the following applies for PN-inputs in P-switching mode:The input will be read “inactive” if the input
voltage considerably exceeds the module supply voltage.
Supply
Supply voltage
24 V DC +20 %/-15 %
Current consumption from system current path ISYS
8 mA
Current consumption from output current path IOUT
20 mA + output current + current consumption from the auxiliary outputs
General data
Weight (operational status)
92 g
Additional general data, see Section 5.1.
48
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
Overview of the editable parameter UR20-8DI-PN-FSPS
Channel
Description
Options
Default
0 ... 1
Input delay
1 ms / 3 ms / 10 ms / 100 ms
1 ms
0 ... 1
Test pulse1)
disabled / enabled
disabled
0
Input polarity
P-switching / N-switching
P-switching
0 + 1
Input dual channel mode (inputs 0 + 1)
single channel / dual channel
single channel
0 + 1
Discrepancy time
5 ms / 50 ms / 2 s / 30 s
5 ms
2 ... 3
Input delay
1 ms / 3 ms / 10 ms / 100 ms
1 ms
2 ... 3
Test pulse
disabled / enabled
disabled
2
Input polarity
P-switching / N-switching
P-switching
2 + 3
Input dual channel mode (inputs 2 + 3)
single channel / dual channel
single channel
2 + 3
Discrepancy time
5 ms / 50 ms / 2 s / 30 s
5 ms
4 ... 5
Input delay
1 ms / 3 ms / 10 ms / 100 ms
1 ms
4 ... 5
Test pulse
disabled / enabled
disabled
4
Input polarity
P-switching / N-switching
P-switching
4 + 5
Input dual channel mode (inputs 4 + 5)
single channel / dual channel
single channel
4 + 5
Discrepancy time
5 ms / 50 ms / 2 s / 30 s
5 ms
6 ... 7
Input delay
1 ms / 3 ms / 10 ms / 100 ms
1 ms
6 ... 7
Test pulse1)
disabled / enabled
disabled
6
Input polarity
P-switching / N-switching
P-switching
6 + 7
Input dual channel mode (inputs 6 + 7)
single channel / dual channel
single channel
6 + 7
Discrepancy time
5 ms / 50 ms / 2 s / 30 s
5 ms
1)
1)
1) Test pulse must be disabled if a safety relay with OSSD outputs generating own test pulses is connected.
The test pulse width depends on the parameterised input
delay:
Input delay [ms]
1
3
10
100
Test pulse width [ms]
0.5
1
3
10
The module independently performs a plausibility test for the
relevant pair of inputs or outputs, if the dual channel mode
is parameterised. On this it will be checked if both inputs or
outputs become active or inactive simultaneously within the
discrepancy time.
1484600000/02/09.2015
u-remote Modules for functional safety manual
49
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
Diagnostic data UR20-8DI-PN-FSPS
Name
Error indicator
0
Module Type
1
Error byte 2
2
Error byte 3
Channel Type
Diagnostic bits
per channel
Number of
channels
50
Byte
3
4
Bit
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0 ... 7
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
5
6
Channel error
7
Channel 8 error
...
Channel 10 error
8
...
10
0
1
2
3
4
5
6
7
Diagnostic data UR20-8DI-PN-FSPS
Beschreibung
Default
Module error
Internal error
Reserved
Channel error
Reserved
Reserved
Reserved
0
1
1
0
0
1
0
0
0
Failure code
0
0
0
0
Communication fault
0
0
0
0
1
0
1
1
1
1
0
Number of diagnostic bit per
channel
Number of similar channels per
module
Error at channel 0
Error at channel 1
Error at channel 2
Error at channel 3
Error at channel 4
Error at channel 5
Error at channel 6
Error at channel 7
0 ... 7 Reserved
0
0
0
0
0
0
0
0
Name
Byte
Channel 11 error
11
Channel 12 error
12
Channel 13 error
13
Channel 14 error
14
Channel 15 error
15
Channel 16 error
16
Channel 17 error
17
Channel 18 error
18
0x03
1
0
0
0
0
0
0
0
0
0
0
0
0
0x7A
0
8
8
0
0
0
0
0
0
0
0
Bit
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
0
1
2
3
4 ... 7
Beschreibung
Default
Input 0, Test error
Input 0, Cross connection
Input 0, Discrepancy error
Input 0, Other error
Reserved
Input 1, Test error
Input 1, Cross connection
Input 1, Discrepancy error
Input 1, Other error
Reserved
Input 2, Test error
Input 2, Cross connection
Input 2, Discrepancy error
Input 2, Other error
Reserved
Input 3, Test error
Input 3, Cross connection
Input 3, Discrepancy error
Input 3, Other error
Reserved
Input 4, Test error
Input 4, Cross connection
Input 4, Discrepancy error
Input 4, Other error
Reserved
Input 5, Test error
Input 5, Cross connection
Input 5, Discrepancy error
Input 5, Other error
Reserved
Input 6, Test error
Input 6, Cross connection
Input 6, Discrepancy error
Input 6, Other error
Reserved
Input 7, Test error
Input 7, Cross connection
Input 7, Discrepancy error
Input 7, Other error
Reserved
Channel 19 error 19
...
...
0 ... 7 Reserved
Channel 42 error 42
Time stamp
43-46
time stamp [µs] (32bit)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Digital input module UR20-8DI-PN-FSPS
Process data* inputs UR20-8DI-PN-FSPS
Byte
Bit
IB0
IX0.0
IX0.1
IX0.2
IX0.3
IX0.4
IX0.5
IX0.6
IX0.7
Description
DI0
DI1
DI2
DI3
DI4
DI5
DI6
DI7
* Standard data format
1484600000/02/09.2015
u-remote Modules for functional safety manual
51
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-1DI-SIL
5.7
Safe power-feed module UR20-PF-O-1DI-SIL
PF-O 1DI
S 11
S 12
S 21
S 22
Man Start 1
Man Start 2
Autostart 1
Autostart 2
1
1
2
3
4
1
3
2
3
or
4
1
24 V Safe
24 V DC
GND
52
4
2
3
4
Safe power-feed module UR20-PF-O-1DI-SIL (Order No. 1335030000)
Connection diagram UR20-PF-O-1DI-SIL
The power-feed module UR20-PF-O-1DI-SIL enables the
safe feed-in for the output current path. The module ensures
that an emergency stop circuit can be monitored, and using
the 24 V Safe output it can be forwarded to a PLC or also
cascaded to a further u-remote station. Almost all Types of
output modules will be safely switched-off (SIL 3/Ple/Cat. 4)
when they are placed within the safety segment (see survey
of switchable modules in section 4.3).
For restarting, either the manual or the auto input can be
switched. In any case, the system must be reset by pressing
the manual reset for 0.1 to 2 seconds after setting the supply voltage.
The evaluation of test pulses in the safety circuits provides
the detection of faults or manipulations of the wiring. Therefore every second a low pulse of 1 ms is being generated in
each circuit, these pulses are phase-shifted.
The connections Safety Input 0 (S 11, S 21), Man Start 1 and
Autostart 1 are digital inputs Type 3 according to EN 611312. The Man Start 1 input can also be controlled by a standard
PLC output.
The auxiliary outputs S 12, S 22, Man Start 2 and Autostart 2
must only be used for refeeding the allocated inputs.
The maximum feed-in current in the output current path is
8 A.
ATTENTION
Risk of material damage!
In the case of a maximum power supply of 8 A and a
maximum temperature of +60 °C, all wired contacts on the
fourth connector must be connected with 1.5 mm² wiring!
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-1DI-SIL
Module status LED
Green: Communication on system bus
1DI-SIL
1.1
Yellow: Safety circuit 0 OK
4.2
Yellow: 24 V Safe output active
4.3
Green: Feed-in voltage in valid range
LED indicators UR20-PF-O-1DI-SIL, error messages see Chapter 7
System
bus
µC
Type 3
USYS
µC
µC
DC
UIN
Safety
UOUT
DC
24 V Safe
1
Safety 0.0
Safety 0.1
Safety 0.2
Safety 0.3
2
3
Man Start1
Man Start2
Autostart1
Autostart2
4
24 V Safe
24 V DC Input
GND
GND
Block diagram UR20-PF-O-1DI-SIL (see also sample design in chapter 4.1)
1484600000/02/09.2015
u-remote Modules for functional safety manual
53
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-1DI-SIL
Technical data UR20-PF-O-1DI-SIL Order No. 1335030000)
System data
Data
Process and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data as per EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level
PLe und Categorie 4
Diagnostic Coverage (DC)
99%
MTTFD (Mean Time To Failure dangerous)
> 100 Years
Safety-related data as per EN 62061 (Regard the entire safety chain!)
Achievable safety level
SILCL 3
PFH (Probability of Failure per hour in 1/h)
6,27*10-9
Fault reaction time
10 s
Safety-related data as per EN 61508 (Regard the entire safety chain!)
Achievable safety level
SIL 3
PFH (Probability of Failure per hour in 1/h)
6,27*10-9
HFT (Hardware Failure Tolerance)
1
SFF (Safe Failure Fraction)
98,58 %
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle.
Classification acc. to EN 61508-2:2010
Type B
Inputs
Safety inputs
Input Type
Inputs for start function
Input Type
1 x 2channel
Type 3 as per IEC 61131-2
2 (manual start and autostart)
Type 3 as per IEC 61131-2
Outputs
Safety output (24 V Safe)
Output current
8 A
Overload protection
excess temperature proof and overload-proof, short circuit proof with external fuse (see below)
Response time for turn-off
< 20 ms
Response time for activating the output
< 2 s
Auxiliary outputs
Output current
54
1
2 x 2
max. 10 mA (only to support the dedicated inputs)
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-1DI-SIL
Technical data UR20-PF-O-1DI-SIL Order No. 1335030000)
Diagnosis
Module diagnosis
yes
Individual channel diagnosis
yes
Supply
Supply voltage
24 V DC +20 %/-15 % via system bus
External pre-fusing
Mandatory: super fast, max. 8 A
Reverse battery protection
yes
Current consumption from system current path ISYS
8 mA
Current consumption from input current path IIN
35 mA
General data
Weight (operational status)
80 g
Additional general data, see Section 5.1.
Process data* UR20-PF-O-1DI-SIL
Byte
Bit definition
Description
Status
0
Safety input 0
0 - inactive, 1 - active
1
Reserved
2
AutoStart
0 - inactive, 1 - active
3
Man Start
0 - inactive, 1 - active
4
Safety input 0 / channel 1
0 - inactive, 1 - active
5
Safety input 0 / channel 2
0 - inactive, 1 - active
6
Reserved
7
Reserved
0
24 V Safe output
1
Reserved
0
1
2
24 V DC
3–7
Reserved
2
0–7
Reserved
3
0–7
Reserved
0 - inactive, 1 - active
0 - no feed-in, 1 - power feed-in pending
* Standard data format
1484600000/02/09.2015
u-remote Modules for functional safety manual
55
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-1DI-SIL
Diagnostic data UR20-PF-O-1DI-SIL
Name
Error indicator
Module Type
0
1
Error byte 2
2
Error byte 3
3
Channel Type
Diagnostic bits
per channel
Number of channels
56
Byte
4
Bit
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0 ... 7
0
1
2
3
4
5
6
7
0 ... 6
7
5
6
Channel error
7
Channel error
8
Channel error
Channel error
9
10
Safety input 0
11
Error at channel 1
12
0
1
2
3
4
5
6
7
8
9 ... 15
16 ... 23
24 ... 31
0
1
2
3 ... 7
0 ... 7
Diagnostic data UR20-PF-O-1DI-SIL
Description
Default
Module error
Internal error
External error
Channel error
Reserved
Power supply fault
Reserved
0
Name
Byte
Bit
13
14
0 ... 7
0 ... 7
0
1 ... 7
0 ... 7
0 ... 7
0
1
2
3
4 ... 7
0 ... 7
Autostart
Man Start
Safety input 0
Value
Error at channel 5
SS1 Output
16
17
24 V Safe Output
18
15
0
Module Type
0x03
Channel information available
Reserved
Reserved
Reserved
Failure Code
Temperature Error
Internal Error
Fuse Error
Reserved
Communication fault
Reserved
Reserved
Reserved
Channel Type
Reserved
Number of diagnostic bits per
channel
Number of similar channels
per module
Error at channel 0
Error at channel 1
Error at channel 2
Error at channel 3
Error at channel 4
Error at channel 5
Error at channel 6
Error at channel 7
Error at channel 8
Reserved
Reserved
Reserved
Input Discrepancy Error
Input Pulse Error
Input Test Error
Reserved
Reserved
1
0
0
0
Description
Default
Reserved
Reserved
Input Discrepancy Error
Reserved
Reserved
Reserved
24 V Safe switch test failure
24 V Safe voltage too high
24 V Safe voltage too low
24 V Safe overload
Reserved
Reserved
24 V Safe Input
19
Error at channel 9
to
20 ... 42 0 ... 7 Reserved
Error at channel
31
Time stamp
43 ... 46
Time stamp [µs] (32 bits)
0
0
0
0
0
0
0
0
0
0
0
0
0
0x78
0
4
9
0
0
0
0
0
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-SIL
5.8
Safe power-feed module UR20-PF-O-2DI-SIL
PF-O 2DI
S 11
S 12
S 21
S 22
S 31
S 32
S 41
S 42
Man Start 1
Man Start 2
Autostart 1
Autostart 2
1
1
2
3
4
1
2
2
3
4
1
3
2
3
or
4
1
24 V Safe
24 V DC
GND
4
2
3
4
Safe power-feed module UR20-PF-O-2DI-SIL (Order No. 1335050000)
Connection diagram UR20-PF-O-2DI-SIL
The power-feed module UR20-PF-O-2DI-SIL enables the safe
feed-in for the output current path. The module ensures that
two emergency stop circuits can be monitored, and using
the 24 V Safe output they can be forwarded to a PLC or also
cascaded to a further u-remote station. Almost all Types of
output modules will be safely switched-off (SIL 3/Ple/Cat. 4)
when they are placed within the safety segment (see survey
of switchable modules in section 4.3).
For restarting, either the manual or the auto input can be
switched. In any case, the system must be reset by pressing
the manual reset for 0.1 to 2 seconds after setting the supply voltage.
The evaluation of test pulses in the safety circuits provides
the detection of faults or manipulations of the wiring. Therefore every second a low pulse of 1 ms is being generated in
each circuit, these pulses are phase-shifted.
The connections Safety Input 0 (S 11, S 21), Safety Input 1
(S 31, S 41), Man Start 1 and Autostart 1 are digital inputs
Type 3 according to EN 61131-2. The Man Start 1 input can
also be controlled by a standard PLC output.
The auxiliary outputs S 12, S 22, S 32, S 42, Man Start 2 and
Autostart 2 must only be used for refeeding the allocated
inputs.
The maximum feed-in current in the output current path is
8 A.
1484600000/02/09.2015
ATTENTION
Risk of material damage!
In the case of a maximum power supply of 8 A and a
maximum temperature of +60 °C, all wired contacts on the
fourth connector must be connected with 1.5 mm² wiring!
u-remote Modules for functional safety manual
57
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-SIL
Module status LED
Green: Communication on system bus
2DI-SIL
1.1
Yellow: Safety circuit 0 OK
2.1
Yellow: Safety circuit 1 OK
4.2
Yellow: 24 V Safe output active
4.3
Green: Feed-in voltage in valid range
LED indicators UR20-PF-O-2DI-SIL, error messages see Chapter 7
System
bus
µC
USYS
µC
µC
DC
UIN
Safety
UOUT
DC
24 V DC Safe
Type 3
1
Safety 0.0
Safety 0.1
Safety 0.2
Safety 0.3
2
Safety 1.0
Safety 1.1
Safety 1.2
Safety 1.3
3
Man Start1
Man Start2
Autostart1
Autostart2
4
24 V DC Safe
24 V DC Input
GND
GND
Block diagram UR20-PF-O-2DI-SIL (see also sample design in chapter 4.1)
58
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-SIL
Technical data UR20-PF-O-2DI-SIL Order No. 1335050000)
System data
Data
Process and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data as per EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level
PLe und Categorie 4
Diagnostic Coverage (DC)
99%
MTTFD (Mean Time To Failure dangerous)
> 100 Years
Safety-related data as per EN 62061 (Regard the entire safety chain!)
Achievable safety level
SILCL 3
PFH (Probability of Failure per hour in 1/h)
6,27*10-9
Fault reaction time
10 s
Safety-related data as per EN 61508 (Regard the entire safety chain!)
Achievable safety level
SIL 3
PFH (Probability of Failure per hour in 1/h)
6,27*10-9
HFT (Hardware Failure Tolerance)
1
SFF (Safe Failure Fraction)
98,58 %
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle.
Classification acc. to EN 61508-2:2010
Type B
Inputs
Safety inputs
Input Type
Inputs for start function
Input Type
2 x 2channel
Type 3 as per IEC 61131-2
2 (manual start and autostart)
Type 3 as per IEC 61131-2
Outputs
Safety output (24 V Safe)
1
Output current
8 A
Overload protection
Excess temperature proof and overload-proof, short circuit proof with external fuse (see below)
Response time for turn-off
< 20 ms
Response time for activating the output
< 2 s
Auxiliary outputs
Output current
1484600000/02/09.2015
3 x 2
Max. 10 mA (only to support the inputs dedicated inputs)
u-remote Modules for functional safety manual
59
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-SIL
Technical data UR20-PF-O-2DI-SIL Order No. 1335050000)
Diagnosis
Module diagnosis
yes
Individual channel diagnosis
yes
Supply
Supply voltage
24 V DC +20 %/-15 %
External pre-fusing
Mandatory: super fast, max. 8 A
Reverse battery protection
yes
Current consumption from system current path ISYS
8 mA
Current consumption from input current path IIN
35 mA
General data
Weight (operational status)
82 g
Additional general data, see Section 5.1.
Process data* UR20-PF-O-2DI-SIL
Byte
0
1
Bit definition
Description
Status
0
Safety input 0
0 - inactive, 1 - active
1
Safety input 1
0 - inactive, 1 - active
2
AutoStart
0 - inactive, 1 - active
3
Man Start
0 - inactive, 1 - active
4
Safety input 0 / channel 1
0 - inactive, 1 - active
5
Safety input 0 / channel 2
0 - inactive, 1 - active
6
Safety input 1 / channel 1
0 - inactive, 1 - active
7
Safety input 1 / channel 2
0 - inactive, 1 - active
0
24 V Safe output
0 - inactive, 1 - active
1
Reserved
2
24 V DC
3 ... 7
Reserved
2
0–7
Reserved
3
0–7
Reserved
0 - no feed-in, 1 - power feed-in pending
*Standard data format
60
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-SIL
Diagnostic data UR20-PF-O-2DI-SIL
Name
Error indicator
Module Type
Error byte 2
Error byte 3
Channel Type
Diagnostic bits per
channel
Number of channels
Byte
0
1
2
3
4
5
6
Channel error
7
Channel error
8
Channel error
Channel error
9
10
Safety input 0
11
1484600000/02/09.2015
Diagnostic data UR20-PF-O-2DI-SIL
Bit
Description
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0
0
Module error
Internal error
External error
Channel error
Reserved
Power supply fault
Reserved
0
Default
0
0
Module Type
0x03
Channel information available
Reserved
Reserved
Reserved
Failure Code
Temperature Error
Internal Error (self-test, LDO,
1
etc)
2 Fuse error
3 Reserved
4 Communication fault
5 Reserved
6 Reserved
7 Reserved
0 ... 6 Channel Type
7 Reserved
Number of diagnostic bits per
channel
Number of similar channels
per module
0 Error at channel 0
1 Error at channel 1
2 Error at channel 2
3 Error at channel 3
4 Error at channel 4
5 Error at channel 5
6 Error at channel 6
7 Error at channel 7
8 Error at channel 8
9 ... 15 Reserved
16 ... 23 Reserved
24 ... 31 Reserved
0 Input Discrepancy Error
1 Input Pulse Error
2 Input Test Error
3 ... 7 Reserved
1
0
0
0
0
0
Name
Byte
Safety input 1
12
Autostart
Man Start
Safety input 0
Value
Safety input 1
Value
SS1 Output
13
14
24 V Safe Output
15
16
17
18
Bit
0
1
2
3 ... 7
0 ... 7
0 ... 7
0
1 ... 7
0
1 ... 7
0 ... 7
0
1
2
3
4 ... 7
0 ... 7
Description
Input Discrepancy Error
Input Pulse Error
Input Test Error
Reserved
Reserved
Reserved
Input Discrepancy Error
Reserved
Input Discrepancy Error
Reserved
Reserved
24 V Safe switch test failure
24 V Safe voltage too high
24 V Safe voltage too low
24 V Safe overload
Reserved
Reserved
24 V DC
19
Error at channel 9
to
20 ... 42 0 ... 7 Reserved
Error at channel 31
Time stamp
43 ... 46
Time stamp [µs] (32 bits)
Default
0
0
0
0
0
0
0
0
0
0
0
0
0
0x78
0
4
9
0
0
0
0
u-remote Modules for functional safety manual
61
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
5.9
Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
PF·O·2DI·DLY
S 11
S 12
S 21
S 22
S 31
S 32
S 41
S 42
Man Start 1
Man Start 2
Autostart 1
Autostart 2
SS1
24V Safe
24VDC
GND
62
PF·O·2DI·DLY
1
1
S 11
S 12
S 21
S 22
2
3
4
1
2
S 31
S 32
S 41
S 42
2
3
4
1
3
2
3
or
4
1
4
Man Start 1
Man Start 2
Autostart 1
Autostart 2
SS1
24VSafe
24V DC
GND
2
3
4
1
1
2
3
4
1
2
2
3
4
Safety
device with
OSSD
outputs
+ –
1
3
2
3
or
4
1
4
2
3
4
Safe power-feed module UR20-PF-O-2DI-DELAY-SIL (Order No. 1335040000)
Connection diagram UR20-PF-O-2DI-DELAY-SIL
The power-feed module UR20-PF-O-2DI-DELAY-SIL enables
the safe feed-in for the output current path. The module ensures that two emergency stop circuits can be monitored,
and using the 24 V Safe output they can be forwarded to
a PLC or also cascaded to a further u-remote station. The
switch-off delay can be set using DIP switches. The undelayed status is displayed with the SS1 output. Almost all
Types of output modules will be safely switched-off (SIL 3/
Ple/Cat. 4) when they are placed within the safety segment
(see survey of switchable modules in section 4.3).
For restarting, either the manual or the auto input can be
switched. In any case, the system must be reset by pressing
the manual reset for 0.1 to 2 seconds after setting the supply voltage.
The evaluation of test pulses in the safety circuits provides
the detection of faults or manipulations of the wiring. Therefore every second a low pulse of 1 ms is being generated in
each circuit, these pulses are phase-shifted. The evaluation
of the test pulses can be activated or deactivated by setting
DIP-switches.
The connections Safety Input 0 (S 11, S 21), Safety Input 1
(S 31, S 41), Man Start 1 and Autostart 1 are digital inputs
Type 3 according to EN 61131-2. The Man Start 1 input can
also be controlled by a standard PLC output.
Safety sensors with OSSD outputs or standard PLC outputs
can be connected if the safety inputs are used in mode “no
test pulses”. In this case another safety review is obligatory.
The auxiliary outputs S 12, S 22, S 32, S 42, Man Start 2 and
Autostart 2 must only be used for refeeding the allocated
inputs.
In the case that several UR20-PF-O-xDI-SIL modules are used
in cascades please regard that the triggering of a UR20-PFO-xDI-SIL module will switch off the power supply of all subsequent power-feed modules. A delay of these modules is no
longer effective.
The maximum feed-in current in the output current path is
8 A.
ATTENTION
Risk of material damage!
In the case of a maximum power supply of 8 A and a
maximum temperature of +60 °C, all wired contacts on the
fourth connector must be connected with 1.5 mm² wiring!
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
Module status LED
Green: Communication on system bus
2DI-SIL-DLY
1.1
Yellow: Safety circuit 0 OK
2.1
Yellow: Safety circuit 1 OK
4.1
Yellow: SS1 output active
4.2
Yellow: 24 V Safe output active
4.3
Green: Feed-in voltage in valid range
LED indicators UR20-PF-O-2DI-DELAY-SIL, error messages see Chapter 7
System
bus
Config.
switch
µC
Config.
switch
Type 3
USYS
µC
µC
DC
UIN
Safety
UOUT
DC
SS1
24 V DC Safe
1
Safety 0.0
Safety 0.1
Safety 0.2
Safety 0.3
2
Safety 1.0
Safety 1.1
Safety 1.2
Safety 1.3
3
Man Start1
Man Start2
Autostart1
Autostart2
4
SS1 24 V DC
24 V DC Safe
24 V DC Input
GND
GND
Block diagram UR20-PF-O-2DI-DELAY-SIL (see also sample design in chapter 4.1)
1484600000/02/09.2015
u-remote Modules for functional safety manual
63
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
ATTENTION
To ensure the safety functions regard the following instructions for adjustment:
ON D I P
1
2
3
4
ON D I P
1
2
3
4
–– DIP switches of equal numbers must have identical positions in both rows.
–– If an external device generating pulses is connected to a
safety input of the UR20-PF-O-2DI-DELAY-SIL, this input
must be operated in mode “no test pulses” (DIP switch
setting “ON”).
–– When operating in mode “no test pulses”
–– the test pulses of the external device must be shorter
than 2 ms, otherwise the safe output will be deactivated.
–– a safe laying of cables can be neccessary depending
on the required safety level.
DIP switch on the UR20-PF-O-2DI-DELAY-SIL
Input
1
Delay
▶▶ Please use e.g. a ball pen to set the DIP
switches and avoid spiky or sharp-edged
tools.
Function
2
3
4
X
X
X
Safety input 0 evaluating own test pulses
X
X
X
Safety input 0 no test pulses
X
X
X
Safety input 1 evaluating own test pulses
X
X
X
Safety input 1 no test pulses
X
X
24 V Safe: no delay
X
X
24 V Safe: delay 1 second
X
X
24 V Safe: delay 30 seconds
X
X
24 V Safe: delay 60 seconds
Setting options for the DIP switch
= ON
= OFF
X = setting not relevant
64
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
Technical data UR20-PF-O-2DI-DELAY-SIL Order No. 1335040000)
System data
Data
Process and diagnostic data depend on the coupler used, see section 5.2
Interface
u-remote system bus
System bus transfer rate
48 Mbps
Safety-related data as per EN ISO 13849 (Regard the entire safety chain!)
Achievable safety level
PLe und Categorie 4
Diagnostic Coverage (DC)
99%
MTTFD (Mean Time To Failure dangerous)
> 100 Years
Safety-related data as per EN 62061 (Regard the entire safety chain!)
Achievable safety level
SILCL 3
PFH (Probability of Failure per hour in 1/h)
6,27*10-9
Fault reaction time
10 s
Safety-related data as per EN 61508 (Regard the entire safety chain!)
Achievable safety level
SIL 3
PFH (Probability of Failure per hour in 1/h)
6,27*10-9
HFT (Hardware Failure Tolerance)
1
SFF (Safe Failure Fraction)
98,58 %
Presumed lifecycle time
20 Years
Prooftest intervall
No prooftest needed within the life cycle.
Classification acc. to EN 61508-2:2010
Type B
Inputs
Safety inputs
Input Type
Inputs for start function
Input Type
2 x 2channel
Type 3 as per IEC 61131-2
2 (manual start and autostart)
Type 3 as per IEC 61131-2
Outputs
Safety output (24 V Safe)
1
Output current
8 A
Overload protection
Excess temperature proof and overload-proof, short circuit proof with external fuse (see below)
Response time for turn-off
< 20 ms
Response time for activating the output
< 2 s
Output SS1
1
Output current
0.5 A, overload behaviour as per IEC 61131-2
Overload protection
Excess temperature proof and overload-proof, short circuit proof with external fuse (see below)
Auxiliary outputs
Output current
1484600000/02/09.2015
3 x 2
Max. 10 mA (only to support the inputs dedicated inputs)
u-remote Modules for functional safety manual
65
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
Technical data UR20-PF-O-2DI-DELAY-SIL Order No. 1335040000)
Diagnosis
Module diagnosis
yes
Individual channel diagnosis
yes
Supply
Supply voltage
24 V DC +20 %/-15 %
External pre-fusing
Mandatory: super fast, max. 8 A
Reverse battery protection
yes
Current consumption from system current path ISYS
8 mA
Current consumption from input current path IIN
35 mA
General data
Weight (operational status)
84 g
Additional general data, see Section 5.1
Prozess data* UR20-PF-O-2DI-DELAY-SIL
Byte
0
1
2
3
Bit
Description
Status
0
Safety Input 0
0 - inactive, 1 - active
1
Safety Input 1
0 - inactive, 1 - active
2
AutoStart
0 - inactive, 1 - active
3
Man Start
0 - inactive, 1 - active
4
Safety Input 0 / Channel 1
0 - inactive, 1 - active
5
Safety Input 0 / Channel 2
0 - inactive, 1 - active
6
Safety Input 1 / Channel 1
0 - inactive, 1 - active
7
Safety Input 1 / Channel 2
0 - inactive, 1 - active
0
24 V Safe output
0 - inactive, 1 - active
1
SS1 output
0 - inactive, 1 - active
2
24 V DC
0 - no feed-in, 1 - power feed-in pending
3 ... 7
reserved
0 ... 7
reserved
0
DIP-Switch Config
Safety input 0: 0 - Pulse,1 - No Pulse
1
DIP-Switch Config
Safety input 1: 0 - Pulse,1 - No Pulse
DIP-Switch Config
24 V Safe output: 00 - No delay, 01 - Delay 1 s, 10 - Delay 30 s, 11 - Delay
60 s
2
3
4 ... 7
reserved
* Standard data format
66
u-remote Modules for functional safety manual
1484600000/02/09.2015
5 Detailed descriptions of safe modules | Safe power-feed module UR20-PF-O-2DI-DELAY-SIL
Diagnostic data UR20-PF-O-2DI-DELAY-SIL
Name
Error indicator
Module Type
Error byte 2
Error byte 3
Channel Type
Diagnostic bits per
channel
Number of channels
Byte
0
1
2
3
4
Description
0
1
2
3
4
5
6
7
0
1
2
3
Module error
Internal error
External error
Channel error
Reserved
Power supply fault
Reserved
0
4
5
6
7
0
0
1
2
3
4
5
6
7
0 ... 6
7
5
6
Channel error
7
Channel error
8
Channel error
Channel error
9
10
1484600000/02/09.2015
Bit
0
1
2
3
4
5
6
7
8
9
10
11
12 ...15
16 ... 23
24 ... 31
Diagnostic data UR20-PF-O-2DI-DELAY-SIL
Default
Name
Safety input 0
Byte
11
0
0
Module Type
0x03
Channel information available
Reserved
Reserved
Reserved
Failure Code
Temperature Error
Internal Error
Fuse Error
Reserved
Communication fault
Reserved
Reserved
Reserved
Channel Type
Reserved
Number of diagnostic bits
per channel
Number of similar channels
per module
Error at channel 0
Error at channel 1
Error at channel 2
Error at channel 3
Error at channel 4
Error at channel 5
Error at channel 6
Error at channel 7
Error at channel 8
Error at channel 9
Error at channel 10
Error at channel 11
Reserved
Reserved
Reserved
1
0
0
0
0
0
0
0
0
0
0x78
0
4
Safety input 1
12
Autostart
Man Start
Safety input 0
Value
Safety input 1
Value
SS1 Output
13
14
24 V Safe Output
18
24 V DC
Error at channel 9
Error at channel 10
19
20
21
Config Switch
22 15
16
17
Bit
0
1
2
3 ... 7
0
1
2
3 ... 7
0 ... 7
0 ... 7
0
1 ... 7
0
1 ... 7
0 ... 7
0
1
2
3
4 ... 7
0 ... 7
0 ... 7
0 ... 7
0
1 ... 7
Description
Input Discrepancy Error
Input Pulse Error
Input Test Error
Reserved
Input Discrepancy Error
Input Pulse Error
Input Test Error
Reserved
Reserved
Reserved
Input Discrepancy Error
Reserved
Input Discrepancy Error
Reserved
Reserved
24 V Safe switch test failure
24 V Safe voltage too high
24 V Safe voltage too low
24 V Safe overload
Reserved
Reserved
Reserved
Reserved
DIP switch configuration
Reserved
Error at channel 12
to
23 ... 42 0 ... 7 Reserved
Error at channel 31
Time stamp
43 ... 46
Time stamp [µs] (32 bits)
Default
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
12
0
0
0
u-remote Modules for functional safety manual
67
68
u-remote Modules for functional safety manual
1484600000/02/09.2015
6 Installation and replacement 
6
Installation and replacement
WARNING
Explosion risk!
▶▶ Before assembly or replacement, make
sure that there is not a potentially explosive atmosphere!
▶▶ For applications in potentially explosive
atmospheres, observe the installation and
construction requirements of EN 6007915 and/or country-specific regulations.
When using modules for functional safety (safe I/O modules
or safe power-feed modules), please observe the following
additional notes:
–– The modules may only be installed in lockable switch
cabinets which meet protection class IP 54.
–– Please use wire-end ferrules in combination with flexible/
multi-conductor cables.
–– Ensure that external short circuits due to the cabling cannot occur for safety inputs in the configuration without
test pulses (see DIN EN ISO 13849-2 Table D.4).
WARNING
Dangerous contact voltage!
▶▶ All work on the u-remote station must be
carried out with the power supply disconnected.
▶▶ Make sure that the place of installation
(switch cabinet etc.) has been
disconnected from the power supply!
Once an electronic unit is removed from a safe
power-feed module, the inputs and outputs of
the subsequent modules are no longer supplied with power. This is equivalent to triggering the connected safety equipment!
ATTENTION
The product can be destroyed by electrostatic discharge!
The components in the u-remote series can
be destroyed by electrostatic discharge.
▶▶ Please make sure that personnel and work
equipment are sufficiently earthed!
▶▶ Carry out all work during the installation/removal and
replacement of components as described in the u-remote
manual.
1484600000/02/09.2015
u-remote Modules for functional safety manual
63
64
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Example applications for safe I/O modules
7
Example applications
In section 7.1 you will find example applications for safe I/O
modules, the sections 7.2 to 7.12 show example applications of safe power-feed modules.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
7.1
Example applications for safe I/O modules
AOPD
UR20- * -FS*
Input
OSSD1
0V
+24 V
OSSD2
1
2
3
4
DI: P-switching, without test pulses
DI: without test pulses
Example application with active optoelectronic protective device (AOPD)
L+(+24 V)
100 mA
Safety relay
1)
Sensor
1)
1)
1)
UR20- * -FS*
Input
DI: N-switching, without test pulses
1
2
3
4
DI: N-switching, without test pulses
1) max. 40 Ω
M(0 V)
Example application cross-circuiting detection without test pulses
1484600000/02/09.2015
u-remote Modules for functional safety manual
65
7 Example applications | Example applications for safe I/O modules
Safety mat
UR20- * -FS*
Input
DI: N-switching
1
2
3
4
Example application with safety mat
Emergency stop
UR20-4DI-4DO-PN-FS
K1
K2
*
1.1
1.2
1.3
1.4
DI: Test pulse enabled
2.1
2.2
2.3
2.4
DI: Test pulse enabled
DI: Test pulse enabled
DI: Test pulse enabled
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
*Zero-speed monitoring
K1
3N
K2
M
Example application safety door with guard control and zero-speed monitoring
66
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Dual-channel emergency stop monitoring
7.2
Dual-channel emergency stop monitoring
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Manual reset
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
Emergency stop button
Notes
Autostart is possible if the NC circuits
from K3 and K4 are attached to 3.3 and
3.4.
When the emergency stop button is pushed, the PF-O-xDI-SIL
switches off the 24 V supply for the modules* within the
safety segment and thus also contactors K3 and K4. The failure of a switching element in the emergency stop button or
a cross-circuit in its supply lines does not result in the failure
of the emergency stop mechanism and is detected within
the fault-reaction time.
The PF-O-xDI-SIL switches on the 24 V supply for the modules* within the safety segment if:
–– the emergency button is unlocked
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the PF-O-xDI-SIL has switched on the
24 V supply.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
L+(+24 V)
UR20-PF-O-xDI-SIL
1.1
1.2
1.3
1.4
Restart
K3
K4
M(0 V)
UR20-4-DO-P
1.1
1.2
1.3
1.4
K3
K3
2.1
2.2
2.3
2.4
K4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M
Example application for dual-channel emergency stop monitoring
* Switchable modules see section 4.3
1484600000/02/09.2015
u-remote Modules for functional safety manual
67
7 Example applications | Dual-channel light curtain monitoring (AOPD type 4) and emergency stop monitoring
7.3
Dual-channel light curtain monitoring (AOPD type 4) and emergency stop monitoring
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Safety sensor / operating
mechanism
–– Emergency stop button
–– AOPD type 4 (2 semiconductor
outputs, p-switched)
Notes
Autostart is possible if the NC circuits
from K3 and K4 are attached to 3.3 and
3.4.
When the emergency stop button is pushed or the active optoelectronic protective device (AOPD) reacts, the
UR20-PF-O-2DI-DELAY-SIL switches off the 24 V supply for
the modules* within the safety segment and thus also for
contactors K3 and K4. The failure of a switching element in
the emergency stop button or the AOPD as well as a crosscircuit in their supply lines does not result in the failure of the
corresponding safety device and is detected within the faultreaction time. For this purpose, the AOPD must generate a
test pulse on its safety outputs at least once per second.
When using a UR20-PF-O-2DI-DELAY-SIL: If the DIP switch
which is assigned to the corresponding safety circuit is
switched on (in the example DIP switch 2 for LC1) so that
an AOPD generating own test pulses can be connected, it
might be necessary to have a shielded cable installation and
cross-circuit fault detection via the AOPD, depending on the
required safety level.
The UR20-PF-O-2DI-DELAY-SIL switches on the 24 V supply
for the modules* within the safety segment if:
–– the emergency button is unlocked
–– and the active optoelectronic protective device (AOPD) is
free
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
Dual-channel monitoring
Cross-connection detection
Start button
Monitoring of external contactors
(EDM)
–– Self-test of the OSSD in the AOPD
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-2DI-DELAY-SIL has
switched on the 24 V supply.
L+(+24 V)
Emergency stop
LC1
S1
UR20-PF-O-DELAY-SIL UR20-4-DO-P
AOPD type 4 (receiver)
+
–
OSSD2 OSSD1
Restart
K3
K4
M(0 V)
1.1
1.2
1.3
1.4
1.1
1.2
1.3
1.4
K3
K3
2.1
2.2
2.3
2.4
2.1
2.2
2.3
2.4
K4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M
Example application for dual-channel light curtain monitoring (AOPD type 4) and emergency stop
monitoring
* Switchable modules see section 4.3
68
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Dual-channel emergency stop and cable-pull switch monitoring
7.4
Dual-channel emergency stop and cable-pull switch monitoring
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Start button
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
–– Emergency stop button
–– Cable-pull switch, latching
Notes
–– Manual reset
–– Autostart is possible if the NC circuits
from K3 and K4 are connected to 3.3
and 3.4.
When the emergency stop button is pushed or the cable-pull
switch is activated, the UR20-PF-O-2DI-DELAY-SIL switches
off the 24 V supply for the modules* within the safety
segment and thus also contactors K3 and K4. The failure of
a switching element in the emergency stop button or the
cable-pull switch as well as a cross-circuit in their supply
lines does not result in the failure of the emergency stop
mechanism and is detected within the fault-reaction time.
The UR20-PF-O-2DI-DELAY-SIL module switches on the 24 V
supply for the modules* within the safety segment if
–– the emergency button is unlocked
–– and the cable-pull switch is unlocked
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-2DI-DELAY-SIL has
switched on the 24 V supply.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
L+(+24 V)
Cable-pull switch,
latching
S2
Emergency stop
S1
UR20-PF-O-xDI-SIL
1.1
1.2
1.3
1.4
Reset
K3
K4
M(0 V)
UR20-4-DO-P
1.1
1.2
1.3
1.4
K3
K3
2.1
2.2
2.3
2.4
K4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M
Example application for dual-channel emergency stop and cable-pull switch monitoring
* Switchable modules see section 4.3
1484600000/02/09.2015
u-remote Modules for functional safety manual
69
7 Example applications | Dual-channel safety door monitoring with automatic reset and emergency stop
7.5
Dual-channel safety door monitoring with automatic reset and emergency stop
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Automatic reset
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
–– Emergency stop button
–– Position switch
Notes
The application must be compatible with
the automatic start-up function.
When the emergency stop button is pushed or the safety
door is opened, the UR20-PF-O-2DI-DELAY-SIL switches off
the 24 V supply for the modules* within the safety segment
and thus also contactors K3 and K4. The failure of a switching element in the emergency stop button or the safety door
contacts as well as a cross-circuit in their supply lines does
not result in the failure of the emergency stop mechanism
and is detected within the fault-reaction time.
The UR20-PF-O-2DI-DELAY-SIL switches on the 24 V supply
for the following modules* within the safety segment if:
–– the emergency button is unlocked
–– and the safety door is closed
–– and the feedback circuit (NC contacts of K3 and K4) is
closed.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-2DI-DELAY-SIL module
has switched on the 24 V supply. To reset the system, press
the reset button for 0.1 to 2 s after switching on the power
supply, even when automatic reset is used.
L+(+24V)
Safety door (closed)
S3
S2
Emergency stop
S1
UR20-PF-O-xDI-SIL UR20-4-DO-P
1.1
1.2
1.3
1.4
Reset
K3
K4
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0V)
K3
K4
M
Example application for dual-channel safety door monitoring with automatic reset and emergency
stop
* Switchable modules see section 4.3
70
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Safety mat
7.6
Safety mat
Achievable safety rating
Category 3
EN ISO 13849-1
PLd
EN ISO 13849-1
SIL 2
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Single-channel monitoring
Cross-connection detection
Wire break detection
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
Safety mat
Notes
–– Manual reset
–– Observe EN 1760-1 and EN ISO
13856-1!
–– The same interface is also possible
for pressure-sensitive buffers and
pressure-sensitive strips; however
check the safety ratings during use!
–– K5: Weidmüller RCIKIT(Z) 24 VDC
2CO LD/FG (connect the coil connection at the UR20-PF-O-2DI-DELAY-SIL
to 4.1 instead of to 4.2)
When the safety mat is stepped on, the PF-O-xDI-SIL switches off the 24 V supply for the modules* within the safety segment and thus also contactors K3 and K4. An interruption or
a cross-connection in the supply lines for the safety mat do
not result in the failure of the safety function and is detected
within before the next starting cycle.
As an alternative to both NC contacts for the reset switch,
an NO contact can be used there. One of its contacts is set
at M (0 V) and the other contact is wired through a diode to
connection 1.1 and through a diode to connection 1.3 (both
cathodes to the switch).
The PF-O-xDI-SIL switches on the 24 V supply for modules*
within the safety segment if
–– the safety mat has not been actuated
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the PF-O-xDI-SIL has switched on the
24 V supply. To reset the system, press the reset button for
0.1 to 2 s after switching on the power supply, even when
automatic reset is used.
Combined with a safety mat PF-O-xDI-SIL modules attain
safety rating Category 3 only.
L+(+24V)
K5
K3
K4
UR20-PF-O-XDI-SIL UR20-4-DO-P
1.1
1.2
1.3
1.4
Reset
Safety mat
(not activated)
S1
1.1
1.2
1.3
1.4
K3
K3
2.1
2.2
2.3
2.4
K4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0 V)
M
Example application for safety mat
* Switchable modules see section 4.3
1484600000/02/09.2015
u-remote Modules for functional safety manual
71
7 Example applications | Dual-channel Two-hand monitoring with automatic start
7.7
Dual-channel Two-hand monitoring with automatic start
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Automatic restart
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
Two-hand switch
Notes
The application must be compatible with
the automatic reset function.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
If one or both switches of the two-hand switch are released,
the PF-O-xDI-SIL switches off the 24 V supply for the modules* inside the safety segment and thus also for contactors
K3 and K4. The failure of a switching element in the twohand switch or a cross-circuit in its supply lines does not
result in the failure of the emergency stop mechanism and is
detected within the fault-reaction time. An interruption of the
NC contact by S2 is detected before the next switching cycle
and by S1 when the power is switched on.
The PF-O-xDI-SIL module switches on the 24 V supply for the
following modules* within the safety segment if
–– the two-hand switch is pressed synchronously within
0,5 seconds
–– and the feedback circuit (NC contacts of K3 and K4) is
closed.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the PF-O-xDI-SIL has switched on the
24 V supply. To reset the system, press the reset button for
0.1 to 2 s after switching on the power supply, even when
automatic reset is used.
L+(+24 V)
S2
K3
S1
K4
UR20-PF-O-SIL UR20-4-DO-P
Reset
1.1
1.2
1.3
1.4
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0V)
K3
K4
M
Example application for dual-channel two-hand monitoring with automatic start
* Switchable modules see section 4.3
72
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Dual-channel safety door monitoring with magnetic switch, automatic reset and emergency stop
7.8
Dual-channel safety door monitoring with magnetic switch, automatic reset and emergency stop
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
–– Dual-channel monitoring PDF-M (as
per EN 60947-5-3)
–– Cross-connection detection
–– Automatic restart
–– Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
–– Emergency stop button
–– Magnetic switch with coded magnet
Notes
The application must be compatible with
the automatic start-up function.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
When the emergency stop button is pushed or the safety
door is opened, the PF-O-xDI-SIL switches off the 24 V supply for the modules* within the safety segment and thus also
contactors K3 and K4. The failure of a switching element in
the emergency stop button or the safety door as well as a
cross-circuit in their supply lines does not result in the failure
of the emergency stop mechanism and is detected within
the fault-reaction time.
The PF-O-xDI-SIL switches on the 24 V supply for the modules* within the safety segment if:
–– the emergency stop button is unlocked
–– and the safety door is closed
–– and the feedback circuit (NC contacts of K3 and K4) is
closed.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the PF-O-xDI-SIL has switched on the
24 V supply. To reset the system, press the reset button for
0.1 to 2 s after switching on the power supply, even when
automatic reset is used.
L+(+24V)
Emergency stop
Safety door
(closed)
S1
UR20-PF-O-xDI-SIL UR20-4-DO-P
S3
1.1
1.2
1.3
1.4
Reset
K3
K4
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
K3
K4
M
M (0V)
Example application for dual-channel safety door monitoring with magnetic switch, automatic reset
and emergency stop
* Switchable modules see section 4.3
1484600000/02/09.2015
u-remote Modules for functional safety manual
73
7 Example applications | Dual-channel safety door monitoring, spring-operated interlock with manual reset and emergency stop
7.9
Dual-channel safety door monitoring, spring-operated interlock with manual reset and emergency stop
Achievable safety rating
Category 3
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Manual reset
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
––
––
––
––
Emergency stop button
Position switch with interlock
Zero-speed monitor
Manual unlocking
Notes
Exclusion of the fault “Interruption or
releasing of the activator, error in the
safety interlock”
When the emergency stop button is pushed, the UR20-PF-OxDI-SIL switches off the 24 V supply for the modules* within
the safety segment and thus also contactors K3 and K4. The
failure of a switching element in the emergency stop button
or the safety door contact as well as a cross-circuit in their
supply lines does not result in the failure of the emergency
stop mechanism and is detected within the fault-reaction
time.
A stop is performed by switching off K3 and K4 via the
PLC. After the motor comes to a stop, as observed by the
zero-speed monitor, the spring-operated interlock can be
activated via the unlocking button and the safety door
can be opened. When the power supply is turned off, the
safety door cannot be opened if the locking mechanism is
engaged. We recommend using switches with mechanical
unlocking capabilities.
The UR20-PF-O-xDI-SIL switches on the 24 V supply for the
following modules* within the safety segment if:
–– the emergency stop button is unlocked
–– and the safety door is closed
–– and the locking mechanism is engaged
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-xDI-SIL has switched on
the 24 V supply.
L+(+24 V)
Zero-speed monitoring
Unlocking mechanism
Safety door
(closed)
Emergency stop
S1
Reset
S4
S5
S2
S3
UR20-PF-O-xDI-SIL UR20-4-DO-P
1.1
1.2
1.3
1.4
K3
K4
1.1
1.2
1.3
1.4
K3
K3
2.1
2.2
2.3
2.4
K4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0 V)
M
Example application for dual-channel emergency stop monitoring
* Switchable modules see section 4.3
74
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Dual-channel safety door monitoring, magnetically operated interlock with manual reset and emergency stop
7.10 D
ual-channel safety door monitoring, magnetically operated interlock with manual reset and
emergency stop
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Safety sensor / operating
mechanism
–– Emergency stop button
–– Position switch with interlock
Notes
–– Exclusion of the fault “Interruption or
releasing of the activator, error in the
safety interlock”
–– The PLC must activate the interlock
directly after the safety door is closed
When the emergency stop button is pushed, the UR20-PF-OxDI-SIL switches off the 24 V supply for the modules* within
the safety segment and thus also contactors K3 and K4. The
failure of a switching element in the emergency stop button
or the safety door contact as well as a cross-circuit in their
supply lines does not result in the failure of the emergency
stop mechanism and is detected within the fault-reaction
time.
A stop is performed by switching off K3 and K4 via the PLC.
The door can be opened when the PLC releases the interlock.
The UR20-PF-O-xDI-SIL switches on the 24 V supply for
modules* within the safety segment if
–– the emergency button is unlocked
–– and the safety door is closed
–– and the PLC has activated and engaged the interlock
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
Dual-channel monitoring
Cross-connection detection
Automatic reset
Monitoring of external contactors
(EDM)
–– Off-delay via PLC
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-xDI-SIL has switched on
the 24 V supply.
L+(+24 V)
Emergency stop
UR20-4-DO-P
1.1
1.2
1.3
1.4
1.1
1.2
1.3
1.4
Reset
Safety door
(closed)
S4
S5
UR20-PF-O-xDI-SIL
S1
UR20-4-DI-P
1.1
1.2
1.3
1.4
K3
K4
S2
S3
UR20-4-DO-P
1.1
1.2
1.3
1.4
K3
K3
2.1
2.2
2.3
2.4
K4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M
M (0 V)
Example application for dual-channel safety door monitoring, magnetically operated interlock with
manual reset, stop and emergency stop
* Switchable modules see section 4.3
1484600000/02/09.2015
u-remote Modules for functional safety manual
75
7 Example applications | Dual-channel safety door monitoring with proximity sensors, automatic reset and emergency stop
7.11 Dual-channel safety door monitoring with proximity sensors, automatic reset and emergency
stop
Achievable safety rating
Category 3
EN ISO 13849-1
PLd
EN ISO 13849-1
SIL 2
EN 62061/61508
Stop category
0
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Automatic reset
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
–– Emergency stop button
–– 2 proximity switches
Notes
–– The power supply for the proximity
switches is not shown!
–– The application must be compatible
with the automatic start-up function.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
If the emergency stop button is pushed or at least one magnetic switch is opened, the UR20-PF-O-xDI-SIL switches off
the 24 V supply for the modules within safety segment and
thus also contactors K3 and K4. The failure of a switching
element in the emergency stop button or a cross-circuit in its
supply lines does not result in the failure of the emergency
stop mechanism and is detected within the fault-reaction
time.
The UR20-PF-O-xDI-SIL switches on the 24 V supply for
modules within the safety segment if
–– the emergency button is unlocked
–– and both magnetic contacts are closed
–– and the feedback circuit (NC contacts of K3 and K4) is
closed.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-xDI-SIL has switched
on the 24 V supply. To reset the system, press the reset button for 0.1 to 2 s after switching on the power supply, even
when automatic reset is used.
L+(+24 V)
Emergency stop
S1
UR20-PF-O-xDI-SIL UR20-4-DO-P
1.1
1.2
1.3
1.4
S2
S3
Reset
K3
K4
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0 V)
K3
K4
M
Example application for dual-channel safety door monitoring with proximity detectors, automatic
reset and emergency stop
* Switchable modules see section 4.3
76
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Dual-channel safety door monitoring, spring-operated interlock, controlled shutdown with manual reset and emergency stop
7.12 D
ual-channel safety door monitoring, spring-operated interlock, controlled shutdown with manual reset and emergency stop
Achievable safety rating
Category 3
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
1
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Manual reset
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
–– Emergency stop button
–– Position switch with interlock
–– Manual unlocking
Notes
–– Exclusion of the fault “Interruption or
releasing of the activator, error in the
safety interlock”
–– As soon as the enabling on the
frequency converter is withdrawn, the
converter must execute a controlled
shutdown.
the safety segment and thus also contactors K3 and K4. The
failure of a switching element in the emergency stop button
or the safety door contact as well as a cross-circuit in their
supply lines does not result in the failure of the emergency
stop mechanism and is detected within the fault-reaction
time.
After pressing the stop button and the delay time set in the
UR20-PF-O-2DI-SIL-DELAY, the spring-operated interlock
can be activated with the unlock button and the safety door
can be opened. When the power supply is turned off, the
safety door cannot be opened if the locking mechanism is
engaged. We recommend using switches with mechanical
unlocking capabilities.
The UR20-PF-O-xDI-SIL switches on the 24 V supply for
modules* within the safety segment if
–– the emergency button is unlocked
–– and the safety door is closed
–– and the locking mechanism is engaged
–– and the feedback circuit (NC contacts of K3 and K4) is
closed
–– and the start push button has been pushed and released
again.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-xDI-SIL has switched on
the 24 V supply.
L+(+24 V)
K5
Unlocking mechanism
Safety door
(closed)
M (0 V)
S4
S5
Emergency stop
S1
Reset K3
S2
S3
UR20-PF-O-2DI-SIL-DLY UR20-4-DO-P
K4
Stopp
1.1
1.2
1.3
1.4
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
K3
K4
Enable
Converter
M
Example application for dual-channel safety door monitoring, spring-operated interlock, controlled
shutdown with manual reset and emergency stop
* Switchable modules see section 4.3
When the emergency stop button is pushed, the UR20-PF-OxDI-SIL switches off the 24 V supply for the modules* within
1484600000/02/09.2015
u-remote Modules for functional safety manual
77
7 Example applications | Dual-channel safety door monitoring with automatic reset and controlled shutdown and emergency stop
7.13 Dual-channel safety door monitoring with automatic reset and controlled shutdown and emergency stop
Achievable safety rating
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
Stop category
1
EN 60204-1
Features
––
––
––
––
Dual-channel monitoring
Cross-connection detection
Automatic reset
Monitoring of external contactors
(EDM)
Safety sensor / operating
mechanism
–– Emergency stop button
–– Position switch
–– Optional: brake
Notes
–– Autostart is also possible if the NC
circuits from K3 and K4 are connected
to 3.3 and 3.4.
–– As soon as the enabling on the
frequency converter is withdrawn, the
converter must execute a controlled
shutdown.
–– Exclusion of fault: No external energy
might be fed into the control line of
the brake (e. g. caused by cable fault)
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
When the emergency stop button is pushed, the UR20-PF-OxDI-SIL switches off the 24 V supply for the modules* within
the safety segment and thus also contactors K3 and K4. The
failure of a switching element in the emergency stop button
or the safety door contact as well as a cross-circuit in their
supply lines does not result in the failure of the emergency
stop mechanism and is detected within the fault-reaction
time.
After opening the safety door and the expiration of the
delay time set in the UR20-PF-O-2DI-SIL-DELAY, the springoperated interlock can be activated with the unlock button
and the safety door can be opened. When the power supply
is turned off, the safety door cannot be opened if the locking
mechanism is engaged. We recommend using switches with
mechanical unlocking capabilities.
The UR20-PF-O-xDI-SIL module switches the 24 V power
supply for the following modules* within the safety segment
if
–– the emergency stop button is unlocked
–– and the safety door is closed
–– and the feedback circuit (NC contacts of K3 and K4) is
closed.
Contactors K3 and K4 are controlled by the PLC and can
switch on as soon as the UR20-PF-O-xDI-SIL has switched on
the 24 V supply. To reset the system when switching on the
power, simply press the reset button.
L+(+24 V)
Emergency stop
Safety door
(closed)
S2
S1
UR20-PF-O-2DI-SIL-DLY
1.1
1.2
1.3
1.4
S3
K3
K4
Reset
UR20-4-DO-P
K3
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0 V)
K4
Enable
Converter
M
Example application for dual-channel safety door monitoring with automatic reset and controlled
shutdown and emergency stop
* Switchable modules see section 4.3
78
u-remote Modules for functional safety manual
1484600000/02/09.2015
7 Example applications | Cascading
7.14 Cascading
Achievable safety rating
Notes
Category 4
EN ISO 13849-1
PLe
EN ISO 13849-1
SIL 3
EN 62061/61508
A shielded cable installation is neccessary
if the safely switched-off line (24 V OSSD
on 4.2) runs outside the switch cabinet.
ll example applications shown are proposals
A
without warranty. In any case the operator has
to perform a safety review of the entire site.
The following shows the cascading of UR20-PF-O-xDI-SIL
modules. When the safety door for the robot cell is opened
in the example, the conveyor belt is also switched off at the
same time. In contrast, switching off the conveyor belt, e.g.
with the cable-pull switch, does not automatically switch off
the robot cell.
Multiple cascade levels and also multiple UR20-PF-O-xDISIL modules can be used on a single level. Be aware that
the triggering of an UR20-PF-O-xDI-SIL module immediately
switches off the 24 V supply of all subsequent safe powerfeed modules*. A delay of these modules is then no longer
effective.
Robot cell
L+(+24V)
Safety door
(closed)
S2
Conveyor belt
Emergency stop
S3
UR20-PF-O-xDI-SIL
S1
1.1
1.2
1.3
1.4
Reset
K3
K4
Cable-pull switch,
latching
S5
UR20-4-DO-P
1.1
1.2
1.3
1.4
K3
2.1
2.2
2.3
2.4
K4
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
Emergency stop
Reset
S4
K1
UR20-PF-OxDI--SIL
1.1
1.2
1.3
1.4
K2
UR20-4-DO-P
1.1
1.2
1.3
1.4
K1
2.1
2.2
2.3
2.4
K2
3.1
3.2
3.3
3.4
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.1
4.2
4.3
4.4
M (0V)
Example application for cascading
* Switchable modules see section 4.3
1484600000/02/09.2015
u-remote Modules for functional safety manual
79
80
u-remote Modules for functional safety manual
1484600000/02/09.2015
8 LED displays and troubleshooting | Safe I/O modules
8
LED displays and troubleshooting
ATTENTION
In the event of a malfunction occurring on a u-remote station, carry out the following recommended measures. If the
malfunction cannot be fixed, send the affected product to
Weidmüller (see the Service addresses in the annex of the
u-remote manual).
Weidmüller does not assume any liability If the base or
electronic module has been tampered with!
8.1
Safe I/O modules
Module
LED
Status
Recommended action
UR20-4DI-4DO-PN-FSPS, UR20-4DI-4DO-PN-FSOE
Status LED
Red:
–– Module has not been snapped properly
–– Error in the supply voltage
–– Internal error detected
–– Safety address is not set properly
–– PROFIsafe communication failure
1.1 / 1.4
2.1 / 2.4
1.3
2.3
3.1 / 3.3
4.1 / 4.3
3.2 / 3.4
4.2 / 4.4
1484600000/02/09.2015
Flashes alternating red and green
–– 3 s green / 1 s red: Module is waiting for parameters
from the safety control (e. g. after the power up) or
safety address is not set according to the project plan
–– 1 s green / 1 s red: Error pending
Yellow: Input 0 / 1 active
Yellow: Input 2 / 3 active
Red: Error input 0 / 1
Red: Error input 2 / 3
–– At least one AUX-O is overloaded or short circuit with
the supply voltage
–– Readback error on the test pulses of at least one input
(e.g. caused by external short circuit)
–– The parameterised discrepancy time of this pair of
inputs has been exceeded
Yellow: Output 0 / 1 active
Yellow: Output 2 / 3 active
Red: Error output 0 / 1
Red: Error output 2 / 3
–– Output is overloaded
–– Short circuit with the supply voltage or ground or
cross-fault with another channel
–– Minimum load has been underrun (e.g. after wire break)
–– Readback error
u-remote Modules for functional safety manual
–– Check that the module has been snapped into place
properly
–– Check supply voltage
–– Module might have switched off caused by overtemperature; check the temperature inside the switch
cabinet
If the error has not been fixed, send the module to Weidmüller for a technical examination.
–– Check the safety address (e.g. via the web server)
–– If no address is displayed in the web server set the
safety address again as described in section 3.5
–– Check wiring
–– Restart the coupler
––
––
––
––
Intervention via the safety control is needed
Set the correct safety address
Check the parameter check sum in the project planning
Status must be acknowledged via the safety control
–– Check wiring
–– Check parameterisation
If the error has not been fixed, send the module to Weidmüller for a technical examination.
–– Check wiring
–– Check whether the load circuit is interrupted
If the error has not been fixed, send the module to Weidmüller for a technical examination.
81
8 LED displays and troubleshooting | Safe I/O modules
Module
LED
Status
Recommended action
UR20-8DI-PN-FSPS, UR20-8DI-PN-FSOE
Status LED
Red:
–– Module has not been snapped properly
–– Error in the supply voltage
–– Internal error detected
–– Safety address is not set properly
–– PROFIsafe communication failure
1.1 / 1.4
2.1 / 2.4
3.1 / 3.4
4.1 / 4.4
1.3
2.3
3.3
4.3
82
Flashes alternating red and green.
–– 3 s green / 1 s red: Module is waiting for parameters
from the safety control (e. g. after the power up) or
safety address is not set according to the project plan
–– 1 s green / 1 s red: Error pending
Yellow: Input 0 / 1 active
Yellow: Input 2 / 3 active
Yellow: Input 4 / 5 active
Yellow: Input 6 / 7 active
Red: Error input 0 / 1
Red: Error input 2 / 3
Red: Error input 4 / 5
Red: Error input 6 / 7
–– At least one AUX-O is overloaded or short circuit with
the supply voltage
–– Readback error on the test pulses of at least one input
(e.g. caused by external short circuit)
–– The parameterised discrepancy time of this pair of
inouts has been exceeded
u-remote Modules for functional safety manual
–– Check that the module has been snapped into place
properly
–– Check supply voltage
–– Module might have switched off caused by overtemperature; check the temperature inside the switch
cabinet
If the error has not been fixed, send the module to Weidmüller for a technical examination.
–– Check the safety address (e.g. via the web server)
–– If no address is displayed in the web server set the
safety address again as described in section 3.5
–– Check wiring
–– Restart the coupler
–– Intervention via the safety control is needed
–– Check wiring
–– Check parameterisation
If the error has not been fixed, send the module to Weidmüller for a technical examination.
1484600000/02/09.2015
8 LED displays and troubleshooting | Safe power-feed modules
8.2
Safe power-feed modules
Module
LED
Status
Recommended action
Status LED
Red:
–– Module has not been snapped properly
UR20-PF-O-1DI-SIL
–– Error in the supply voltage
–– Channel error
–– Overload at the 24 V Safe output level
–– External feed-in recognised from field side
–– Internal error detected
1.1
4.2
4.3
1484600000/02/09.2015
–– Interruption in one of the two safety loops of a safety
circuit for at least 3 seconds.
–– Cross connection between the safety loops for at least
3 seconds.
Off: Safety circuit 1 interrupted
Yellow: Safety circuit 1 OK
Off: 24 V Safe not active
Yellow: 24 V Safe active, 24 V DC at output
Green: Feed-in voltage in valid range
u-remote Modules for functional safety manual
–– Check that the module has been snapped into place
properly
–– Check supply voltage:
1. check +24 V input current path
2. check voltage on plug 4.3; in case of cascading 0 V
might be properly, therefore this is not an error
–– Check channel error
–– Remove cross connection at 24 V Safe
–– Measure voltage at 24 V Safe (4.3) vs. GND (4.4)
If a voltage is present, check the wiring!
Attention: safety hazard! Shut down the system and
prevent it from switching on again!
–– Module might have switched off caused by overtemperature; check the temperature inside the switch
cabinet
–– Perform a cold start within 24 hours
If the error has not been fixed, send the module to Weidmüller for a technical examination
–– Check safety circuit for interruptions if an interruption of
the safety channel is not part of the application
–– Check safety circuit for cross connections
Check safety circuit 1
83
8 LED displays and troubleshooting | Safe power-feed modules
Module
LED
Status
Recommended action
UR20-PF-O-2DI-SIL, UR20-PF-O-2DI-DELAY-SIL
Status LED
red
Red:
–– Module has not been snapped properly
–– Error in the supply voltage
–– Channel error
–– Overload at the 24 V Safe output level
–– External feed-in recognised from field side
–– Internal error detected
1.1
2.1
4.1
(DELAY only)
4.2
4.3
84
–– Interruption in one of the two safety loops of a safety
circuit for at least 3 seconds.
–– Cross connection between the safety loops for at least
3 seconds.
Off: Safety circuit 1 interrupted
Yellow: Safety circuit 1 OK
Off: Safety circuit 2 interrupted
Yellow: Safety circuit 2 OK
Off: SS1 not active
Yellow: SS1 active, 24 V DC at output
Off: 24 V Safe not active
Yellow: 24 V Safe active, 24 V DC at output
Green: Feed-in voltage in valid range
u-remote Modules for functional safety manual
–– Check that the module has been snapped into place
properly
–– Check the supply voltage:
1. check +24 V input current path
2. check voltage on plug 4.3; in case of cascading 0 V
might be properly, therefore this is not an error
–– Check channel error
–– Remove cross connection at 24 V Safe
–– Measure voltage at 24 V Safe (4.3) vs. GND (4.4).
If a voltage is present, check the wiring!
Attention: safety hazard! Shut down the system and
prevent it from switching on again!
–– Module might have switched off caused by overtemperature; check the temperature inside the switch
cabinet
–– Perform a cold start within 24 hours.
If the error has not been fixed, send the module to Weidmüller for a technical examination
–– Check safety circuit for interruptions if an interruption of
the safety channel is not part of the application
–– Check safety circuit for cross connections
Check safety circuit 1
Check safety circuit 2
1484600000/02/09.2015
9 Accessories and replacement parts | Accessories
9
Accessories and replacement parts
9.1
Accessories
Order No.
Designation
Purpose
9009030000
Screwdriver SDS 0.4X2.5X75
Unfastening conductors from PUSH IN contacts
9008320000
Screwdriver SDS 0.5X3.0X80
Assembling/disassembling an end bracket
1323700000
PM 2.7/2.6 MC SDR marker
Connection marker for a pusher, with custom printing to customer specifications
1323710000
PM 2.7/2.6 MC NE WS marker
Connection marker for a pusher, unprinted
1341610000
DEK 5/8-11.5 MC SDR marker
Module marker with custom printing to customer specifications
1341630000
DEK 5/8-11.5 MC NE WS marker
Module marker, unprinted
1339920000
UR20-SM-ACC swivel marker
Pivoting holder for module markers
1429420000
White thermal-transfer label for swivel markers
Can be printed with thermal-transfer printers
1429910000
Yellow thermal-transfer labels for swivel markers
Can be printed with thermal-transfer printers
1429430000
Paper labels for swivel markers
Can be printed with laser printers
1806120000
EM 8/30 end bracket marker
Marks the station at the end bracket
1483050000
KOSM BHZ5.00 coding elements
Coding element for customised module coding
1346610000
UR20-EBK-ACC termination kit
Set with two end brackets and one end plate
1162600000
WEW 35/1 SW end bracket for vertical installation
Reinforced end bracket required in addition to terminal kit for vertical installation
1487980000
IE-USB-A-MICRO-1.8M
USB-Kabel (USB A auf Micro USB)
9.2
Replacement parts
1
2
3
1
2
3
Base module
Electronic unit
Plug-in unit
1484600000/02/09.2015
u-remote Modules for functional safety manual
85
9 Accessories and replacement parts | Replacement parts
Replacement parts for PF-O-xDI-SIL modules
Module
Order No.
Base module
Electronic unit
Plug-in unit
UR20-4DI-4DO-PN-FSPS
1335060000
UR20-BM-SP
Order No.: 1350930000
UR20-EM-1529780000-SP
Order No.: 1993030000
UR20-PK-1529780000-SP
Order No.: 1992960000
UR20-8DI-PN-FSPS
1335070000
UR20-BM-SP
Order No.: 1350930000
UR20-EM-1529800000-SP
Order No.: 1993040000
UR20-PK-1529800000-SP
Order No.: 1992970000
UR20-4DI-4DO-PN-FSOE
1529780000
UR20-BM-SP
Order No.: 1350930000
UR20-EM-1335060000-SP
Order No.: 1347550000
UR20-PK-1335060000-SP
Order No.: 1992940000
UR20-8DI-PN-FSOE
1529800000
UR20-BM-SP
Order No.: 1350930000
UR20-EM-1335070000-SP
Order No.: 1347570000
UR20-PK-1335070000-SP
Order No.: 1992950000
UR20-PF-O-1DI-SIL
1335030000
UR20-BM-SIL-SP
Order No.: 1350970000
UR20-EM-1335030000-SP
Order No.: 1347520000
UR20-PK-1335030000-SP
Order No.: 1346560000
UR20-PF-O-2DI-SIL
1335050000
UR20-BM-SIL-SP
Order No.: 1350970000
UR20-EM-1335050000-SP
Order No.: 1347540000
UR20-PK-1335050000-SP
Order No.: 1346570000
UR20-PF-O-2DI-DELAY-SIL 1335040000
UR20-BM-SIL-SP
Order No.: 1350970000
UR20-EM-1335040000-SP
Order No.: 1347530000
UR20-PK-1335040000-SP
Order No.: 1484100000
Safe I/O modules
Safe power-feed modules
86
u-remote Modules for functional safety manual
1484600000/02/09.2015
ANNEX
Checklist for the use of PF-O-xDI-SIL modules
EC Declaration of Conformity
TÜV Certificate
1484600000/02/09.2015
A-2
A-5
A-7
u-remote Modules for functional safety manual
A-1
ANNEX
Checklist for the use of u-remote safety modules
Sheet 1/3: Planning
Equipment type / equipment ID
Version: HW/FW
Date:
Reviewer 1:
Reviewer 2:
Notes:
No.
Requirement (mandatory)
1
The corresponding manuals was consulted during planning
(“u-remote Manual “ and “Modules for functional safety manual”).
2
3
4
5
Measures to prevent simple manipulations have been planned.
The requirements for the sensors and installation of cables correspond to the applicable safety standards (SIL, Cat., PL) and the
planned implementation takes these standards into consideration.
11
12
The guidelines for per-channel configuration have been defined.
The intentional starting up of potentially hazardous processes is
only possible while looking into the danger zone at the same time.
If the installation requires exclusions of faults: the measures have
been realized.
The planned use corresponds to the intended use.
The environmental conditions meet the guidelines that are specified in the technical data.
Requirement (optional)
13
The accessories to be used were selected according to the order
data in the “Modules for functional safety manual”.
14
The guidelines for installation and electrical set-up were defined
and handed over to the departments performing the work.
15
The guidelines for commissioning were defined and handed over to
the departments performing the work.
Date / Signature of Reviewer 1:
A-2
Remark
The module was externally fused according to the guidelines in the
“Modules for functional safety manual”.
7
10
yes/no
The power supply was planned as per the safety extra-low voltage
guidelines in accordance with PELV or SELV.
Measures against plug mix-ups have been planned.
9
Remark
The sensors/control devices are approved for connection to the respective module.
6
8
yes
Date / Signature of Reviewer 2:
u-remote Modules for functional safety manual
1484600000/02/09.2015
ANNEX
Checklist for the use of u-remote safety modules
Sheet 2/3: Assembly and electrical installation
Equipment type / equipment ID
Version: HW/FW
Date:
Reviewer 1:
Reviewer 2:
Notes:
No.
Requirement (mandatory)
1
Installation was carried out in accordance with the guidelines from the planning stage and/or the (“u-remote Manual
“ and “Modules for functional safety manual”).
2
3
yes
Remark
The safety module(s) was(were) installed in a switch cabinet
(IP 54).
All conductor cross-sections meet the guidelines.
Date / Signature of Reviewer 1:
1484600000/02/09.2015
Date / Signature of Reviewer 2:
u-remote Modules for functional safety manual
A-3
ANNEX
Checklist for the use of safe u-remote modules
Sheet 3/3: Commissioning and configuration
Equipment type / equipment ID
Version: HW/FW
Date:
Reviewer 1:
Reviewer 2:
Notes:
No.
Requirement (mandatory)
1
During commissioning, the intentional starting up of potentially hazardous processes is only possible while looking into
the danger zone at the same time.
2
3
yes/no
Remark
All inputs were configured.
The safety clearances to be maintained are measured according to the implemented reaction and delay times.
Date / Signature of Reviewer 1:
A-4
Remark
Commissioning is carried out according to the guidelines
from the planning stage and/or the “Modules for functional
safety manual”.
Requirement (optional)
4
yes
Date / Signature of Reviewer 2:
u-remote Modules for functional safety manual
1484600000/02/09.2015
ANNEX
EC Declaration of Conformity
1484600000/02/09.2015
u-remote Modules for functional safety manual
A-5
ANNEX
EC Declaration of Conformity
A-6
u-remote Modules for functional safety manual
1484600000/02/09.2015
ANNEX
TÜV Certificate
1484600000/02/09.2015
u-remote Modules for functional safety manual
A-7
A-8
u-remote Modules for functional safety manual
1484600000/02/09.2015
We cannot guarantee that there are no mistakes in our publications.
We try our best to quickly correct errors in our printed media.
All orders are based on our general terms of delivery, which can be
reviewed on the websites of our group companies where you place
your order. On demand we can also send the gernal terms of delivery
to you.
1484600000/02/09.2015
u-remote Modules for functional safety manual
A-9
Weidmüller – Your Partner in Industrial Connectivity
As experienced experts we support our customers and partners around the world
with products, solutions and services in the industrial environment of power,
signal and data. We are at home in their industries and markets and know the
technological challenges of tomorrow. We are therefore continuously developing
innovative, sustainable and useful solutions for their individual needs. Together we
set standards in Industrial Connectivity.
Weidmüller Interface GmbH & Co. KG
Klingenbergstraße 16
32758 Detmold, Germany
T +49 5231 14-0
F +49 5231 14-292083
[email protected]
www.weidmueller.com
Your local Weidmüller partner can
be found on our website:
www.weidmueller.com/countries
Order number: 1484600000/02/09.2015