Magna Steyr, Graz (Österreich)

Published in: Move Up 1 / 2004

Failsafe Simatic in emu-paint shop

Failsafe Simatic in emu-paint shop

The feathers of the Australian emu are still an irreplaceable means of removing dust and other contamination before painting auto bodies. At MAGNA STEYR too where, just recently, an almost completely new "emu plant" was installed and brought up to the latest state of the art automation-wise. The separate safety PLC was one of the things to be replaced, namely by a failsafe Simatic S7-400F which controls both the "normal" process and the safety-relevant functions.

Before car bodies can be painted, they must be freed from dust and dirt particles. Every paintshop has an emu plant for this job. The plant which resembles a carwash is so called because the rollers which pick up the dust are equipped with emu feathers. The fine feathered coat of the Australian running bird picks up dust particles very well and is also easy to neutralize electrostatically. Advantages which the MAGNA STEYR Fahrzeugtechnik AG & Co. KG in Graz-Thondorf has learned to appreciate. The Austrian company paint and assemble vehicles of different manufacturers and in Summer 2003 they fully modernized an existing emu plant. Since then one failsafe Simatic S7-400F has been controlling the normal cleaning process and the safety-relevant devices of the plant all on its own. This saves the safety PLC which always used to be used additionally and the asso ciated costs. The "normal" jobs of the F-controller includes saving and managing the body data and the coordination of roof, inclined and vertical rollers and post-ionization which neutralizes electrostatic charges.

Another emphasis is on the communication to the conveyor technology, to visualization and to the central control technology. Added to this are various safety-relevant functions for the first time on an emu plant such as monitoring of all emergency stop circuits and the light curtains for the access protection. Emergency stop switches are mounted on both sides of the cabin entrance and exit, another one on the control panel. Cabin entrance and exit are protected against unauthorized access by light curtains whereby the muting function prevents the bodies triggering an emergency stop.

All emergency stop functions are designed as 2-channel version, that means two separate lines are laid for sensor supply and feedback. If the transmitted signals differ (apart from a discrepancy time of a few milliseconds) this is registered in the failsafe input module and reported to the F-controller. MAGNA STEYR also picks up emergency stop signals from other plant parts or controllers through the input modules and evaluates these.

These include safety-relevant signals from the fire alarm center, the conveyor technology and the process technology.

Exactly defined safety requirements

There are various ways of estimating the risk potential on machines and plants including the risk estimate (danger analysis) according to DIN V 19250, EN 954-1 or IEC 61508. The rulebooks are very similar and differ only slightly in the division and emphasis. The DIN norm defines requirement classes (RQ), the EN norm categories (cat.) and the IEC norm Safety Integrity Levels (SIL). According to the risk estimate plants can be classified in an exactly defined safety class whereby it basically applies: The higher the safety class, the greater the demands on the safety concept of the plant. Safety Integrity Level 2 was determined for the MAGNA STEYR emu plant which is easily achieved with the Simatic F-controller (satisfies SIL3).

New roads to safety

For the S7-400F series there are no input and output modules which can be plugged directly into the rack but only distributed peripheral modules ET200M. These are connected to the controller by conventional Profibus DP-lines. The Profisafe telegram which contains the checksum for error detection, a consecutive number and a status byte in addition to the normal Profibus useful data is used for communicating with the failsafe modules. Unlike other failsafe controllers the fail safety in the Simatic S7-400F is not guaranteed by two or more processors. The failsafe CPU S7-416F-2 is based on a standard CPU, the operating system and hardware components of which have been extended by various safety mechanisms. It has only one processor and therefore executes every command additionally with negated variables complementary and then checks the results.

Programming autom

Because safety programs for such plants are often very similar, MAGNA STEYR has employed a graduate of the BA Stuttgart to develop a Visual Basic Tool for automatic creation of safety programs as his diploma assignment. The tool generates a component (STL file) after entering the number of emergency stop switches, the access protection functions and partly independent readout of addresses and symbols of the inputs/outputs from the Simatic hardware configuration which can be imported easily into the Simatic Manager. In addition it supplies help for commissioning in the form of an Excel file.