User Manual Pheonix TriSafe
User Manual Pheonix TriSafe
User Manual
UM EN PSR-TRISAFE-S
Order No. —
User Manual
Device description, configuration, and startup of the
PSR-TRISAFE-S safety module
2011-06-22
Designation: UM EN PSR-TRISAFE-S
Revision: 03
Order No.: —
In order to ensure the safe use of the product described, you have to read and understand
this manual. The following notes provide information on how to use this manual.
This is the safety alert symbol. It is used to alert you to potential personal injury
hazards. Obey all safety messages that follow this symbol to avoid possible
injury or death.
DANGER
This indicates a hazardous situation which, if not avoided, will result in death or serious
injury.
WARNING
This indicates a hazardous situation which, if not avoided, could result in death or serious
injury.
CAUTION
This indicates a hazardous situation which, if not avoided, could result in minor or
moderate injury.
The following types of messages provide information about possible property damage and
general information concerning proper operation and ease-of-use.
NOTE
This symbol and the accompanying text alerts the reader to a situation which may cause
damage or malfunction to the device, either hardware or software, or surrounding
property.
This symbol and the accompanying text provides additional information to the reader. It is
also used as a reference to other sources of information (manuals, data sheets, literature)
on the subject matter, product, etc.
How to contact us
Internet Up-to-date information on Phoenix Contact products and our Terms and Conditions can be
found on the Internet at:
www.phoenixcontact.com.
Subsidiaries If there are any problems that cannot be solved using the documentation, please contact
your Phoenix Contact subsidiary.
Subsidiary contact information is available at www.phoenixcontact.com.
Published by .
PHOENIX CONTACT GmbH & Co. KG PHOENIX CONTACT
Flachsmarktstraße 8 P.O. Box 4100
32825 Blomberg Harrisburg, PA 17111-0100
Germany USA
Phone +49 - (0) 52 35 - 3-00 Phone +1-717-944-1300
Fax +49 - (0) 52 35 - 3-4 12 00
Should you have any suggestions or recommendations for improvement of the contents and
layout of our manuals, please send your comments to
[email protected].
This manual should enable the user to set up, configure, and start up the PSR-TRISAFE-S
configurable safety module according to the relevant safety requirements and the risk
analysis performed.
The user manual is therefore designed as a complete system description, which provides
an introductory system overview, then describes the PSR-TRISAFE-S configurable safety
module and the associated SAFECONF configuration software in detail, and finally explains
the necessary steps for configuration and startup.
For additional information and detailed step-by-step instructions for SAFECONF, please
refer to the online help for the configuration software.
This user manual is oriented exclusively to qualified electrical engineers and safety
specialists, application programmers, and software engineers, who are familiar with the
relevant safety concepts of automation technology as well as applicable standards and
other regulations. Please also read the "Qualified personnel" section in "General safety
notes" on page 1-1.
WARNING: Personal injury and damage to equipment if these safety notes are not
followed. When working with the PSR-TRISAFE-S safety module, please observe
all the safety notes included in this section.
Qualified personnel
WARNING: In the context of the use of the PSR-TRISAFE-S safety module with
SAFECONF configuration software and safe functional blocks, the following
operations may only be carried out by qualified personnel:
– Planning, parameterization, configuration (development of safety logic)
– Installation, startup, servicing
– Maintenance, decommissioning
– Qualified personnel who install and operate safety equipment in machines and
systems.
Within the context of the safety notes in this documentation, qualified personnel are persons
who, because of their education, experience and instruction, and their knowledge of
relevant standards, regulations, accident prevention regulations, and service conditions,
have been authorized to carry out any required operations, and who are able to recognize
and avoid any possible dangers.
Documentation
You must observe all information in this documentation as well as in the documentation
listed in "Documentation" on page 1-8.
Safety of personnel and The safety of personnel and equipment can only be assured if the safe functional blocks are
equipment used correctly (see "Intended use" on page 1-7).
NOTE: Please note that responsibility for fault avoidance lies with the user.
Error detection Depending on the wiring and parameterization of the inputs and outputs, the
PSR-TRISAFE-S safety module can detect various errors within the safety equipment
(e.g., cross circuits).
Observe startup behavior Some of the safe functional blocks in the SAFECONF configuration software have
parameters for specifying a startup inhibit and/or a restart inhibit. An active startup
inhibit/restart inhibit can be removed by pressing a reset button that is connected and
appropriately wired to the safety module.
Use these parameters in the SAFECONF configuration software to monitor the
startup/restart of the PSR-TRISAFE-S safety module.
WARNING: Repair work may not be carried out on the PSR-TRISAFE-S safety
module. It is strictly prohibited to open the safety module housing.
Direct/indirect contact Protection against direct and indirect contact according to DIN VDE 0100-410 must be
ensured for all components connected to the PSR-TRISAFE-S safety module. In the event
of an error, parasitic voltages must not occur (single-fault tolerance).
Safe isolation Only use devices with safe isolation if hazardous contact voltages can occur at their
connections.
Power supply unit Only use power supply units with safe isolation and PELV according to
DIN EN 50178/VDE 0160 (PELV). This prevents short circuits between primary and
secondary sides.
ESD
Draw up and implement a In order to use the system described in this document with the associated safe functional
safety concept blocks, you must have drawn up an appropriate safety concept for your machine or system.
This includes a hazard and risk analysis, as well as a test report for validating the safety
functions.
The target safety integrity level (SIL according to DIN EN 61508 and category according to
DIN EN ISO 13849-1) is ascertained on the basis of the risk analysis.
The safety integrity level or category ascertained determines:
– How safe sensors, control devices, and actuators should be wired within the overall
safety function.
– How safe functional blocks should be used in the safety logic. (The safety logic is
created using the SAFECONF configuration software.)
Within the safe control system used, the safe functional blocks support the following safety
integrity requirements:
– Up to SIL 3 according to standard DIN EN 61508
– Up to SILCL 3 according to standard DIN EN 62061
– Up to category 4 according to standard DIN EN ISO 13849-1
Please note that you are responsible for implementing all additional requirements
resulting from applicable directives and legislation in order to meet the above safety
integrity requirements (see also "Directives and standards" on page 1-5).
Check hardware and Please note that you must carry out a validation every time you make a safety-related
device parameterization modification to your overall system. Use the relevant checklists when carrying out the
validation and also enter the details requested in the "Project Information" dialog box in the
SAFECONF safe configuration software.
Use your test report to ensure that:
– The safe sensors and actuators are connected correctly in the PSR-TRISAFE-S safety
application. To do this, use the "Wiring check" function in SAFECONF (see page 2-11).
– The parameterization of the inputs and outputs of the PSR-TRISAFE-S safety module
is correct.
– The signals have been connected to the safe sensors and actuators correctly (single-
channel or two-channel).
– Cross-circuit detection is implemented in your application, if required (see page 2-8).
– All safe functional blocks and functions in the SAFECONF configuration software are
connected correctly.
The manufacturers and operators of machines and systems, in which the PSR-TRISAFE-S
safety module is used, are responsible for adhering to all applicable directives and
legislation.
Directives and standards considered in the development and implementation of the
PSR-TRISAFE-S safety module:
Standards
Standard Contents
DIN EN 61508-1:11.2002 Functional safety of
DIN EN 61508-2:12.2002 electrical/electronic/programmable electronic safety-
DIN EN 61508-3:12.2002 related systems
DIN EN 61508-4:11.2002
DIN EN 61508-5:11.2002
DIN EN 61508-6:06.2003
DIN EN 61508-7:06.2003
DIN EN ISO 13849-1 Safety of machinery - Safety-related parts of control
systems; best suited for less complex systems.
Part 1: General principles for design
This standard was created on the basis of
EN 954-1:1996, quality management and reliability
aspects have been added.
DIN EN ISO 13849-2: 12.2003 Safety of machinery - Safety-related parts of control
systems - Part 2: Validation
EN ISO 12100-2 Safety of machinery - Basic concepts, general
principles for design
Part 2: Technical principles
DIN EN 62061 Safety of machinery - Functional safety of electrical,
IEC 62061 electronic and programmable control systems for
machinery.
Sector standard for machinery, created on the basis of
IEC 61508.
Safety for complex programmable systems.
Proof of safety of devices as well as evaluation of risk
reduction of the entire safety function through
calculation.
DIN EN 60204-1:11.1998 Safety of machinery - Electrical equipment of machines
- Part 1: General requirements
Standard Contents
EN ISO 13850 Safety of machinery - Emergency stop, principles for
design
DIN EN 61131-2:02.04 Programmable controllers -
Part 2: Equipment requirements and tests
DIN EN 61131-3:02.04 Programmable controllers -
Part 3: Programming languages
DIN EN 61496-1:06.98 Safety of machinery - Electrosensitive protective
equipment - Part 1: General requirements and tests
DIN EN 1088 Safety of machinery - Interlocking devices associated
with guards - Principles for design and selection
DIN EN 953 Safety of machinery - Guards - General requirements
for the design and construction of fixed and movable
guards
DIN EN 574 Safety of machinery - Two-hand control devices -
Functional aspects - Principles for design
DIN EN 50254:07.1999 High efficiency communication subsystem for small
data packages
EN 50178:04.1998 Electronic equipment for use in power installations
EC/ISO 7498 Information Technology;
Open Systems Interconnection
PSR-TRISAFE-S The PSR-TRISAFE-S safety module should only be used in industrial applications
according to standards DIN EN 61508, DIN EN ISO 13849, and DIN EN 62061.
The PSR-TRISAFE-S safety module is designed for evaluating safety-related sensors on a
machine or system, which are connected to the inputs of the safety module, and for
controlling its outputs according to the configured safety logic.
The safety module can only perform its safety-related tasks if it has been integrated into the
execution process correctly and in such a way as to avoid errors.
You must observe all information in this manual as well as in the user manuals and online
help listed in "Documentation" on page 1-8. In particular, only use the PSR-TRISAFE-S
safety module according to the technical data specified in "System requirements for the
SAFECONF configuration software" on page 2-15.
SAFECONF The SAFECONF safe configuration software is designed for the configuration of the
PSR-TRISAFE-S safety module.
Safe functional blocks and The safe functional blocks and functions available in the SAFECONF configuration software
functions in SAFECONF for creating the safety logic are designed solely for use within the PSR-TRISAFE-S safety
module and support specific safety functions.
The safe functional blocks/functions can only perform their safety-related tasks within the
safe control system if they have been integrated into the execution process correctly and in
such a way as to avoid errors.
You must observe all information in the online help for each functional block. Theoretical
examples of the use of the safe functional blocks are described in "Application examples".
The area of responsibility of the block manufacturer in terms of the function of a safe
functional block or a safe function ends at the user interface, which is generated by the
inputs and outputs of the functional blocks/functions.
In order to fully execute a safety function, it is your responsibility to connect the inputs and
outputs of the safe functional blocks/functions in the SAFECONF configuration software:
– To your safety network
– To the single-channel or two-channel sensors and actuators connected to the inputs
and outputs of the safety module
In defining the safety integrity level or category for the overall safety function, you must take
into consideration all components involved in the execution of this safety function (sensors,
actuators, wiring, etc.).
1.7 Documentation
Latest documentation Make sure you always use the latest documentation. Find out from the manufacturer or their
homepage on the Internet whether any changes or additions have been made to the
documentation used.
When working on and with the PSR-TRISAFE-S safety module, you must always keep this
documentation and other items of product documentation to hand and observe the
information therein.
You must observe all information:
– In the technical description of the PSR-TRISAFE-S safety module
– In the user documentation for I/O devices (e.g., sensors/actuators, etc.) connected to
the PSR-TRISAFE-S safety module and connected to safe functional blocks in the
safety logic (SAFECONF configuration software)
– In the online help for the SAFECONF configuration software (see also Figure 1-1) and
for each of the safe functional blocks
– In the documentation for the supplementary standard technology, if applicable
Calling online help The diagram below illustrates the various options for opening the online help and searching
for information via context-sensitive help or via the contents or index.
or
or or
Figure 1-1 Calling the online help in the SAFECONF configuration software
2 System description
The overall system: The PSR-TRISAFE-S safety system consists of the following components:
Hardware and software – PSR-TRISAFE-S safety module
– SAFECONF configuration software
– Suitable safe control devices, sensors, and actuators (depending on the application)
The PSR-TRISAFE-S safety module is designed for monitoring and evaluating safety-
related control devices in machines and systems (see "Intended use" on page 1-7). The
safety module monitors safe control devices and safety sensors connected at its inputs,
evaluates the incoming signals according to its configuration, and controls the outputs
accordingly.
The SAFECONF configuration software is used to configure the PSR-TRISAFE-S safety
module and therefore provides the relevant editors as well as suitable startup and
diagnostic tools.
The diagram below illustrates the overall system in an application example.
USB Download
configuration and
control parameters
SAFECONF
on configuration computer
Upload online values
during the function test Indicator lamp
Single-channel or
two-channel
connection to Check valve
safety module
Hardware: The PSR-TRISAFE-S safety module offers 20 digital safe inputs for connecting a maximum
PSR-TRISAFE-S of 20 single-channel or 10 two-channel safety-related sensors and control devices.
The PSR-TRISAFE-S has 4 digital safe outputs, which are semiconductor outputs
(24 V DC/2 A (total current)). The outputs are designed to meet up to category 4 according
to EN 954-1.
Depending on the configuration, stop category 0 according to DIN EN 60204-1 can be
achieved for each output (see "Stop category 0" on page 2-4).
In addition, four signaling current paths, two test pulses at two outputs each, and two ground
switching outputs are available.
For more detailed information about the safety module, please refer to the device
description in Section 3.
Software: The PSR-TRISAFE-S safety module can only be configured and parameterized using the
SAFECONF SAFECONF safe configuration software, which is executed on a separate Windows® PC.
The software offers a graphical connection editor for this purpose. The safety logic can be
created here by graphically connecting prepared safe functions and functional blocks to the
inputs and outputs of the safety module. The connections are made intuitively using the
mouse, and the editor prevents impermissible connections (e.g., between certain outputs).
In addition, the software provides a safe parameter editor, which can be used to configure
each input and output of the PSR-TRISAFE-S safety module.
A special online mode supports a detailed function test of the safety logic executed in the
PSR-TRISAFE-S safety module. Current signal values can be read from the
PSR-TRISAFE-S safety module, transmitted to the configuration software, and displayed
there "live" in the connection editor.
For more detailed information about the configuration software, please refer to the software
description in Section 4.
Secure communication Communication between the PSR-TRISAFE-S safety module and the configuration
software is via a USB interface.
A special security protocol enables secure data transmission via the USB interface.
There is communication between the two components in both directions:
– PC → safety module: The configuration data and device parameters are downloaded
from the configuration PC to the safety module. Configuration data refers to the
application logic, which was created using SAFECONF.
The configuration can also be downloaded using the plug-in IFS-CONFSTICK. Please
refer to "Downloading the configuration from SAFECONF" on page 5-4 and
"Downloading the configuration using the IFS-CONFSTICK" on page 5-7.
– Safety module → PC: For diagnostic purposes, online values can be read from the
PSR-TRISAFE-S safety module via the USB interface and displayed "live" in the
software. For more detailed information, please refer to "Function test" on page 5-10.
Communication via the The PSR-TRISAFE-S safety module is equipped with an interface for the PSR TBUS DIN
PSR TBUS DIN rail rail connector. The PSR DIN rail connector from Phoenix Contact can be used to connect
connector slave extension modules. Communication with these modules is then established
automatically via the connector on the PSR DIN rail connector. Safety-related cross-wiring
is not required (see also "Mounting the safety module" on page 3-13).
INTERFACE-PSR
PSR-TBUS
use only
DIN rail
connector
Figure 2-2 PSR TBUS DIN rail connector from Phoenix Contact
The maximum continuous current for extension modules supplied via the TBUS is 4 A.
The term "machine" is used here to represent any technical systems according to
Machinery Directive 2006/42/EC.
Safety circuits Safety control devices and safety sensors differ as follows:
Emergency stop control devices can only be detected in the event of dangerous operation
and thus operate in the background. Safety door switches or light grids, for example, are
often required for operational reasons and therefore regularly control the
connection/disconnection of the safety-related part of the machine.
The PSR-TRISAFE-S safety module can be configured flexibly. For the creation of the
safety logic, it has safe functional blocks, which are part of the system. The
PSR-TRISAFE-S can be used to implement various safety functions in different safety
circuits. Some of the most important options are:
– Emergency stop monitoring
– Safety door monitoring (with and without guard locking)
– Two-hand control devices (Types II and III)
– External device monitoring (feedback monitoring)
– Monitoring and checking electrosensitive protective equipment
– Mode selector switch (evaluation of a mode selector switch and an enable switch)
– Muting applications (light grid monitoring with parallel muting)
Stop category 0 Depending on the safety logic configured for the actual application, PSR-TRISAFE-S safety
module outputs can be used to stop machines/drives with stop category 0 according to
DIN EN 60204-1.
DIN EN 60204-1 defines stop category 0 as uncontrolled stopping by immediate removal of
power to a machine.
Whether a safe output meets stop category 0 depends on the safe functional blocks
connected in the safety logic: only if the module output is connected directly to the enable
output of a safe functional block, which executes stop category 0 at its output, can the
module output also meet this category.
Example The EmergencyStop functional block executes stop category 0 at its enable output. If this
block output is connected directly to a module output, the safety module also executes stop
category 0 at this output.
Figure 2-3 on page 2-7 shows an example of this type of connection.
Equipment on the The configuration and startup of the relevant safety circuit must be planned and verified
machine precisely. Different machines are subject to different requirements for the implementation of
a safety function.
Example: You are responsible for planning and implementing the startup behavior and the
restart behavior according to your risk analysis. To prevent an unexpected startup, a reset
button may be required to generate a manual reset signal at the machine. This will depend
on both the results of the risk analysis and the signal path.
Additional safe control devices, such as three-position enable switches, etc., may be
required.
Startup "Startup" refers to the behavior of the PSR-TRISAFE-S safety module after switching on (or
applying the supply voltage) and following configuration via USB interface or
IFS-CONFSTICK.
Unless a startup inhibit is configured, the safety module starts up immediately following
successful configuration (i.e., after pressing the "Confirm" button). The signal inputs are
then evaluated and the outputs controlled accordingly.
Restart "Restart" refers to the behavior of the safety module after the safety function is triggered and
following a return to normal operation, for example, after unlocking the emergency stop
control device, which means safe operation is possible again.
With an active startup/restart inhibit, the corresponding (inhibited) safe module output
remains in the safe state. This prevents an undesired startup/restart of a machine controlled
by the relevant output terminal block.
The safe state of an output terminal block is power off mode (signal value: FALSE).
Reset button To enable the function of the machine, which is controlled by the PSR-TRISAFE-S output
affected by the active startup inhibit/restart inhibit, the inhibit must be removed by a reset
signal.
As in the case of the stop category (see page 2-4), the startup and restart behavior of the
safety module depends on a specific output, and how this output is connected in the
configured safety logic.
The reset signal is used at the same time to exit the error state once the error cause has
been removed.
Implementation using safe To implement a startup inhibit/restart inhibit, safe functional blocks must be used in the
functional blocks SAFECONF configuration software, which have the relevant parameters for activating the
startup inhibit and/or restart inhibit.
The table below lists the functional blocks that offer these parameters.
To configure a startup inhibit for a specific safe output, for example, this output must be
directly connected in the safety logic to the output of a safe functional block, for which the
startup inhibit is set via the parameters.
Example In the example below, EmergencyStop as well as a startup inhibit (S_RES parameter =
FALSE) and a restart inhibit (A_RES = FALSE) are specified for the safe functional block.
The OUT enable output for the functional block is connected directly to safe output O0,
where O0 offers a restart inhibit and a startup inhibit. (EmergencyStop executes stop
category 0 at the output, which is also transmitted to O0 by the direct connection.)
EmergencyStop
PSR-TRISAFE-S
S2 14
Wiring the safety module with safe control
devices, sensors, and actuators 13 23
S1 12 Reset 13
K1
Not-Halt 11
E-Stop 14 24
+24V
103503a005.eps
Figure 2-3 Implementing a startup inhibit, restart inhibit, and stop category 0 for safe
output O0
Cross-circuit detection Cross circuits of the connected signal lines can be detected at the safe inputs.
A cross circuit is an unintentional, incorrect connection between redundant circuits.
Clock outputs T0 and T1 The safety module provides clock outputs T0 and T1 as an aid for detecting such a cross
circuit. The test pulses output here are asynchronous.
For example, if two differently clocked signals are routed back to two inputs of the safety
module along two channels via an emergency stop control device, a cross circuit can be
reliably detected in this emergency stop circuit. In the event of a cross circuit, the same
clock signal would be present at both inputs, instead of two different ones.
SAFECONF configuration software specifies the clock signals to be used: for all "even"
inputs (I0, I2, I4, ..., I18), cross-circuit detection is implemented with test pulse T0. For
"odd" inputs (I1, I3, I5, ... I19), test pulse T1 must be used for cross-circuit detection.
Other safe
functions/functi
onal blocks
PSR-TRISAFE-S
S2 14
Reset 13
103503a006.eps
Figure 2-4 Implementing cross-circuit detection for an emergency stop control device
at inputs I0 and I1 of the safety module
Parameter editor in For this purpose, cross-circuit detection for the safety module inputs to be monitored must
SAFECONF be activated in the SAFECONF configuration software in the device parameterization editor
of the hardware editor.
Doppelklick
Double click
103503a016.eps
For an overview of the diagnostic and status indicators, please refer to Table 3-1 on
page 3-5.
The SAFECONF configuration software and the PSR-TRISAFE-S safety module provide
various tools that can be used to diagnose the active configuration on the safety module:
– Hardware diagnostics in the event of a safe functional block error
– Wiring check
– Status indicators on the safety module
– Online tool tips in the connection editor
Hardware diagnostics in If a safe functional block detects an error, it sets its ERR error output to TRUE and the OUT
the event of a safe enable output to the safe status FALSE.
functional block error
For additional information, refer to the descriptions of the safe functional blocks in the
SAFECONF online help, particularly in the corresponding "ERR output" help topic.
If the ERR output of a safe functional block is TRUE, all the inputs that are connected
directly to the inputs of this functional block flash on the safety module.
This makes it easy to see which input of the safety module has been affected by the problem
and further measures can be taken to remove the fault (check the connecting cables to the
sensors or the connected sensors themselves, etc.).
Safety logic in
SAFECONF, in
online mode (error)
Figure 2-6 Simplified schematic view: Hardware diagnostics in the event of an error at
a safe functional block
Wiring check If the connection editor is in startup mode, the wiring check can be used to easily check the
terminal block position of the input used in the logic. A graphical link directs the user to the
right position and provides a better overview of the control cabinet.
1. Requirement: The PSR-TRISAFE-S safety module must be running.
Switch the connection editor to online mode, then to startup mode.
2. In the connection editor, position the cursor over the symbol for the input or output you
want to check, without clicking. The symbol starts to flash after around one second.
At the same time, the LED for the corresponding I/O also starts to flash on the
PSR-TRISAFE-S safety module.
Do not click
103503a015.eps
Status indicators on the There are four LEDs on the PSR-TRISAFE-S safety module.
PSR-TRISAFE-S safety – PWR (green): Indicator for the power supply of the safety module
module – DATA (green): Indicator for communication with extension devices (with/without TBUS)
– ERR (red): Error display
– CONF (green): Indicator for the configuration status and communication via the USB
interface
The LEDs indicate the status of the safety module.
For a detailed list of possible indicator combinations and their meanings, please refer to
"Diagnostic and status indicators" on page 3-4.
Online tool tips in the In online mode, when the SAFECONF configuration software reads signal values from the
connection editor PSR-TRISAFE-S safety module and displays them "live" in the connection editor, the safe
functional blocks indicate their status and, in the event of an error, a description of the error
as a tool tip as soon as you position the cursor over the symbol for a functional block.
In the event of an error, the tool tip contains not only a description of the error, but also
information on how to remove it. In the event of an error, the functional block symbol is also
outlined in red. This ensures that, in online mode, errors can be identified at a glance.
Offline tool tips Tool tips are also available while editing the safety logic in the connection editor. For all
functional blocks, functions, and their I/Os as well as for the buttons in the toolbar,
descriptions are displayed as soon as the cursor is positioned over the item.
Figure 2-9 Examples of tool tips in the connection editor in offline mode (while editing
the safety logic)
The PSR-TRISAFE-S and SAFECONF use two passwords to offer dual protection against
unauthorized modifications to the configuration and the project in the configuration
software.
103503a0010.eps
Controller password The controller password protects the configuration on the PSR-TRISAFE-S safety module
against unauthorized access and the safety module itself against unauthorized modification
of the operating mode. However, online values can be read from the safety module and
displayed in SAFECONF without entering the controller password. However, a new
configuration or new device parameters can only be downloaded to the safety module (and
the safety module can only be launched accordingly) once the controller password has
been entered.
Project password The project password protects the configuration project in SAFECONF against
unauthorized modifications to the safety logic and the project information. You can still open
and display projects without a password, but you can only change and save them once you
have entered a project password. This ensures that only authorized persons in possession
of the correct project password can change the safety logic.
When creating a new project, you will be automatically requested to define a password.
Automatic logoff due to a If no user activity is detected in SAFECONF for a certain period of time, you will be logged
long period of inactivity in off from the project automatically. This prevents unauthorized persons from making
SAFECONF changes to the project if you have not logged off from the project.
For the PSR-TRISAFE-S safety module: after a long period of inactivity, you must enter the
controller password again in order to communicate with the safety module in SAFECONF.
During automatic logoff, for safety reasons the safety module remains in the mode that was
running prior to automatic logoff.
Example: The automatic logoff does not cause startup mode to be exited, but you must log
on again before you will be able to influence signals once more.
For additional information about password protection, please refer to the online help for
SAFECONF.
The PSR-TRISAFE-S safety module is a configurable safety controller with 20 digital safe
inputs, which enable the connection of a maximum of 20 single-channel or 10 two-channel
safe sensors or control devices.
The four digital safe outputs, O0 to O3, are controlled after evaluating the incoming signals
according to the configuration, which was created with the SAFECONF configuration
software and downloaded to the PSR-TRISAFE-S safety module via USB interface.
The PSR-TRISAFE-S safety module also has two ground switching outputs, O0- and O1-,
which can be used for example to switch off a contactor connected to the safety module
either via the output or via ground. Use of the ground switching outputs increases the
shutdown protection and cross-circuit protection of the safety circuit.
In addition, the safety module has four non-safety-related digital alarm outputs (M0 to M3),
which can be used for example to control a standard PLC or signaling units.
The two asynchronous test pulses at T0 and T1 provide safe cross-circuit detection at the
inputs of the safety module, as described in "Error detection in I/O devices" on page 2-8.
All connection terminal blocks are plug-in. The individual terminal block bases are
mechanically keyed to prevent incorrect connection. The PSR-TRISAFE-S safety module is
available either with screw connections (on the left in Figure 3-1) or with spring-cage
connections (on the right in Figure 3-1).
A 0
A
1 V
1
24
24
A O
A
V
1 0
1
0V
A -0
A -0
2 1
2 1
P
O
S
A
R
0
2
2
-T
R
-
IS
-
R
T M
T M
W
W
0
A
0
P
M
F
P
M
TA
TA
T M
E
T M
0
0
0
0
-S
A
D
D
T M
R
R
T M
1
1
R
1
R
E
E
F
F
T
N
I0
I0
2
O
1
O
C
C
O
O
I1
3
I1
3
0
0
O
O
I2
I2
1
1
O
O
I3
I3
2
2
C TIC
C TIC
O K
O
O K
S
S
N
3
N
3
F
F
I4
I4
O
N
C
I1
I1
F
O
I5
IR
I5
2
2
M
F
I1
I1
IR
I6
I6
3
3
I1
I1
I7
I7
4
4
I1
I1
5
5
I8
I8
I1
I1
I9
I9
6
6
I1
I1
I1
I1
7
7
0
0
I1
I1
I1
I1
8
8
1
1
I1
I1
9
9
Figure 3-1 PSR-TRISAFE-S safety module with screw connection (left) or with spring-
cage terminal blocks (right), on 35 mm EN DIN rail
A1 A2 T0 T0 T1 T1 I0 I1 I19 M0 M1 M2 M3
POWER
24V DC TEST PULSE MONITORING
OUTPUT SAFE INPUT OUTPUT
NON-SAFE
TBUS
LOGIC
CONF
SAFE OUTPUT STICK
POWER USB
24V DC
The diagram below illustrates the possible operating modes (status) of the PSR-TRISAFE-S
safety module and the possible status transitions. When there is a USB connection to the
PC, the module status is indicated on the far left in the status bar of the SAFECONF
configuration software.
No
Initial startup?
Yes
Controller: No project
Download project
Execution starts following
acknowledgment ("Confirm" button on the device)
Er
Connection editor ro
Controller: Connected rd
online or offline ur
in
g
ex
ec
ut
io
n
Change between
safe online mode
Startup and standard
startup mode Controller: Error
n
tio
e cu
ex
g
in
d ur
Controller: Startup or
r
Er
USB connection (PC to safety module) must not be interrupted
and project in SAFECONF must not be changed.
Otherwise safety module is stopped and
changes to the safe state after 10 minutes.
Figure 3-3 Diagram: Possible operating modes (status) for the PSR-TRISAFE-S safety
module
All operating and indication elements for the PSR-TRISAFE-S safety module are located on
the front of the device. The elements are described in the following sections.
IFS-CONFSTICK
"Confirm" button
Status indicators
LEDs - Status
of the safe I/Os
Figure 3-4 Operating and indication elements of the PSR-TRISAFE-S safety module
Status indicators The four status indicators on the front of the device can be used to read the operating status
of the safety module. The following LEDs are available (from left to right):
– "PWR": Indicator for the power supply of the safety module
– "DATA": Indicator for communication with extension devices (with/without PSR TBUS
DIN rail connector). This LED is only on if a TBUS device is connected.
– "ERR": Error indicator
– "CONF": Indicator for the configuration status and communication via the USB interface
The following table lists the possible indicator combinations for the status LEDs and their
meanings. A distinction is made between slow flashing and fast flashing LEDs.
LED OFF
LED ON
LED flashing
Slowly = 1.7 Hz
Fast = 6.3 Hz
Table 3-1 Meaning of the status LEDs
LEDs for signal I/Os The state of each of the 20 safe inputs and 4 safe outputs is indicated by an LED on the front
of the device.
Table 3-2 Operating LEDs for the safe inputs and outputs
LED State Meaning
For each input No switching signal at the relevant input
("I0" to "I19")
Switching signal active at the input
Confirming the new The "Confirm" button is on the right-hand side on the front of the PSR-TRISAFE-S safety
configuration module, above the USB interface. Press this button using a pen to confirm a new
configuration downloaded via the USB interface before it is accepted by the safety module.
See also "Downloading the configuration from SAFECONF" on page 5-4.
Replacing the The "Confirm" button also plays an important role when replacing the IFS-CONFSTICK. To
IFS-CONFSTICK download a new configuration by replacing the IFS-CONFSTICK rather than via the USB
interface, press and hold down the "Confirm" button while removing and inserting the
IFS-CONFSTICK using the specified procedure.
For the precise procedure, please refer to "Downloading the configuration using the
IFS-CONFSTICK" on page 5-7.
All input and output connections, with the exception of the USB interface, are made via plug-
in keyed connection terminal blocks.
Supply for logic and Test pulses for
alarm outputs cross-circuit
detection
Supply for
safe outputs Standard alarm
outputs
Ground switching
outputs
Safe inputs
Safe outputs
The PSR-TRISAFE-S safety module has 20 digital signal inputs (24 V HTL/3 mA) for the
direct connection of safe control devices and/or safety sensors for monitoring and
evaluating processes.
The safe inputs are linked to the safety logic in the connection editor of the SAFECONF
configuration software. See also "Adding and connecting functions, functional blocks, and
signals in the safety logic" on page 4-11.
Signal redundancy due to Every two adjacent signal inputs (i.e., I0 and I1, I2 and I3, etc.) are grouped together and
dual signals locked by default to form a dual signal in the SAFECONF configuration software. This is
indicated in the representation of the safety module in the hardware editor of the
configuration software by a red padlock at the relevant inputs. The two signals are then
always used as a pair, i.e., both signals are dragged, dropped, cut or deleted together in the
connection editor.
However, if required this lock can be removed and the dual signal split into two single
signals.
Dual signals are not connected to one another internally; they are simply grouped
together.
As input signals with even and odd IDs are processed in different ways in the safety module,
using dual signals ensures that the safety module will perform redundant processing.
Two-channel sensors To ensure signal redundancy, the prepared dual signal must be used to process two-
channel signals (2-wire sensors and control devices). For example, in order to monitor or
evaluate both signals of an emergency stop control device redundantly and to performance
level PL e according to DIN EN ISO 13849-1 or EN 954-1 category 4, these two adjacent
signal inputs (e.g., I0 and I1) must be connected.
Cross-circuit detection A "cross circuit" is an unintentional, incorrect connection between redundant circuits. The
PSR-TRISAFE-S safety module provides clock outputs T0 and T1 as an aid for detecting
such a cross circuit.
For example, if two differently clocked signals are routed back to two inputs of the safety
module along two channels via an emergency stop control device, a cross circuit can
definitely be detected in this emergency stop circuit: In the event of a cross circuit, the same
clock signal would be present at both inputs, instead of two different ones.
The SAFECONF configuration software specifies the clock signals to be used: Cross-circuit
detection is implemented with test pulse T0 for "even" inputs (I0, I2, I4, ... I18). For "odd"
inputs (I1, I3, I5, ... I19), test pulse T1 must be used for cross-circuit detection.
For an example of two-channel connection of an emergency stop control device with dual
signal and cross-circuit detection, please refer to Figure 2-4 in "Error detection in I/O
devices" on page 2-8.
The safe output signals are clocked with a test pulse of 1 ms.
The non-safety-related alarm outputs M0, M1, M2, and M3, are designed as digital
semiconductor outputs for 24 V DC/100 mA.
These alarm outputs can be used for example to control a standard PLC or a detector unit
(e.g., a signal lamp).
As is the case for safe inputs and outputs, the alarm outputs are linked in the connection
editor of SAFECONF (see "Adding and connecting functions, functional blocks, and signals
in the safety logic" on page 4-11).
NOTE: Alarm outputs must not be connected in parallel.
Feedback to alarm outputs is not permitted.
The test pulses output at outputs T0 and T1 are used for cross-circuit detection at the inputs.
Each output is available twice. The output test pulses T0 and T1 are asynchronous, i.e., T0
does not equal T1.
To implement cross-circuit detection, the relevant safe inputs must be configured
accordingly using the device parameterization editor (part of the hardware editor in
SAFECONF).
The SAFECONF configuration software specifies the clock signals to be used: Cross-circuit
detection is implemented with test pulse T0 for "even" inputs (I0, I2, I4, ... I18). For "odd"
inputs (I1, I3, I5, ... I19), test pulse T1 must be used for cross-circuit detection.
Please also refer to "Signal inputs" on page 3-7 and "Error detection in I/O devices" on
page 2-8.
The 24 V/0 V supply connection is used to supply the outputs of the safety module and the
clock and ground switching outputs with power.
The supply connection A1/A2 is used to supply the logic of the safety module and the alarm
outputs with power.
At the double terminal block contacts, 2 and 3-wire sensors and control devices can be
supplied directly by the safety module (Unom = 24 V DC).
VORSICHT: For 3-wire sensors, ensure that the GND potential of the sensor/control
device matches the GND potential of the safety module.
The maximum continuous current for devices connected to terminal blocks A1 and A2 is
6 A (limiting continuous current for looped through current paths A1/A1 and A2/A2).
The ground switching outputs O0- and O1- increase the shutdown protection and cross-
circuit protection of the safety system. These outputs can be used for example to switch off
a contactor connected to the PSR-TRISAFE-S safety module either via the output or via
ground.
Ground switching output O0- can only be used in connection with output O0, ground
switching output O1- can only be used in connection with output O1.
The diagram below shows an example application: The two contactors, K1 and K2, are
switched between safe module output O0 and ground switching output O-.
PSR-TRISAFE-S
42 A1 13 23 33
-K1 K1
41 A2 12 24 34
S1 14 42 13 23 33
-K2 A1
S1 12 22 K2
Reset 13 41 12 24 34
A2
Not-Halt 11 21
E-Stop +24V
103503a018.eps
Figure 3-6 Example application for ground switching outputs O0- and O1-
In order to use the ground switching outputs, the corresponding parameters must be set
for outputs O0 and O1 in the SAFECONF configuration software. For more detailed
information, please refer to the online help topic "Parameterizing the I/Os of the safety
module".
The USB interface (standard USB 2.0) is used for communication between the
PSR-TRISAFE-S safety module and the SAFECONF configuration software.
This includes:
– Downloading configuration data (i.e., the SAFECONF project)
– Optional upload of the configuration in order to open it as a project and edit it as
required in SAFECONF
– Reading values from the safety module during operation and displaying the read values
"live" in the connection editor of SAFECONF (online mode)
– Forcing signals on the running safety module for startup purposes (standard startup
mode)
Before the PSR-TRISAFE-S safety module is connected to the configuration PC, the
SAFECONF configuration software must be installed with the appropriate USB drivers for
the module.
Once the USB connecting cable (mini-USB connector, 5-pos., maximum cable length 3 m)
has been connected, the appropriately configured PC detects the safety module
automatically.
If the SAFECONF configuration software is already running, the software detects the status
of the safety module and indicates it at the bottom right in the status bar.
Figure 3-7 Status bar in the SAFECONF configuration software (safety module already
contains a configuration project)
3.6 IFS-CONFSTICK
The PSR-TRISAFE-S safety module is equipped with a plug-in memory module, the
IFS-CONFSTICK.
A
1
24
A
V
1
0V
A
2
P
O
S
A
0-
R
2
-T
01
R
-
IS
R
T
W
0
A
M
F
P
TA
T
E
0
-S
A
D
T
R
1
R
E
M
F
T
N
I0
1
O
C
M
O
3
I1
0
O
I2
1
O
I3
2
C TIC
O
O K
S
N
3
F
I4
C
I1
O
I5
2
N
F
I1
IR
I6
3
M
I1
I7
4
I1
5
I8
I1
I9
6
I1
I1
7
0
I1
I1
8
1
I1
9
Figure 3-8 IFS-CONFSTICK on the PSR-TRISAFE-S
IFS-CONFSTICK as a The IFS-CONFSTICK must be inserted in the PSR-TRISAFE-S safety module both during
hardkey normal operation and for downloading configuration data from SAFECONF via the USB
interface.
If no IFS-CONFSTICK is inserted in the safety module or if it is removed, the safety module
behaves as follows:
– If no IFS-CONFSTICK is inserted when downloading configuration data, the
configuration cannot be downloaded and SAFECONF outputs an error message.
– If no IFS-CONFSTICK is inserted when the safety module is started, the module sets
all outputs to FALSE and indicates an error. The safety module does not execute any
functions.
– If the IFS-CONFSTICK is removed during operation, the safety module sets all outputs
to FALSE and indicates an error. The safety module does not execute any more
functions.
– If the IFS-CONFSTICK is removed from the safety module and reinserted as described
in "Downloading the configuration using the IFS-CONFSTICK" on page 5-7, the safety
module sets all outputs to FALSE and does not execute any functions until the
IFS-CONFSTICK is inserted again correctly. The safety module does not indicate an
error.
For standard extension modules, the PSR-TRISAFE-S safety module is equipped with an
interface for the PSR TBUS DIN rail connector on the mounting side (see page 2-3).
The PSR TBUS DIN rail connector can be used to connect the MINI-SYS-PS system power
supply unit or to connect gateways (e.g., for PROFIBUS) for transmitting standard
diagnostic data. The PSR TBUS DIN rail connector eliminates the need for cross-wiring
between the safety module and the gateway modules or system power supply unit.
The voltage can be supplied at any PSR device or using the system power supply unit via
the PSR DIN rail connector (see "Connecting the supply voltage" on page 3-16).
3.7.1.1 Mounting
Mounting a 35 mm DIN rail 1. The safety module should only be mounted on 35 mm DIN rails according to
DIN EN 60715. To avoid contact resistance only use clean and corrosion-free DIN rails.
Mounting PSR TBUS DIN 2. To use PSR TBUS DIN rail connectors to create a connection station with a system
rail connectors (optional) power supply unit or with extension units, proceed as follows:
– Connect together the required number of PSR DIN rail connectors for the
connection station (see Figure 3-9, A).
– Snap this group of PSR DIN rail connectors onto the DIN rail (see B and C).
A
PSR TBUS DIN rail connector
B C
Mounting the 3. Place the module onto the DIN rail from above as shown in Figure 3-10 so that the
PSR-TRISAFE-S safety upper holding keyway of the module is hooked onto the top edge of the DIN rail.
module When using PSR DIN rail connectors, ensure that the contact opening in the base of the
module is aligned correctly over the contact block of the PSR DIN rail connector.
Figure 3-10 Attaching the PSR-TRISAFE-S safety module to the DIN rail
4. Push the lower part of the module that is furthest from the DIN rail towards the DIN rail
until it engages with a click.
5. Check that the module is fixed securely on the DIN rail.
6. When mounting additional modules on the DIN rail (e.g., gateway extension modules
or power supply unit), place them on the DIN rail with no spacing, i.e., in direct contact
with the sides of the housing. All standard extension units must be mounted to the left
of the PSR-TRISAFE-S safety module.
7. End clamps should be mounted on both sides of the module (or module group) to stop
the module(s) from slipping on the DIN rail.
3.7.1.2 Removal
To remove the PSR-TRISAFE-S safety module, proceed as follows:
1. Pull the locking latch on the bottom of the module down using a screwdriver,
for example, to release the module from the DIN rail.
2. Lift the bottom of the module away from the DIN rail slightly.
3. Pull the module diagonally upwards away from the DIN rail.
The PSR-TRISAFE-S safety module has no main switch and is switched on simply by
applying the supply voltage.
The safety logic and alarm outputs are supplied with power via connections A1/A2, the safe
outputs, clock outputs, and ground switching outputs are supplied via connections 24V/0V.
Once the "PWR" status indicator is permanently on, the PSR-TRISAFE-S safety module is
ready to operate.
Outputs "A1" and "A2" provide the supply voltage for supplying other modules, such as
sensors (see "Supply connections A1 and A2" on page 3-9).
Connections
24 V DC/0 V
Cable lengths Many applications use large numbers of sensors or control devices. Depending on the size
of the machine or system, a considerable amount of cabling may be required to wire the
sensors. Make sure that the specified cable lengths are not exceeded, so as to ensure error-
free operation of the safety circuits and therefore a reliable safety demand.
For reliable and touch proof contacts, strip the cable ends as follows:
O
3
4
7 mm
O
I4
N
I1
F
C
I5
I
I1
8 mm
2
O
I5
2
I1
I6
I1
3
I6
3
I1
I7
I1
4
I7
4
I1
I1
I8
5
I8
I1
I9
I1
6
I9
6
I1
I1
I1
7
I1
0
7
I1
I1
I1
8
I1
1
8
I1
I1
9
9
Screw Spring-cage
terminal terminal
blocks
Figure 3-12 Connection to screw terminal blocks (left) and spring-cage terminal blocks
(right)
The installation routine for the configuration software also includes the installation of the
required driver for the USB interface. This driver is required to enable communication
between the PC on which SAFECONF is installed and the PSR-TRISAFE-S safety module.
To ensure that the configuration software detects the safety module automatically and
correctly, the software must be fully installed on the computer before the device is
connected for the first time.
Proceed as follows:
1. If you have downloaded the configuration software, extract the downloaded file and
start the installation program (setup file).
If you have purchased the PSR-SAFECONF-BOX, insert the supplied CD in the drive.
A graphical menu opens. Select "Install software" to start the installation program.
(If you have deactivated the auto start option on your computer, open the "SAFECONF"
folder on the CD and execute the setup file.)
2. Select the desired language for the installation routine. (This also sets the language for
the SAFECONF user interface, which is set when the software is started for the first
time.)
3. The installation program now guides you through the installation step by step.
Follow the on-screen instructions.
4. Once SAFECONF is installed, you will be prompted to install the drivers for the safety
module.
Follow the on-screen instructions.
5. In the Windows dialog box for driver installation, select "Install the software
automatically (recommended)".
Finally, a message appears indicating that the configuration software and drivers for the
safety module have been fully installed.
The SAFECONF safe configuration software is used only for the configuration of the
PSR-TRISAFE-S safety module. The software supports the user in all operating phases,
from planning the application, through configuration to starting up the PSR-TRISAFE-S
safety module and compiling system documentation.
The following SAFECONF functions are available:
Creating the safety logic – Creation of the safety logic using a graphical connection editor. The circuit which the
safety module runs on is created by graphically linking safe functional blocks certified
according to the PLCopen specification via connecting lines and safe functions. Safe
functions range from logic operations such as AND, OR, etc., to timer and trigger
functions.
Linking I/Os with safety – PSR-TRISAFE-S inputs and outputs are easily linked with the safety logic using drag &
logic drop.
Parameterizing I/Os – Parameterization of the inputs and outputs of the PSR-TRISAFE-S safety module using
a safe parameterization editor.
Online mode for function – Diagnostic and startup tools are included for communication:
test During safe operation, you can easily read signal values from the safety module and
display them in a special online mode. The connection editor indicates the current "live"
status of each signal and the inputs and outputs of each functional block in the safety
logic. The hardware editor in online mode maps the LEDs on the safety module.
Startup mode (additional) – In addition to the mandatory function test (activating safe control devices,
e.g., emergency stop, safety door, etc.), standard startup mode can be used to execute
a function test while the system is operating: For example, instead of pressing the
actual switch, you can force the corresponding signal in the connection editor and test
the safety logic in this way.
Documentation, – The configuration software provides a detailed project information dialog box, where all
checklist information relating to the project can be stored and a safety-related checklist can be
completed. This information dialog box is supplemented by an assignment list, where
comments can be added to the signals of the safe devices used in order to document
the wiring.
All documentation, including the graphical safety logic, the assignment list, and the
device parameters, can be printed out in a clear format.
EASYSIM simulation – Simulation of the safety module, for example, for preliminary testing of the developed
safety logic even if no safety module is available.
Online help A description of the wide range of functions offered by SAFECONF exceeds the scope of
this user manual. However, the online help for the software contains detailed descriptions
of each function.
To call the online help:
• In the "?" menu, select the "Help Topics" menu item.
The table of contents for the online help appears. Search for a help topic as described
below.
• Or: In an active input dialog box or window, press <F1>, for example, in the connection
editor.
The context-sensitive online help for the active dialog box or window appears.
• Or: In the connection editor, select an object and press<F1> in order to view information
relating to that object. For safe functions and functional blocks, general information
about the objects can be accessed in this way. There is also specific functional block
information, which can be called via the "Help" context menu item for the relevant
functional block or function.
This section provide an overview of the user interface for the SAFECONF configuration
software. For more detailed information, please refer to the online help (see also "Online
help" on page 4-2).
The windows may be arranged differently to the format shown here, either when the
software is delivered or once you have adapted the program to your preferences.
5. Hardware editor
The hardware editor contains a graphical representation of the PSR-TRISAFE-S safety
module. When configuring the safety logic, input and output signals can be moved from
here to the connection editor using drag & drop. Double-clicking on the hardware editor
starts the safe device parameterization editor (not shown in the figure).
6. Status bar
When working with the configuration software, the status bar displays messages and
information, as well as the current logon status, the status of the safety module, and
transmission progress when downloading or uploading the configuration to or from the
safety module.
The following windows and dialog boxes are not visible in the figure:
– Message window
The message window can be used to track the progress of the project checking
function. When the check is started, the message window opens automatically. If the
system detects an error when checking the project, the relevant error location can be
accessed directly by double-clicking with the left mouse button on the message in the
message window.
– Assignment list for signals
The assignment list contains the signal assignments for the individual inputs and
outputs of the PSR-TRISAFE-S safety module. It provides "wiring documentation",
which makes the project easier to understand, and helps to prevent incorrect
connections being established in the connection editor.
– Project information dialog box
This dialog box can be used to enter and display the most important information for the
current configuration project (e.g., project-related data, manufacturer data, operator,
installation location, data relating to safety inspections, revision history for the project).
The connections are made intuitively using the mouse, and the editor prevents
impermissible connections (e.g., between certain outputs).
The safe functions include simple Boolean operations and basic functions used in standard
digital technology.
Safe functions The following safe functions are available in the SAFECONF toolbox and can be easily
added to the safety logic using drag & drop (in alphabetical order):
– AND (Boolean ANDing)
– EQ (Boolean comparison)
– F_TRIG (detection of a falling edge)
– NOT (complement or negator)
– NOT_EQ (comparison for Boolean inequality)
– OR (Boolean ORing)
– PULSE_GEN (safe pulse generator)
– R_TRIG (detection of a rising edge)
– RS (bistable function: priority for resetting)
– SR (bistable function: priority for setting)
– TOF (timer for off delay)
– TON (timer for switch-on delay)
– TP (impulse encoder)
– XOR (Boolean EXORing)
Safe functional blocks The safe functional blocks provide basic safety-related functions for implementing the
required safety circuits. Table 4-1 lists the available functional blocks in alphabetical order.
A detailed description of each functional block and function is available in the online help.
To open the help for a particular safe functional block or safe function, right-click on the
corresponding block in the SAFECONF connection editor and select "Help" from the
context menu.
Intuitive operation The SAFECONF configuration software follows the Windows standard for all user activities.
However, SAFECONF offers a wide range of functions, which far exceeds the standard
level of performance in this sector. Examples include online diagnostic tools and simulation
of the safety module.
Details in the online help A description of the wide range of functions exceeds the scope of this user manual,
therefore please refer to the online help, which contains a detailed description of each
software function.
For an overview of the steps required when configuring a project, please refer to
"Configuration overview from A to Z" on page 5-1.
The following sections provide a brief introduction to the most important software functions.
When creating a new project, either use a project template or create an empty project using
the Project Wizard.
"Empty" means that although the safety module is already available in the hardware editor
for "wiring" the signals, the connection editor does not yet contain any safety logic.
If a project template is used, a predefined circuit, which can be modified or extended as
required, will be inserted into the connection editor.
To create a new project, select "New Project..." in the "File" menu, use the keyboard
shortcut <Ctrl>+<N> or click on the following icon:
In the "New Project" dialog box that appears, select either the Project Wizard or a specific
project template.
Figure 4-3 Project Wizard for creating a new configuration project, using a project
template
The safety logic is created in the connection editor as a network of safe functions and
functional blocks. They are available in the various sections of the toolbox and must be
inserted in the connection editor from there.
In order to process the various signals (inputs, outputs, and alarm outputs of the
PSR-TRISAFE-S safety module) in the connection editor, the signals must be inserted in the
connection editor from the hardware editor and connected to other objects.
Input and output signals can only be inserted into the connection editor from the hardware
editor and linked to functional blocks in the connection editor if you have logged on with
the correct project password ("Log On" in the "Project" menu).
Functional blocks and Safe functional blocks/functions and constants are always inserted into the connection
functions in the toolbox editor from the toolbox using drag & drop. To do this, proceed as follows:
1. Display the toolbox ("Toolbox" in the "View" menu). If the auto-hide function is enabled,
position the cursor over the minimized window as shown in Figure 4-5 for the hardware
editor.
2. In the toolbox, open the required section by clicking on the corresponding navigation
bar ("Safe Functions", "Safe Functional Blocks" or "Favorites").
3. Drag the required object into the connection editor from the toolbox section:
– Left-click on the required object and hold the mouse button down.
– Hold the left mouse button down and drag the object from the toolbox to a free
position in the safety logic and then release the mouse button.
– Signal constants can be dragged directly to functional block connections, thus
establishing the connection immediately on insertion.
The object is stored at the selected position (oriented on the grid of the connection editor).
Figure 4-4 Inserting safe functional blocks and functions from the toolbox in the
connection editor
Signal inputs and signal Input and output signals of the safety module are always inserted into the connection editor
outputs in the hardware from the hardware editor using drag & drop. To do this, proceed as follows:
editor
1. Display the hardware editor ("Hardware Editor" in the "View" menu). If the auto-hide
function is enabled, position the cursor over the minimized window as shown in the
figure below.
Figure 4-5 Opening the hardware editor with the auto-hide function enabled
2. Drag the required (dual) input signal or output signal from the hardware editor into the
connection editor as follows (see Figure 4-6 on page 4-12):
– Left-click on the required (dual) signal and hold the mouse button down. Please
refer to the information below on using dual signals.
– Hold the left mouse button down and drag the (dual) signal from the hardware
editor directly to a free connection (or two free connections, in the case of a dual
signal) in the safety logic, then release the mouse button.
– Alternatively, you can store signals at any free position in the connection editor.
The free signals must then be linked to free functional block connections manually
(see "Connecting objects" on page 4-14).
The (dual) signal is stored at the selected position (aligned with the grid) and, if
applicable, directly connected to the corresponding connection.
Standard alarm signals M0 to M3: As well as 20 safe inputs and four safe outputs, the
safety module also provides four non-safety-related alarm outputs. These alarm outputs
can be used, for example, to control a standard PLC or a simple detector unit (e.g., a
signal lamp). Since the alarm signals are not safe, they are shown in gray rather than
yellow in the connection editor.
Alarm outputs are edited in the same way as safe I/O signals.
Clock outputs T0 and T1 of the safety module cannot be moved to the connection editor
using drag & drop. To implement cross-circuit detection using these two test pulses, the
relevant safety module inputs must instead be parameterized accordingly.
Connecting objects As shown in Figure 4-6 on page 4-12, signal inputs and outputs as well as constants can be
connected as soon as they are inserted in the connection editor (using drag & drop).
Free terminal points are connected as described below.
The inputs and outputs of the safety module can be parameterized. Specific properties can
be defined for each input and output in a special safe parameter editor.
When checking a project in the SAFECONF configuration software, this data is used to
create a parameterization file, which is subsequently transmitted to the safety module
automatically as part of the configuration project.
The parameters can only be edited if you have logged on with the correct project
password ("Log On" in the "Project" menu).
Opening the device The device parameterization editor is a component of the hardware editor. To open this
parameterization editor editor for all I/Os (general view), double-click on the representation of the safety module in
the hardware editor.
Doppelklick
Double click
103503a016.eps
Figure 4-9 Opening the device parameterization editor for all I/Os
To open the device parameterization editor for only one specific I/O, double-click on the
relevant signal in the graphical representation of the device:
Doppelklick
Double click
103503a021.eps
Figure 4-10 Opening the device parameterization editor for one specific I/O
Instead of double-clicking, you can also open the device parameterization editor via the
context menu. Right-click either directly on a specific I/O to open the parameters for this I/O,
or on any empty position in the graphical representation of the device to open the general
view.
In both cases, select "Parameters" from the context menu.
Figure 4-11 Opening the device parameterization editor via the context menu
Structure of the device The adjustable parameters are provided in table format.
parameterization editor
At the top left of the table is the device type or the device ID and the "location ID", which is
the unique security ID for the safe device. Every safe device can be clearly identified using
just this ID. Underneath is the name of the import file, provided that you have imported
parameters (see the "Importing/exporting" section).
The available parameters are then listed row by row (see description of input parameters
and output parameters). Every parameter (i.e., every table row) consists of a value, which
can be modified, and the parameter name (which cannot be modified). Please read the next
section for more information.
Modifying device In the interests of security, only predefined parameter values can be selected. Proceed as
parameters follows:
1. Click in the white field of the parameter you wish to change. The field now displays an
arrow for opening a selection list.
2. Click on the arrow to open up the list.
3. Click on the required value. This list is closed and the selected value is visible in the
parameter field.
Unless the device parameterization editor is closed or another device is selected, several
editing steps can be undone (<Ctrl>+<Z>) and redone (<Ctrl>+<Y>).
If you have modified parameters and then close the editor with "OK", you are prompted to
save the changes that have been made.
Input parameters for the A "cross circuit" is an unintentional, incorrect connection between redundant circuits. The
safety module: safety module provides clocked outputs T0 and T1 as an aid for detecting such a cross
Cross-circuit detection circuit.
The SAFECONF configuration software specifies the clock signals to be used: Cross-
circuit detection is implemented with test pulse T0 for "even" inputs (I0, I2, I4, ... I18). For
"odd" inputs (I1, I3, I5, ... I19), test pulse T1 must be used for cross-circuit detection.
For additional information about cross-circuit detection, please refer to "Signal inputs" on
page 3-7 and "Error detection in I/O devices" on page 2-8. An application example is also
provided there.
Output parameters for the The "additionally ground switching contact" parameter "no"/"yes, with O...-" is only available
safety module: for outputs O0 and O1. Output O0 is connected to ground switching output O0-, output O1
Ground switching output to ground switching output O1-.
This parameter is used to specify whether the specified ground switching output, which can
assist in shutting down a single-channel application safely, should be switched in addition
to the relevant safe module output.
Use of ground switching outputs O0- and O1- increases the cross-circuit protection. For
more detailed information about using ground switching outputs O0- and O1- and a
corresponding example application, please refer to "Ground switching outputs O0- and
O1-" on page 3-10.
Figure 4-13 Setting the device parameter for the use of ground switching output O0-
Exporting and importing Once the inputs and outputs of the safety module have been parameterized, the parameter
parameters list can be exported to a file so that it can be used again later.
For information about exporting and importing parameters, please refer to the online help
(see "Parameterizing the I/Os of the safety module").
Printing parameters The print dialog box ("Print Project" in the "File" menu) contains a "Safe parameters"
checkbox. If this checkbox is selected before printing a project, all the parameters of the
safe device are printed too.
The project can only be checked if you have logged on with the correct project password
("Log On" in the "Project" menu).
If the current project status has not yet been saved, this is done automatically prior to
checking.
Check values (CRC): To ensure that any distortions to the configuration data during
transmission to the safety module can be reliably detected, a check value (CRC) is
calculated in the configuration software when the project is checked. The safety module
also determines the check value for the downloaded data. If the check values on the
safety module and in the configuration software are identical, all data has been saved on
the safety module without distortion. If the check values differ, a corresponding error
message is output.
The check value (CRC) will also differ if subsequent modifications have been made to
the project in the configuration software, but have not yet been downloaded to the safety
module. A change to the product documentation can also modify the check value, for
example.
Once the configuration project has been developed, i.e., the safety logic and the device
parameterization have been completed, the project must be checked. This involves
checking the safety logic for errors, such as open function inputs.
To check the project, proceed as follows:
1. Click on the "Check Project" icon in the toolbar:
2. The progress of the checking function can be tracked in the message window, which
opens automatically:
If the configuration software detects an error, the relevant error location can be
accessed directly by double-clicking with the left mouse button on the message in the
message window.
In the example below, an input is not connected. Double-clicking on the error message
highlights the affected object (in a green border) in the connection editor.
Figure 4-14 Jumping to an error location in the safety logic from the message window
when checking the configuration project
4. Once a check has been completed without errors, the project can be transmitted to the
safety module. For information about downloading a configuration project and the
associated startup of the safety module, please refer to "Downloading the configuration
from SAFECONF" on page 5-4.
Documenting signal The system offers the option of maintaining a signal list or, more accurately, a signal
assignment assignment list.
Figure 4-15 Documenting signal assignment in the "Assignment Map" dialog box
3. Once all the required texts have been entered, confirm the dialog box with "OK" to save
the signal list.
For additional information about signal information, please refer to the online help, which
is opened by pressing <F1> when the "Assignment Map" dialog box is active.
Entering project Open the "Project Info" dialog box by selecting "Project Information..." in the "Project" menu.
documentation
This dialog box can be used to enter the most important information about the current
project, from project-specific data (description of the application, designation, name of the
creator/editor, etc.) to manufacturer data, the operator, and installation location, through to
data relating to safety inspections, and a revision history for the project.
To ensure compliance with standards, the fields with yellow row headers must be
completed each time a new project version is developed. The fields with a gray
background are less important. However, it is highly recommended that you enter data in
all fields.
Check values (CRC): If the project documentation is modified, the check value is
recalculated, i.e., the system detects that the project on the safety module differs from the
configuration project. If the check values on the safety module and in the configuration
software are not identical, a corresponding message is output.
For additional information about project information and documentation, please refer to
the online help, which is opened by pressing <F1> when the "Project Information" dialog
box is active.
For additional information about printing, page layouts, and print settings, please refer to
the online help, which is opened by pressing <F1> when the "Print Project" dialog box is
active.
The SAFECONF configuration software includes the EASYSIM controller simulation, which
can be used to simulate the execution of the safety logic:
– If no PSR-TRISAFE-S safety module is available
– If a simulated function test is recommended prior to actual startup of the "real"
PSR-TRISAFE-S safety module
When working with the EASYSIM simulation instead of the safety module:
– If a safety module is connected, it will not be addressed, i.e., its inputs will not be read
and its outputs will not be written.
– Execute the same steps in the SAFECONF configuration software as you would if you
were working with the real safety module, but ensure that the "Simulate Safety
Controller" icon on the toolbar is activated (see Figure 4-17 on page 4-22). This means
that you can force signals or display online values in the connection editor as usual. The
simulation continues to run in the background, with the icon visible in the taskbar
notification field (system tray, known as systray for short).
– The simulation can be configured for the current application, inputs can be "activated"
in the simulation directly, and the effects on outputs can be monitored, thus simulating
the I/Os of the actual hardware.
– The timing of the machine/system can be simulated in expert mode.
Starting simulation mode To start the simulation and download a project, proceed as follows:
1. To start the simulation, click on the "Simulate Safety Controller" icon in the toolbar.
If the icon is activated, the simulation is active and all commands executed, such
as "Download" or "Online Values", will relate to the simulation.
Figure 4-17 Icon for simulation mode, "not activated" and "activated"
2. Once the icon has been selected, a message window appears stating "Simulation
being activated".
The project is then saved and checked automatically. Any errors detected are output in
the message window.
3. Once a check has been completed without errors, the project can be downloaded as
usual by clicking on the icon of the same name in the toolbar:
Unlike with the actual safety module, you do not have to log on with a controller
password when using the simulation.
4. Once the simulation has been started, the following entry is indicated on the far right in
the status bar:
Exiting SAFECONF To switch from the EASYSIM simulation to the real safety module, in the SAFECONF
simulation mode configuration software click on the simulation icon in the toolbar, which already appears
"activated":
The simulation is now deactivated (see information in the message window) and the project
is saved automatically again and checked for use with the real safety module.
Exiting simulation mode is not the same as exiting the EASYSIM simulation.
Once the "Simulate Safety Controller" icon is selected again, the destination system is
reset in the configuration software, from the EASYSIM simulation to the real
PSR-TRISAFE-S safety module. This means that, essentially, the connection between
the configuration software and the simulation software is only interrupted. The EASYSIM
simulation application is not exited automatically (see below).
Additional information For additional information about the EASYSIM controller simulation, please refer to the
about operating EASYSIM "EASYSIM controller simulation" section in the online help for the SAFECONF configuration
software:
– Operating EASYSIM
– Simulating time sequences in EASYSIM expert mode
– Status of the EASYSIM simulation
The diagram below describes the simplified sequence, i.e., the general procedure, for
developing a configuration project and for starting up the PSR-TRISAFE-S safety module.
For detailed information, please refer to the specified sections and the SAFECONF online
help.
In SAFECONF:
Parameterize PSR-TRISAFE-S I/Os
(e.g., cross-circuit detection or ground switching
output).
Double-clicking on the representation of the
safety module in the hardware editor opens the
safe parameter editor (see page 4-15).
No
... Continued
(from B) Continued (A) ...
Switch on the PSR-TRISAFE-S (apply supply voltage, see page 3-16) and
connect to the USB interface of the PC (see page 3-11).
Alternative: Instead of using the safety module, check the function of the
safety logic using the EASYSIM simulation. To do this, switch to
simulation mode in SAFECONF using the SIM button. The project is
checked automatically. EASYSIM is minimized in the taskbar.
Continued
(from D) ... Continued (C) ...
Function test
completed without errors?
No
Yes
Documentation in SAFECONF
Complete the project information:
"Project" menu, "Project Information"
1. Ensure that:
– The PSR-TRISAFE-S safety module is switched on.
– The SAFECONF configuration software is installed on the configuration computer
(this installation also includes the required drivers).
– The SAFECONF configuration software is started.
– An IFS-CONFSTICK is inserted in the safety module. Otherwise the configuration
cannot be downloaded.
2. Connect the USB cable to the PSR-TRISAFE-S safety module (mini-USB connector,
5-pos., maximum cable length 3 m) and to a USB port on the PC.
Once the connecting cable has been connected, the correspondingly configured PC
detects the safety module automatically and indicates the safety module status at the
bottom right in the status bar (see Figure 4-1 on page 4-3).
"CONF" LED flashes during Status indicator for
data transmission PSR-TRISAFE-S
3. The project can only be downloaded to the PSR-TRISAFE-S safety module if you have
logged on in SAFECONF with the correct controller password. In the "Safe
Controller" menu, select "Log On", enter the controller password in the dialog box and
click "OK".
4. Provided that the current project has been checked and has no errors (see page 4-18
or the SAFECONF online help), the project loaded in SAFECONF can be downloaded
to the safety module by clicking on the following icon in the toolbar:
If the data transmission is interrupted during the download, please refer to "Problems and
solutions" on page 7-1.
5. Once data transmission has been completed successfully, the "CONF" status indicator
flashes slowly (approximately 1.5 Hz) and a corresponding message dialog box
appears in the configuration software.
Do not confirm this message yet, first complete the following step.
Please note:
6. Confirm the new configuration by pressing the "Confirm" button using a pen (see
Figure 5-6).
A
V
1
0V
A -0
2 1
P
O
S
A
0
R
2
-T
R
-
IS
R
T
W
0
A
M
F
P
TA
T
E
0
-S
A
D
T
R
1
R
E
M
F
T
N
I0
1
O
C
M
O
3
I1
0
O
I2
1
O
I3
2
C TIC
O
O K
S
N
3
F
I4
C
I1
O
I5
2
N
F
I1
IR
I6
3
M
I1
I7
4
I1
5
I8
I1
I9
6
I1
I1
7
0
I1
I1
8
1
I1
The safety module is then reinitialized (all status indicators are on briefly) and then switches
to safe normal operation (only "PWR" LED on).
If the safety module is not initialized correctly, proceed as described in "Problems and
solutions" on page 7-1.
Next steps Next, continue with the function test (see "Function test" on page 5-10).
Check values (CRC): To ensure that any distortions to the configuration data during
transmission to the safety module can be reliably detected, a check value (CRC) is
calculated in the configuration software when the project is checked. The safety module
also determines the check value for the downloaded data. If the check values on the
safety module and in the configuration software are identical, all data has been saved on
the safety module without distortion. If the check values differ, a corresponding error
message is output.
The check value (CRC) will also differ if subsequent modifications have been made to
the project in the configuration software, but have not yet been downloaded to the safety
module. A change to the product documentation can also modify the check value, for
example.
Configurations can not only be downloaded via the USB interface, but can also be
downloaded using the IFS-CONFSTICK. This is useful if no configuration computer is
available at an installation location or for transferring the configuration to a new device on
device replacement.
To replace the IFS-CONFSTICK, proceed as follows. This sequence ensures that the active
configuration is not overwritten by accidental insertion of an IFS-CONFSTICK.
Removing the 1. The IFS-CONFSTICK should not be replaced during operation. If the safety module is
IFS-CONFSTICK already running, proceed as follows:
a) First, shut down the machine.
b) Switch off the safety module.
c) Remove the current IFS-CONFSTICK.
Inserting the new 2. Insert the new IFS-CONFSTICK in the safety module, which is switched off. The
IFS-CONFSTICK IFS-CONFSTICK is mechanically keyed and cannot be inserted in the device
incorrectly.
3. Switch the safety module on and wait until it has initialized (all four status LEDs light up
once during initialization).
The safety module now detects the previously unknown IFS-CONFSTICK and
indicates this by making the "CONF" status LED flash.
4. Remove the IFS-CONFSTICK again.
5. Press the "Confirm" button on the device and hold it down.
A
1
while inserting the
24
A
V
1
0V
A -0
2 1
P
O
IFS-CONFSTICK
A
0
R
2
-T
R
-
IS
R
T M
W
0
A
M
F
P
TA
T M
E
0
-S
A
D
T M
R
1
R
E
T
N
1
O
C
3
1
I2
O
I3
2
C TIC
O
O K
S
N
3
F
I4
C
I1
O
I5
2
N
F
I1
IR
I6
3
M
I1
I7
4
I1
5
I8
I1
I9
6
I1
I1
7
0
I1
I1
8
1
I1
9
Figure 5-7 Pressing the "Confirm" button while inserting the IFS-CONFSTICK
7. Release the "Confirm" button once the IFS-CONFSTICK is inserted correctly. The
safety module now initializes with the new configuration.
If the safety module is not initialized correctly, proceed as described in "Problems and
solutions" on page 7-1.
When the IFS-CONFSTICK has been removed correctly, all of the safety module outputs
are FALSE. While the IFS-CONFSTICK is not inserted, the safety module has no function.
If the IFS-CONFSTICK is not removed correctly, the safety module also displays an error
message.
A project which is downloaded to the PSR-TRISAFE-S safety module is saved there and
can be uploaded to the PC and the configuration software again if required.
This may be required, for example, if a project has to be read from the safety module for
diagnostic purposes.
It is possible to upload a project from the safety module to the configuration software
without the controller password. However, to edit the uploaded project you will need the
correct project password.
4. Click "Yes" in the prompt dialog box that appears to confirm the upload.
5. Transmission from the safety module to the PC starts and a progress indicator is
displayed in the SAFECONF status bar.
6. If a project with the same name as the project which has just been uploaded already
exists on the PC, a prompt will appear where you must decide whether you want to
overwrite the project which is already loaded or not.
In this prompt dialog box, click:
– "Yes" to overwrite the data of the existing project with that of the project which has
just been uploaded.
Overwriting means that the current data will be lost and it will not be possible to
recover it.
– "No" to save the uploaded project under a different name or in a different directory.
The "Save Project As" dialog box appears. Here, select a directory, enter a file
name, and click on "Save".
7. You are now asked to enter the project password.
Once you have entered the password you can edit and check the project, load it to the
safety module, and start it up there as usual.
Validation Once the project has been loaded onto the PSR-TRISAFE-S safety module and executed
from this point (following manual confirmation), you must perform a function test to ensure
that the safety module is working correctly and, therefore, that the safety logic and all the
cabling are working correctly as well.
Online mode in To support you in this, you can switch the SAFECONF configuration software to online
SAFECONF mode so that online values can be read cyclically from the safety module and displayed in
the connection editor and the hardware editor.
Safety Once a safety demand has been triggered by activating the safe control devices, e.g., by
demand/monitoring pressing the emergency stop control device or opening the safety door, the behavior of the
signals safety logic can be analyzed precisely in the configuration software, as in online mode the
connection editor displays the value of every signal "live".
Connected/logged on 1. Connect the PSR-TRISAFE-S safety module, which is switched on, to the configuration
computer via the USB interface, start the SAFECONF configuration software, and log
on for the safety module.
The status bar in SAFECONF displays the following entry on the right-hand side.
2. Switch SAFECONF to online mode by clicking on the "Online Values" icon in the
toolbar:
The system can only display online values if the project in the safety module and the
project in the configuration system are identical. If you have made a change to a project
after startup (even something as small as moving an object is classed as a change), you
must check the project and send it to the safety module again before you can display
online values.
"Signal lines" and functional block connections are now displayed in the connection
editor in different colors, according to their state (TRUE/FALSE), and together with the
current values. The hardware editor also supports the function test through "lit" LEDs.
3. Now trigger a safety demand via the safe control devices. Monitor the response of the
machine and the configuration in the connection editor, which has been switched to
online mode.
Example:
Safety demand
103503a011.eps
Figure 5-8 Example of a function test for the safety system using SAFECONF online
mode
In addition to the mandatory function test using online mode (see "Function test" on
page 5-10), startup mode can also be used.
For example, instead of pressing the emergency stop control device or opening the safety
door, in startup mode you can force the signal corresponding to the safe control device in
the connection editor.
WARNING: The test in startup mode does not replace the proper function test.
The test of the safety application using startup mode must not replace the proper function
test using safe control devices. The test in startup mode may only be performed in
addition to the standard function test, as a preliminary test, for example.
Forcing signals in the online display of the connection editor directly controls the safety
module.
Once the supplementary function test has been performed in startup mode, exit startup
mode again. This resets forced signals.
Starting startup mode 1. In SAFECONF, select "Startup Mode" from the "Safe Controller" menu.
2. A message appears, alerting you to possible hazards. Click "Yes" in this dialog box to
exit safe mode and switch to standard startup mode.
Time limit: You have 30 seconds to change the operating mode (i.e., to click "Yes"). After
this time, a corresponding error message is displayed and "Startup Mode" must be
selected again in the "Safe Controller" menu.
The pink background of the status field in the configuration software status bar
indicates that the safety module is running in standard mode:
The connection editor still displays online values, i.e., signals and connections, which
are TRUE if green and FALSE if gray. The hardware editor is also visible in online mode.
Forcing signals 3. To force a signal in the connection editor, right-click on the corresponding signal and
select the "Force" command from the signal context menu.
6. A message dialog box appears, where you must expressly confirm the forcing
procedure once more. Click "Yes" to continue.
The signal remains at the forced value until the forcing function is reset.
Resetting forcing Right-click on the signal you want to reset and select the "Force" command from the context
menu. The "Force" dialog box opens.
In this dialog box you can either reset just the forced signal that is currently selected or all
forced signals.
If startup mode is exited while signals are forced, they will be reset.
Exiting startup mode To exit startup mode, switch back to "normal" online mode, which will cause the safety
module to run in a safe operating mode again.
1. In the "Safe Controller" menu, select the highlighted "Startup Mode" menu item (when
startup mode is active, the icon next to the menu item appears activated).
2. A confirmation dialog box appears, where "Yes" should be clicked to exit startup mode.
The yellow background of the status field on the right-hand side of the status bar
indicates that the safety module is running in safe normal operation again.
6 Application examples
Functional block help: Application examples are available in the online help for the safe functional blocks.
Application for each
The online help describes at least one typical application for each functional block and
functional block
shows the safety logic configured in SAFECONF as well as the wiring of the
PSR-TRISAFE-S safety module in the form of schematic views.
The online help also includes typical signal sequence diagrams, which illustrate the
behavior of each functional block.
The following application examples are included in the online help for the functional blocks:
– Single-channel and two-channel emergency stop circuits.
– Single-channel and two-channel safety door monitoring, with and without locking.
– Mode selector switch selection with locking of the set operating mode and manual
operating mode acknowledgment.
– Evaluation of a three-position enable switch with confirmation of the selected safe
operating mode.
– Parallel muting with two sensors.
– Evaluation of a light curtain connected via a single channel.
– Type II and Type III two-hand control devices.
7.1 General
Table 7-1 Solutions for general problems
Problem Solution
When the SAFECONF safe configuration Uninstall the safe configuration software,
software was launched, the installation then reinstall it by running the setup
check identified a faulty system file. program from the installation CD.
A corresponding message window is
displayed.
The operating system test routine has Install an operating system supported by
identified that you are trying to launch the SAFECONF (see "System requirements for
SAFECONF configuration software on an the SAFECONF configuration software" on
operating system that is not supported. page 2-15) or consult the technical support
team to find out whether a newer version of
SAFECONF is available, which supports
your current operating system.
An error has occurred (accompanied by a Please contact our technical support team.
corresponding message), which cannot be
removed using any of the measures
described here.
The SAFECONF safe configuration Please contact our technical support team.
software or one of its functions is not
behaving as described in the user
documentation or the online help.
Problem Solution
You have attempted to open a project, but The project concerned is damaged and can
the safety logic could not be loaded due to no longer be used.
a checksum error.
Use the latest backup copy of the project
A corresponding message window is (as described in the online help under
displayed. "Zipping and extracting projects").
If the problem persists, please contact our
technical support team.
During editing, a message window appears The project is closed automatically. You do
where the connection editor reports not have the opportunity to save the most
damaged data, a sporadic error or a recently made changes.
systematic error.
If the problem persists when the project is
reopened, please contact our technical
support team.
Problem Solution
A connection cannot be Proceed as follows:
established to the safety
Remove the USB connecting cable from the PC and safety
module. module, then reinsert it.
No
No
No
Yes
Yes
103503a020.eps
Problem Solution
Following acknowledgment of the newly 1. Switch the safety module off and on
loaded configuration, the safety module is again.
not initialized correctly ("Controller: Error" in 2. Download the project to the safety
the status bar and flashing "ERR" status module again and acknowledge the
indicator on the safety module). new configuration by pressing the
"Confirm" button on the device.
3. If the problem persists, please contact
our technical support team.
The safety module reports an internal error. Please contact our technical support team.
Section 1
Figure 1-1: Calling the online help in the SAFECONF configuration software ...... 1-8
Section 2
Figure 2-1: Typical structure of a safety system with PSR-TRISAFE-S ................ 2-1
Figure 2-2: PSR TBUS DIN rail connector from Phoenix Contact ........................2-3
Figure 2-3: Implementing a startup inhibit, restart inhibit, and stop category 0
for safe output O0 .............................................................................. 2-7
Figure 2-4: Implementing cross-circuit detection for an emergency stop
control device at inputs I0 and I1 of the safety module ....................... 2-8
Figure 2-5: Parameterizing cross-circuit detection for a module input ..................2-9
Figure 2-6: Simplified schematic view: Hardware diagnostics in the event of
an error at a safe functional block ....................................................2-10
Figure 2-7: Simplified schematic view: Wiring check .........................................2-11
Figure 2-8: Example of an online tool tip in the event of an error ........................2-12
Figure 2-9: Examples of tool tips in the connection editor in offline mode
(while editing the safety logic) ..........................................................2-12
Figure 2-10: Password protection for the PSR-TRISAFE-S and SAFECONF ...... 2-13
Section 3
Figure 3-1: PSR-TRISAFE-S safety module with screw connection (left)
or with spring-cage terminal blocks (right), on 35 mm EN DIN rail ..... 3-1
Figure 3-2: Block diagram for the PSR-TRISAFE-S safety module ...................... 3-2
Figure 3-3: Diagram: Possible operating modes (status) for the
PSR-TRISAFE-S safety module ........................................................ 3-3
Figure 3-4: Operating and indication elements of the PSR-TRISAFE-S
safety module .................................................................................... 3-4
Figure 3-5: PSR-TRISAFE-S signal connections .................................................3-7
Figure 3-6: Example application for ground switching outputs O0- and O1- ...... 3-10
Figure 3-7: Status bar in the SAFECONF configuration software
(safety module already contains a configuration project) ................. 3-11
Figure 3-8: IFS-CONFSTICK on the PSR-TRISAFE-S .......................................3-12
Figure 3-9: Mounting PSR TBUS DIN rail connectors ........................................ 3-14
Figure 3-10: Attaching the PSR-TRISAFE-S safety module to the DIN rail ..........3-14
Figure 3-11: Connecting the supply voltage at A1/A2 and 24V/0V ....................... 3-16
Figure 3-12: Connection to screw terminal blocks (left) and spring-cage
terminal blocks (right) ...................................................................... 3-17
Section 4
Figure 4-1: SAFECONF user interface ................................................................. 4-3
Figure 4-2: Safe functional blocks in the toolbox (excerpt) ...................................4-5
Figure 4-3: Project Wizard for creating a new configuration project,
using a project template ...................................................................4-10
Figure 4-4: Inserting safe functional blocks and functions from the toolbox
in the connection editor .................................................................... 4-11
Figure 4-5: Opening the hardware editor with the auto-hide function
enabled ............................................................................................4-12
Figure 4-6: Inserting a signal in the connection editor ........................................ 4-12
Figure 4-7: Connecting objects using a line .......................................................4-14
Figure 4-8: Connecting unconnected signals to functional blocks or
functions using drag & drop .............................................................4-14
Figure 4-9: Opening the device parameterization editor for all I/Os ...................4-15
Figure 4-10: Opening the device parameterization editor for one specific I/O ...... 4-15
Figure 4-11: Opening the device parameterization editor via the context
menu ................................................................................................ 4-16
Figure 4-12: Modifying device parameters in the device parameterization
editor ...............................................................................................4-16
Figure 4-13: Setting the device parameter for the use of ground switching
output O0- ........................................................................................ 4-17
Figure 4-14: Jumping to an error location in the safety logic from the message
window when checking the configuration project ............................. 4-18
Figure 4-15: Documenting signal assignment in the "Assignment Map"
dialog box ........................................................................................ 4-19
Figure 4-16: Simulation of the safety module in SAFECONF ............................... 4-21
Figure 4-17: Icon for simulation mode, "not activated" and "activated" ................4-22
Figure 4-18: EASYSIM icon in the Windows taskbar ............................................4-22
Section 5
Figure 5-1: Flowchart: Configuration from A to Z (1 of 3) ..................................... 5-1
Figure 5-2: Flowchart: Configuration from A to Z (2 of 3) ..................................... 5-2
Figure 5-3: Flowchart: Configuration from A to Z (3 of 3) ..................................... 5-3
Figure 5-4: USB connection between PC and safety module ............................... 5-5
Figure 5-5: Message dialog box following successful data transmission ............. 5-6
Figure 5-6: Confirming the configuration with the "Confirm" button ...................... 5-6
Figure 5-7: Pressing the "Confirm" button while inserting the
IFS-CONFSTICK ............................................................................... 5-8
Figure 5-8: Example of a function test for the safety system using
SAFECONF online mode ................................................................. 5-11
C
F
Cable lengths to sensors/control devices................. 3-17
Forcing........................... 3-11, 4-2, 4-21, 4-22, 5-2, 5-12
Category 4 according to DIN EN ISO 13849 .............. 1-4
Forcing signals, see Forcing
Check values (CRC) ................................ 4-18, 4-20, 5-7
Function test .............................................. 5-2, 5-7, 5-10
Checking and downloading the project 4-18, 5-1, 5-2, 5-5
Functional blocks with startup or restart inhibit........... 2-6
Communication between the PSR-TRISAFE-S and
SAFECONF ...................................................... 2-2, 3-11 Functional blocks/functions, safe ................. 1-7, 4-5, 6-1
Configuration project, see Project Functions/functional blocks, safe ................. 1-7, 4-5, 6-1
Connecting objects in the connection editor............. 4-14
Connection editor 2-2, 2-11, 3-7, 4-3, 4-11, 5-1, 5-10, 7-2 G
Connections on the PSR-TRISAFE-S ........................ 3-7 Ground switching outputs O0-, O1-.......... 3-1, 3-10, 4-17
Controller password, see Password protection GuardLocking (safe functional block).................. 2-6, 4-7
Creating a project.............................................. 4-10, 5-1 GuardMonitoring (safe functional block) ............. 2-6, 4-7
Cross-circuit detection ....... 1-2, 2-8, 3-8, 3-9, 4-13, 4-16 Guideline for test and certification GS-ET-26 ............. 1-5
Cross-circuit protection ............................................ 3-10
H
D Hardware diagnostics ................................................ 2-9
Device parameterization editor .................. 2-8, 4-15, 7-2 Hardware editor . 2-8, 3-7, 4-2, 4-4, 4-11, 4-15, 5-1, 5-10
Diagnostics
Hardware diagnostics........................................... 2-9 I
Online tool tips.................................................... 2-12 IFS-CONFSTICK ......................... 2-2, 3-6, 3-12, 5-4, 5-7
Status indicators................................................. 2-12 Downloading the configuration to the PSR-TRISAFE-S
Wiring check....................................................... 2-11 using IFS-CONFSTICK ........................................ 5-7
DIN rail connector, see PSR-TBUS DIN rail connector Inserting functional blocks in the connection editor .. 4-11
DIN rail, see 35 mm DIN rail Inserting functions in the connection editor .............. 4-11
Directives ................................................................... 1-5
Inserting signal inputs and outputs in the connection editor PSR-TRISAFE-S........................................................ 2-5
4-11 "Confirm" button ................................................... 3-6
Intended use ....................................................... 1-7, 3-9 Alarm outputs M0 - M3 ......................................... 3-9
Behavior with no IFS-CONFSTICK.............. 3-12, 5-8
L Clock outputs T0, T1 ..................................... 2-8, 3-9
LEDs for inputs and outputs ....................................... 3-6 Connecting the signal lines................................. 3-17
Low Voltage Directive 2006/95/EC............................. 1-5 Connecting the supply voltage ........................... 3-16
Connection terminal blocks .................................. 3-1
M Cross-circuit detection ......................................... 2-8
Machinery Directive 2006/42/EC......................... 1-5, 2-4 Diagnostic and status indicators........................... 3-4
Machinery Directive 98/38/EC.................................... 1-5 Diagnostic tools.................................................... 2-9
Method of operation of the PSR-TRISAFE-S system . 2-1 Downloading the configuration using the IFS-
CONFSTICK ........................................................ 5-7
MINI-SYS-PS system power supply unit .................. 3-16
Ground switching outputs O0-, O1- .................... 3-10
MINI-SYS-PS, system power supply unit ................. 3-16
Hardware description ........................................... 3-1
ModeSelector (safe functional block) ......................... 4-7
I/O device error detection ..................................... 2-8
MutingPar (safe functional block) ............................... 4-8
IFS-CONFSTICK, see IFS-CONFSTICK
MutingPar_2Sensor (safe functional block)......... 2-6, 4-8
Installation .......................................................... 3-13
MutingSeq (safe functional block) .............................. 4-8
LEDs for inputs and outputs ................................. 3-6
Operating and indication elements ....................... 3-4
O Password protection........................................... 2-13
Online help................................................................. 6-1 Possible operating status ..................................... 3-3
Call ......................................................... 1-8, 4-2, 4-9 Safe outputs O0 - O3............................................ 3-8
Online tool tips in the connection editor.................... 2-12 Safety functions, possible..................................... 2-4
Outputs O0 - O3........................................... 3-1, 3-7, 3-8 Signal inputs......................................................... 3-7
Status indicators................................................. 2-12
P Supply outputs A1, A2.......................................... 3-9
Parameterization editor ............................................ 4-15 Supply voltage via the MINI-SYS-PSI system power
Parameterizing inputs and outputs .................... 4-15, 5-1 supply unit .......................................................... 3-16
Password protection ......................................... 2-13, 5-9 System overview .................................................. 2-1
Performance level PLe according to DIN EN ISO 13849.. Uploading the project ........................................... 5-9
3-8 USB interface ..................................................... 3-11
Personnel, requirements ............................................ 1-1 Using the system.................................................. 2-4
Power supply for sensors and control devices ........... 3-9 PSR-TRISAFE-S confirm button 2-5, 3-4, 3-6, 5-2, 5-6, 5-7
Printing parameters.................................................. 4-17 PSR-TRISAFE-S connection terminal blocks.... 3-1, 3-17
Problems and solutions.............................................. 7-1 PSR-TRISAFE-S diagnostic and status indicators ..... 3-4
Project configuration and startup, overview................ 5-1 PSR-TRISAFE-S inputs ............................................. 3-7
Project documentation ...................................... 4-19, 5-3 PSR-TRISAFE-S installation .................................... 3-13
Project password, see Password protection PSR-TRISAFE-S mounting ...................................... 3-13
Project Wizard.......................................................... 4-10 PSR-TRISAFE-S operating and indication elements . 3-4
PSR-TBUS DIN rail connector ................. 3-4, 3-14, 3-16 PSR-TRISAFE-S operating status ............................. 3-3
Module communication ........................................ 2-3 PSR-TRISAFE-S removal ........................................ 3-15
PSR-TRISAFE-S signal inputs ................................... 3-7
PSR-TRISAFE-S status indicators .................... 2-12, 3-4
PSR-TRISAFE-S supply voltage .............................. 3-16
PSR-TRISAFE-S system description ......................... 2-1
U
Uploading the configuration from the PSR-TRISAFE-S....
5-9
Uploading the project from the PSR-TRISAFE-S ....... 5-9
USB interface...................................... 2-2, 3-11, 5-4, 5-7
Use, intended...................................................... 1-7, 3-9
W
Wiring check ............................................................ 2-11
Wiring documentation .............................................. 4-19