Skip to main content

How to implement

First of all we should make sure, that we obtain all the necessary and helpful literature for our work that is available from PI (see literature box). More is available on the PI website. Use the denoted or later versions. A previous version V1.30 of the PROFIsafe specification is available for information only and should not be used for new product developments.

  • PROFIsafe Policy V1.3; Order No. 2.282
  • PROFIsafe - Profile for Safety Technology on PROFIBUS DP and PROFINET IO, V2.4; Order No. 3.192b or IEC 61784-3-3
  • PROFIsafe - Environmental Requirements, V2.5; Order No. 2.232
  • PROFIsafe - Test Specification for F-Slaves, F-Devices, and F-Hosts, V2.1; Order No. 2.242
  • PROFIsafe for PA-Devices, V1.0; Order No. 3.042
  • PROFIdrive on PROFIsafe, V2.0; Order No. 3.272
  • Rapid way to PROFIBUS DP; Order No. 4.072
  • Rapid way to PROFINET; Order No. 4.182
  • Specification for PROFIBUS Device Description and Device Integration, Volume 1: GSD, V5.04; Order No. 2.122
  • GSDML Specification for PROFINET IO, V2.1; Order No. 2.352
  • Profile Guideline, Part 1: Identification & Maintenance Functions, V1.1; Order No. 3.502
  • Profile Guideline, Part 2: Data types, Programming Languages, and Platforms, V1.0; Order No. 3.512
  • Profile Guideline, Part 3: Diagnosis, Alarms and Time Stamping, V1.0; Order No. 3.522
  • Communication Function Blocks on PROFIBUS DP and PROFINET IO, V2.0; Order No. 2.182

Next you should study at least the basic safety standard IEC 61508 or get some consultancing on what needs to be established in your development processes and in your organization to achieve the necessary safety for your device. As a general rule it is not possible to turn a standard device into a safety device just by implementing the PROFIsafe protocol. The architecture of the safety technology together with the protocol and the manner in which both are implemented define the final SIL of the device.

Safety classes

You have two choices for the implementation of the PROFIsafe driver software. Either use the specification and do it from scratch or use a development kit available on the market. See the product guide on the PI website for further information. The advantage of using a development kit is obvious: precertified driver software, additional valuable information and tools, and technical support.

For the PROFIBUS and PROFINET interface, you can use any of the available ASICs and layer stacks and adapt the PROFIsafe driver software.

F-Devices

You have two choices for the implementation of the PROFIsafe driver software. Either use the specification and do it from scratch or use a development kit available on the market. See the product guide on the PI website for further information. The advantage of using a development kit is obvious: precertified driver software, additional valuable information and tools, and technical support.

For the PROFIBUS and PROFINET interface, you can use any of the available ASICs and layer stacks and adapt the PROFIsafe driver software.

Securing GSD

For every device on PROFIBUS or PROFINET, a General Station Description (GSD file) is necessary. After defining the common part of the GSD for an F-Device, the coding of the F-Parameters is necessary. This section of the F-Parameters must be protected by a special CRC signature ("F_ParamDescCRC") against data corruption on storage media. A configuration tool can check the data integrity of the F-Parameter description section utilizing this special signature, which is part of the GSD file.

Securing configurations

The GSD file also contains descriptions for the F-Input and/or F-Output formats. In order to secure this part of the GSD file, another CRC signature ("F_IO_StructureDescCRC") is used.

iParameter

According to the many different safety device technologies there is a huge variety of individual safety parameters (iParameter).

The amount of iParameters ranges from a few bytes for an F-Module up to several tens of kbytes for a laser scanner. For most of the safety devices, special parameterization and diagnostic software tools (CPD-Tool) already exist: therefore it did not make sense to handle iParameters via the GSD.

PROFIsafe therefore recommends using a new mechanism, the so-called iPar-Server. It is the responsibility of F-Host manufacturers to provide this capability, whether it is realized within the non-safety part of an F-Host as the parameterization master or within a controlled subsystem such as a non-safety PLC or an industrial computer on the same network.

Figure 11 demonstrates the principle steps of the iPar-Server mechanism via an example. Together with the network configuration and F-Parameterization of an F-Device, an associated iPar-Server function is instantiated (1). The F-Device is able to switch into the data exchange mode while using a safe state (FV). An associated CPD tool can be launched via an appropriate interface (2) such as TCI (Tool Calling Interface) or FDT (Field Device Tool) from the engineering tool, propagating at least the node address of the configured device. Parameterization, commissioning, test, etc., can be executed with the help of the CPD tool (3). After finalization, the iPar_CRC signature is calculated and displayed in hexadecimal form for (at least) copying and pasting of this value into the "F_iPar_CRC" entry field of the configuration part of the engineering tool (4). A restart of the F-Device is necessary to transfer the "F_iPar_CRC" parameter into the F-Device (5). After final verification and release, the F-Device is enabled to initiate an upload notification (6) to its iPar-Server instance. It thereby utilizes the standard diagnosis mechanism. The iPar-Server polls the diagnosis information (e.g. RDIAG FB) to interpret the request (R) and to establish the upload process (7), storing the iParameters as instance data within the iPar-Server host using acyclic services (Read Record).

After the replacement of a defective F-Device, the new F-Device receives its F-Parameters, including the "F_iPar_CRC", at start-up. As iParameters are normally missing in a replacement or a non-retentive F-Device, it recognizes a difference between the "F_iPar_CRC" and its stored iParameters and initiates a download notification (6) to its iPar-Server instance, again using the standard diagnosis mechanism. The iPar-Server polls the diagnosis information to interpret the request (R) and to establish the download process (Write Record). Through this transfer the F-Device is enabled to provide the original functionality without further engineering or CPD tools.

PROFIdrive

The IEC 61800-5-2 defines some safety features for drives with integrated safety. These features comprise a group of stopping functions:

  • Safe torque off (de-energize)
  • Safe stop 1
  • Safe stop 2
  • Safe operating stop

And a group of monitoring functions:

  • Safely limited acceleration
  • Safely limited speed
  • Safely limited torque / force
  • Safely limited (absolute) position
  • Safely limited increment
  • Safe direction
  • Safely limited motor temperature

Figure 12 illustrates how electromechanics are replaced by electronic safety stops and monitoring functions. One major objective is to mainly monitor the opeartions of the drive control and to de-energize only in case of failures. The working group "PROFIdrive" within PI is specifying parts of these functions in a special amendment to their PROFIdrive specification (see literature list).

PA-Devices

F-Devices for process automation follow the sector standard IEC 61511, which takes into account the particular aspect of "proven-in-use". Under certain conditions a PA Device may achieve a better SIL if it is proven-in-use. PA Devices usually follow the design models of IEC 61804. The Electronic Device Description (EDD) plays an important role here. Therefore, the PI working group "PA Devices" also specified, within a separate amendment to their PA Device specification, how to use the PROFIsafe platform for their devices and parameterization methodologies (see literature list).

I&M functions

Since 2005 the so-called I&M functions are mandatory for all PROFIBUS devices providing acyclic services. I&M stands for Identification and Maintenance and allows retrieving information about the device's manufacturer code, its catalog and serial number, and its hardware and software versions in a standardized manner. Via the manufacturer code and additional information on the PI website, the user can be directed to the most current product information on the manufacturer's website. See the Profile Guideline (literature list).

Diagnosis

One of the major advantages of PROFIBUS and PROFINET is the possibility for devices to report diagnosis information to the operator in exceptional situations such as failures or errors. Good diagnosis information helps in reducing down times of facilities and thus costs. The concepts not only cover how to code the information but also how to provide foreign language support and how to provide HELP information on what to do in a particular situation. See the corresponding Profile Guideline (literature list).

F-Host

Depending on the strategy of system manufacturers, different kinds of architectures for F-Hosts with PROFIsafe communication are possible: stand-alone F-CPUs or integrated but logically separated safety processing within standard CPUs.

Possible structures

Safety processing also can be realized in many different ways: for example via hardware redundancy and discrepancy checking or via "software redundancy" or via "safeguarding" or by using already existing diverse hardware platforms. Due to the many different possibilities it did not make sense to create development kits, especially since the effort to implement the PROFIsafe driver is so minimal.

Conformance classes

In order to ensure that all F-Devices will be supported by all the PROFIsafe F-Hosts on the market, PROFIsafe specifies conformance classes for F-Hosts. PROFIsafe F-Hosts shall meet the requirements of these conformance classes as a precondition for PI certification (Figure 13).

Competence Centers

PROFIBUS is a standardized, open, digital communications system for all areas of application in manufacturing and process automation.

PROFINET is the innovative open standard for Industrial Ethernet. It satisfies all requirements of automation technology..

IO-LINK is an independent sensor / actuator interface solution for use with PROFIBUS and PROFINET.