There’s good news for manufacturers who work hard at protecting their employees and equipment. They needn’t put forth quite as much effort. Automation technology has progressed to the point that operators can stop automated machinery safely without shutting down the control and power completely. This generation of technology is simpler, making it faster to install and less cumbersome to use. And in the end, it’ll be cheaper and safer.
A case in point is the skid conveyors that Detroit-based automaker General Motors Corp. uses to transport car bodies through its body and paint shops. The controls on many of these conveyors contain new safety architecture designed by SEW-Eurodrive Inc., in Lyman, S.C. This approach uses a separate 24-volt DC circuit powered through a safety relay, instead of separating the drive from the 480-volt supply circuit with the more conventional galvanic means—contactors.
The 24-volt DC signal from the relay performs two basic functions: It feeds the portion of the processor generating the switching signal that fires the power transistors, and it generates the gate voltage that actually fires the transistors. This arrangement disconnects the rotating field generation from the motors, preventing them from developing any torque, even though power is still present. The result is a low-voltage architecture that conforms to the EN954-1 (European Norm) safety standard.
“Most other devices on the market could stop motion only through careful use of redundant components, typically in the medium-voltage section of the circuit,” says Hans Rodgers, an engineer at GM. "We used to put tow contactors in series between the 400- or 480-volt motors and controllers to meet control reliability."
Eliminating them on each drive reduces the number of components and amount of wiring. Consequently, the panels are cheaper and faster to put together. SEW estimates the savings in just hardware at $650 for each five-horsepower drive. It also points out that the architecture’s simplicity makes it more reliable. “When you add up the savings in components, wiring and maintenance, you’re probably talking about savings of at least $1,000 for every drive in a plant,” says Rich Mintz, electronics product manager at SEW.
Even more savings accrue when you count eliminating lost production time from nuisance emergency-stops, or E-stops. Because the 480-volt power is not interrupted, GM’s conveyors need not wait for the DC-bus to discharge to prevent it from wearing excessively or exploding when turned back on too quickly. Consequently, recovery can occur in seconds when operators use an E-stop inappropriately as a means to stop production.
“If you have someone tripping an E-stop several times a day—let’s say three times a day in a typical plant—with five minutes spent waiting until a drive can be restarted safely for every stop, then that’s 15 minutes a day in lost production,” says Mintz. Even more time is lost when several drives are on a circuit. “You can’t turn them all back on at once, because it would cause too much current inrush.”
This simplification of the safety architecture has broader implications for managing operations. First, it simplifies duplicating the technology elsewhere, which is especially important to large companies such as General Motors.-The automaker adheres to internal guidelines for introducing new technology in steps, and installing common systems that streamline support across many operations. “If our people see the same circuits from one area of a plant to the next, that allows us to use our skilled trades and engineers much more efficiently,” says Rodgers. Likewise, once engineers and technicians solve a problem at one plant, that expertise will be available to all of the company’s plants.
The second implication of the simpler architecture is that it lays the foundation for applying safety programmable logic controllers (PLCs). Rodgers describes the ability to stop motion by disabling torque generation at the motor as a step toward each drive becoming a node on a safety network. The safety PLCs overseeing such networks not only increase savings, but also ensure that only certified experts have access to the safety logic. “We want the safety logic to be proven and locked down so [unauthorized] people aren’t as likely to make an inadvertent mistake,” he says. For this reason, large companies such as GM are eager for the safety architecture to be certified and approved for use.
Safer, yet cheaper
With all of this talk about using safety PLCs and other devices to reduce redundant circuitry, some might wonder whether the industry is cutting costs at the expense of safety. Experts say no. Although the requirements for redundant circuitry might seem to be looser, they aren’t really. Rather, the new standards are simply making room for a new generation of safety devices pioneered mostly by European companies. These devices have redundant circuits and software already built into them, which not only amortizes the cost of designing and proving them over a much larger base, but also embeds safety much more deeply into the machinery.
“A safety-rated system can always be checking a switch, for example, that is supposed to be off,” says J.B. Titus, manager of business development and industry standards at Siemens Energy & Automation Inc., in Norcross, Ga. The software would check it two ways, in time-bound and diverse languages. “As long as the two diverse software programs are confirming that the switch is turned off, then it’s known that it’s safe to go into the machine.”
Another example of this kind of circuitry is inside the safety-rated drives that have become available in the United States. “An area within the drive called the triax initiates the signal to move to create motion,” explains Titus. “The safety portion of the drive is designed to ensure that no power can be applied to the triax.” Consequently, opening the doors of a lathe fitted with this generation of safety-rated devices would cut the power only from the appropriate actuators. The controller would still have power and know where the workpiece and cutting tool are.
For this reason, Elau Inc., of Schaumburg, Ill. is one of a growing number of companies striving to stop the axes of its packaging machines under power. Simply cutting the power when someone opens a door or hits an emergency stop causes the motors to coast to a stop, a practice that has two negative effects.
“First, sometimes the inertia is too large for the machine to stop right away,” explains Joe Landgraf, Elau applications engineer. So in these cases, stopping under power could be faster and hence safer.
“Second, if it didn’t stop in a synchronized, controlled fashion, the different axes might not be in the correct relation to one another, causing crashes or damage to the product or machine on startup,” adds Landgraf. Because modern packaging machines can have 20 or more axes of motion, finding their positions and synchronizing them again at startup can be a chore that eats away at valuable production time.
For these reasons, Elau offers an inverter-enable function that stops the machine in an organized, synchronized fashion before cutting power to the motor. Besides the controlled stop, another of the benefits is that it reduces wear and tear on costly contactors. “Every time you open and close a door, which happens pretty frequently in a packaging environment, you open the contacts, which causes premature wear,” notes Landgraf. So the technique is both safer for people and better for the machinery.
“When you add up the savings in components, wiring and maintenance, you’re probably talking about savings of at least $1,000 for every drive in a plant.”
Exploiting distributed intelligence
Some builders of machine tools, printing presses, packaging machines and other tightly integrated equipment are exploiting the distributed intelligence in their servo drive technology. Because a microprocessor in the drive handles the velocity, position and control loops of the motor, the local intelligence can stop or slow motion while the main control is still running. Machine builders then have more flexibility in designing ways to protect the operator and the machine—and boost productivity.
Consider the experience of SIG Asbofill, a builder of aseptic bottle-filling machines, based in Neuss, Germany. Using IndraDrive drives from Bosch Rexroth Corp., of Hoffman Estates, Ill., its engineers enhanced the safety and efficiency their new ABF 610 bottle filler with a safety system that exploits this distributed strategy.
The highly synchronized machine fills 100- to 750-milliliter plastic bottles with juices and dairy beverages at 25 cycles per minute. It has five functional units, and 13 servo axes control the indexing mechanism in-feed, out-feed, sterilization and capping stations. At the heart of the machine, servo-driven tubes spray peroxide inside the bottles and dry them with hot air. After filling the bottles, the machine then closes the filled bottles with pre-sterilized screw caps.
Some of the drives were fitted with Bosch Rexroth’s integrated safety technology, which allows the drives to monitor their own motion, rather than relying on external monitoring devices. Self-monitoring avoids the switching delays that are inherent in external monitoring systems. The ability to react much more quickly permitted the builder to design a safe mode that allows the operator to move freely inside the machine without cutting the power. Afterward, the machine can continue production without time-consuming restart, recalibration or resynchronization routines.
According to Bosch Rexroth, its technology offers builders a few levels of safety. The first is a lockout mode that holds the motor with or without torque, depending on the need, when the operator needs to enter a work area. The second involves a safety input/output (I/O) that allows cross-checks to prevent people from circumventing safety devices.
“To avoid downtime, operators sometimes will defeat a gate-security switch to enter or reach into a machine to make an adjustment while the machine is still in full-speed production,” notes Rick Rey, product manager of electric drives and controls at Bosch Rexroth. “With cross-check comparison, there’s no chance of cheating the system.”
The safety I/O also allows machine builders to program into the drives a safe mode similar to the one on the Asbofill machine. For example, they might have the drive go into a safe mode that slows the machine or loading equipment to a safe velocity when the operator opens the gate to enter the work envelope. Because the safety I/O can accept as many as four inputs, the drive also can lock the appropriate drives when the operator enters a higher-security zone protected by a light curtain or some other device.
“The machine can go back to a safe motion when the operator completes his task and backs away from the light curtain,” says Rey. “As he exits the gate, the machine can switch back to normal mode without going through a recovery routine.” This ability to save time and be safe is good news for conscientious manufacturers who want to stop their machinery safely without breaking the bank.
For more information, search keyword "machine safety"at www.automationworld.com.
