Industrial Ethernet: Safety over Ethernet

March 5, 2014
In this second blog post covering highlights from the Profinet panel discussion at this year’s ARC Forum, industry experts weigh in on whether or not safety over Ethernet is ready for prime time.

In my last blog post, which related system integrator experience with Profinet diagnostics, the general consensus was that system diagnostics enabled by industrial Ethernet has proven to be one of the key factors in expanding the Ethernet’s use in manufacturing. As David Heyman of KUKA Robotics pointed out, using Profinet diagnostics has reduced KUKA's time needed for robotic system commissioning and debugging from 12 hours down to about half an hour.

Though having improved system diagnostics over Ethernet is clearly an advantageous tactic for everything from commissioning to daily operations, running safety over Ethernet is one of those topics that can be as divisive as the subject of industrial Ethernet itself once was.

There remain two camps on the issue of safety over Ethernet. One side claims it’s perfectly viable while the other maintains that safety communications should travel over their own, separate network to ensure timely transmission and receipt of any safety-related communications.

The Profinet panelists (see previous blog for a list of all panelists) were all in agreement that none of them saw any issue with running safety communications via ProfiSafe over the same Ethernet cable used to send other industrial network communications. After hearing this panel-wide affirmation of safety over Ethernet, one audience member pointed out that a presenter from Exxon Mobil, who had spoken earlier at the ARC Forum, had gone into great detail about IEC 61508 addressing functional safety and 61511 for functional safety in safety instruments systems. The audience member noted that, as part of the presenter’s points about these standards, he discussed the importance of isolating safety networks. Having heard what the presenter from Exxon Mobil had to say about isolated safety networks, the audience member asked the panel: Are you recommendations [regarding ProfiSafe] in line with these directives (i.e., IEC 61508 and 61511)?

“I have no feedback that we are not in compliance,” responded David Loveridge, senior control engineer and partner at ICR Engineering. “ProfiSafe is much safer than an e-stop running on a regular control relay.”

Loveridge added that it’s impractical to install separate networks on an automation system retrofit. “If we have one network involved, it’s easy to add safety to it and expand it as needed. I don’t see any reason why you would want to have a dedicated safety network for a safety system.”

Underscoring the overall importance of safety and the responsibility he and his company bear for it, Loveridge added: “As an integrator we are responsible for safety if [one of our projects] were ever investigated.” ICR has selected the devices and networks it uses because “we need something we can trust. We require documentation that the equipment we implement has been tested to international standards so that we can stand behind it.”

Peter Karcz of Fori Automation concurred with Loveridge’s comments about the lack of need for a separate safety network. “We have embraced ProfiSafe and are using it on an automated guided vehicle product with mobile HMI that’s moving 100,000 pounds of airplane parts around a plant. I know everything about it is safe,” he said.

As an engineering services provider, Karcz noted that “my challenge always is about how many components I can remove from the system.” So anywhere functions can be effectively and reliably bundled—such as safety over Ethernet—that will become a preferred method.

Heyman added that KUKA Robotics has also started using ProfiSafe and has experienced significant savings on material cost compared to running a separate safety network.  KUKA's experience to date with the technology has confirmed expectations that ProfiSafe is delivering a viable safety network. “Numerous customers and end users have gone through all the safety documentation and testing to make sure we have met all their requirements for safety,” Heyward noted.