Siemens safety or fail safe technology
Siemens safety or fail safe technology
(OP)
Hi guys, about fail-safe technology/signals, for what i read it is force plant into safe state after shut-down. I work in paper industry, and for the press section of the paper machine there are some fail safe signals. Practically i know (correct me if i am wrong), that unlike standard signals, for fail-safe we double (physically) signals(the master or first signal and the same compared signal) and if one of them fail we have a fault. How this help to increase safety for the machine and the people , compare to standard (non fail-safe) signals. Thank you in advance





RE: Siemens safety or fail safe technology
I am absolutely certain that the G.E. nuclear generating stations and systems that blew-up in Japan, were "fail-safe" according to someone. I hope that standards have risen.
Using primary and alternate signals or checksum schemes are common for various systems, but niether are failsafe, nor are systems with "hot backup", RAID, or UPS, simply because they have some limited "fault tolerant" aspects.
To be truly a fail-safe system, a start-up protocol and sequence must be followed, and many elements or sub-systems will need to be over-ridden and also brought through individual starting or readying sequences. Interlocking must be correctly used to disable incorrect startup and shutdown sequencing.
Fail-safe control systems or signalling networks must be used to allow the plant to enter a "run" or "ready" state, and the plant must shut-off in an orderly fashion without any intervention when that "ready" condition is interrupted or lost for whatever the safe "carry over" time is determined to be. A fail-safe control system typically can, and does, produce output which is of unacceptable quality at the beginning and/or end of "run" cycles, but that output is not unsafe to the plants operators, surrounding environment, or mechanism.
.
(Me,,,wrong? ...aw, just fine-tuning my sarcasm!)
RE: Siemens safety or fail safe technology
There are no fail-safe systems.
They can fail safe under certain circumstances. And for a limited time. And as long as assumed operating conditions, which may include widely varying supply voltage, pressure, temperatures, vibration, pollution, corrosion, human shortcomings, rodent, fungus, objects falling out of the sky, earth-quakes (Keith had one the other day), floods and other common phenomena. But, the list is not complete. And even if the a system is able to fail safely under one of the circumstances mentioned in the list - what if two of them hit at the same time? Or if something unexpected, not in the list, happens?
Personally, I have seen so many unexpected things happen during my 50+ activity in industrial automation that I refuse to accept Fail Safe any more than I accept the idea of life after death.
Not even Fail Gracefully seems to be a practical reality. The best one can hope for is Fail With Reduced Damage. But Nature finds ways to circumvent even that.
Much more could be said about Fail Safe. But be aware that it is mostly a snake oil peddling term. Experience, knowledge and enough time to implement and test a system is essential. The redundancy, check-sum or even simple choice of active polarity techniques work when it comes to HW or certain SW fails. But, there should be supervision included in the system. A redundant system that carries on without indicating that there is a problem will be no better than a non-redundant system.
One quite elaborate system that I have worked with had three parallel computers doing exactly the same thing and there was a bus cycle supervision so that, if one system deviated from the others, the deviating system was switched off and the two "agreeing" systems carried on controlling the system. It looked very good, in theory, but having a problem in the system also meant that the speed (commuter and subway trains) had to be reduced to around 20 mph. And that happened so often that the system became useless. Good intentions and the way to Hell...
Gunnar Englund
www.gke.org
--------------------------------------
Half full - Half empty? I don't mind. It's what in it that counts.
RE: Siemens safety or fail safe technology
Redundancy helps to achieve a fail safe design by decreasing the probability of failure on demand, in a 1oo2 voting scheme. i.e. when you push a stop button the machine stops. Continuing with this example, and to complement our fail safe design we can use a de-energize to stop input signal. For example the stop switch would be normally energized when the equipment is running, if the stop push button is pressed, the input signal is de-energized and the machine shuts down. This positive feedback (switch input) during normal operation helps us detect a faulty switch, circuit and/or loss of power.
It is important to remember that more (redundancy) is not always better. By adding the extra input and voting as described, we introduce another concept known as spurious trip. In other words, we are quite certain the machine will stop when we press the button, however since there are 2 buttons we have increased the likelihood that the machine will shutdown due to faulty switch, circuit, etc...Equipment shutdown also has consequences such as loss of production, increased personnel risk during machine stop/start, etc...
So there is no one size fits all and more is not always better. The need and requirements for a fail safe design are determined by folks who have experience in reliability engineering, functional safety and process engineering.