M580 Safety Configuration

Chapter 7 - Redundant M580 Safety 341 PHYSICAL CHARACTERISTICS The characteristics of Redundant M580 Safety is similar to the Modicon M340 range of PLC, this is because the Redundant M580 Safety has been designed to take advantage of existing components of the market leading M340 offer. The physical size of the processor module occupies two slots of the backplane and is slightly longer in size, therefore the processor hangs slightly lower (approx. 30mm / 1.16in) than the rest of the M340 / X80 module range. The CPU must be installed across slots 0 and 1 of the local rack. Similar to the M580 CPU, there are two connectors on the back of the processor module. The two connectors allow the Redundant M580 Safety to have Ethernet (2) connectivity on the Ethernet backplanes and alongside with the existing X-Bus (1) connectivity of the M340 / X80 modules. The Redundant M580 Safety system requires one PAC with its switch set to A (CPU A) and the other PAC with its switch set to “B” (CPU B). The Redundant M580 Safety system uses the same Safety Coprocessor module as the standalone Safety CPU Note: If the A/B/Clear rotary selector switch is on CLEAR, at power on, the application will be erased from both internal flash memory and the SD card. One or both Redundant CPUs will stay at WAIT state if there are two PAC stations with switches assigned to the same value. If one already in PRIMARY mode, the other will remain in a WAIT state. Configuration Training

342 Chapter 7 - Redundant M580 Safety MODULE OVERVIEW There are three Redundant M580 Safety CPU models. They offer scalability through performance, memory levels and the architectures that can be supported by the embedded communication ports. ➢ BME H58 2040S ➢ BME H58 4040S ➢ BME H58 6040S All three Redundant M580 Safety Hot Standby CPUs share the same physical characteristics: M580 Safety Hot Standby CPU and Safety Coprocessor must work together to provide a 1oo2 safety architecture to achieve the SIL 3 target level. The M580 Safety Hot Standby CPU will NOT operate without the Safety Coprocessor module. Number-Description 1-LED Display 2-MAC Address 3-Mini-B USB Connector 4-RJ45 Ethernet Port - Service port 5-RJ45 Ethernet Ports - Device Network ports 6-1 Gbps Ethernet sync-link interface socket for RJ45 or Fiber Optic 7-Product QR code 8-X-Bus and Ethernet connections to backplane 9-Slot of optional SD memory card 10-Locating and earthing connection to backplane Modicon M580 Safety

Chapter 7 - Redundant M580 Safety 343 LEDS DISPLAY Each LED on the CPU front panel has a dedicated function. The varying combinations of LEDs can offer diagnostics and troubleshooting information without have to connect to the CPU. LED-Description RUN-CPU running and managing its outputs ERR-CPU or system detected internal fault I/O-External fault coming from I/O modules DL-Firmware is currently being downloaded REMOTE RUN-Remote CPU is running BACKUP-Indicate inconsistent stored application (memory / SD card) ETH MS-MOD STATUS: Ethernet port configuration status ETH NS-NET STATUS: Ethernet connection status A-Local CPU is set to A B-Local CPU is set to B PRIM-Local CPU runs as Primary STBY-Local CPU runs as Standby FORCED I/O-At least one I/O points of digital module is forced SRUN-CPU is managing its Safety operation SMOD-CPU is in maintenance or safe operating mode Configuration Training

344 Chapter 7 - Redundant M580 Safety CPU SPECIFICATIONS There are three references of M580 Safety Hot Standby CPU models: ➢ BME H58 2040S - Level 2 CPU ➢ BME H58 4040S - Level 4 CPU ➢ BME H58 6040S - Level 6 CPU -H58 2040S-H58 4040S-H58 6040S Type-HSBY-HSBY-HSBY Max. number of remote drops-8-16-31 Safe program memory-2 MB-4 MB-16 MB(1) Safe data memory-512 KB-1024 kb-1024 KB(1) Process program memory-8 MB-16 MB-64 MB(1) Process data memory-768 KB-2048 KB-64 MB(1) Ethernet COM-2-4-4 NOC 03x1-2-4-4 NOC 0321-2-2-2 Note: (1)The BME H58 6040S CPU supports the sum of program and data up to the stated maximum of 64 MB. Selectable SFP sockets are: ➢ 490 NAC 0100 for RJ45 ➢ 490 NAC 0201 for Fiber Optic LC-type Single Mode Note: DO NOT INSERT SFP transceiver while the CPU module is powered on. Modicon M580 Safety

Chapter 7 - Redundant M580 Safety 345 SYSTEM IMPLEMENTATION MAIN HARDWARE COMPONENTS A Redundant M580 Safety System is based on two identically configured controllers linked to each other and to the same remote I/O network. If one controller stops operating, the other assumes control of the remote I/O network. The Redundant M580 Safety system can be operational with a minimum setup. The minimum configuration for a working Redundant M580 Safety are: ➢ 2 x processors, CPU - BME H58 xx40S ➢ 2 x coprocessors, Copro - BME P58 CPRO S3 ➢ 2 x power supplies - BMX CPS xxxxS ➢ 2 x Ethernet Backplanes - BME XBP xxxx ➢ 2 x SFP modules – 490 NAC 0xxx Each Redundant CPU needs to be fitted with a connector (SFP module) for the HSBY link. Note: I/O modules are NOT supported on the local main rack, but can be added to RIO drops and as distributed equipment. The Redundant M580 Safety can work without any Remote I/O Drops. ROLE OF REDUNDANT SAFETY EPAC One of the ePACs acts as the Primary, which runs the application by executing program logic and operating RIO drops and distributed equipment’s. The other ePAC acts as the Standby ePAC. The Primary ePAC updates the Standby ePAC at the beginning of each scan. The Standby is ready to assume control within one scan if the Primary stops communications. The system monitors itself continuously. If the Primary ePAC stops communications, the Redundant system switches control to the Standby, which then becomes the Primary ePAC. If the Standby ePAC stops communications, the Primary continues to operate without a backup. Configuration Training

346 Chapter 7 - Redundant M580 Safety M580 SAFETY HOT STANDBY DEVICE DDT A Device DDT (DDDT) is a Derived Data Type (DDT) predefined by the manufacturer and not modifiable by user. It contains the I/O language elements of an I/O Module. In legacy redundant PLCs, status and information between Primary and Standby CPUs are exchanged via System Words, %SW. With the Redundant M580 Safety system, status and information are now managed by Device DDT. When a new project is created based upon the M580 Safety Hot Standby CPU, two Device DDTs are automatically added into the application: ➢ BMEP58_ECPU_EXT with type T_BMEP58_ECPU_EXT o Provide status of the embedded Ethernet ports of the CPU o Same DDDT for a standalone M580 CPU ➢ ECPU_HSBY_1 with type T_M_ECPU_HSBY_EXT o Provide commands and status of the M580 Safety Hot Standby system The Hot Standby Device DDT provides 64 words of space that incorporate all the status, control, and command functions used to manage the M580 Safety Hot Standby system. Modicon M580 Safety

Chapter 7 - Redundant M580 Safety 347 STATUS OF THE SAFETY CPU TASKS An M580 Safety ePAC can execute single-task and multi-task applications. Unlike a single-task application which only executes the MAST task, a multi-task application defines the priority of each task. The M580 Hot Standby CPUs support the following tasks: ➢ FAST ➢ SAFE ➢ MAST Note: M580 standalone Safety ePAC supports AUX0 and AUX1 tasks. But the M580 Hot Standby CPUs DO NOT SUPPORT AUX0 and AUX1 tasks. The state of all the tasks for Primary and Standby CPU can be easily retrieved from the M580 Safety Hot Standby Device DDT. The available state of MAST, FAST and SAFE tasks can be: ➢ 0: Not existent (default) ➢ 1: Stop ➢ 2: Run ➢ 3: Breakpoint ➢ 4: Halt Configuration Training

348 Chapter 7 - Redundant M580 Safety MANAGE SYNCHRONIZATION OF HOT STANDBY CPUS The M580 CPU is a multi-tasking system, the M580 Safety Hot Standby CPU is able to execute SAFE, MAST and FAST tasks in a multi-tasking environment. Each configured task consumes a portion of CPU processing time, or bandwidth and has to be managed properly for optimal performance. Tasks synchronization between the Primary and Standby CPUs can be monitored via the M580 Safety Hot Standby Device DDT: ➢ MAST_SYNCHRONIZED ➢ FAST_SYNCHRONIZED (if used) ➢ SAFE_SYNCHRONIZED Tasks status can also be monitored via the System Words: System Word-Status %SW 171-State of th FAST task %SW 172-State of the SAFE task %SW 173-State of the MAST task %SW 174-State of the AUX0 task %SW 175-State of the AUX1 task Note: The status value at 1 means data are synchronized. Adjust the controller’s PERIOD cycle time until the MAST_SYNCHRONIZED, FAST_SYNCHRONIZED and SAFE_SYNCHRONIZED are stable at value = 1. For Hot Standby applications, verify that all tasks are correctly synchronized through the Hot Standby link by checking and using the MAST_SYNCHRONIZED, FAST_SYNCHRONIZED and SAFE_SYNCHRONIZED bits in the T_M_ECPU_HSBY DDT. Modicon M580 Safety

Chapter 7 - Redundant M580 Safety 349 IMPACT OF TASKS EXECUTION The EcoStruxure™ Modicon M580 Safety Hot Standby CPU is a multi-tasking system. The task characteristics supported by the M580 safety Hot Standby CPU are: Task Name-Priority-Time Mode-Default ---Period-Watchdog FAST-1-Periodic-5 ms-100 ms SAFE-2-Periodic-20 ms-250 ms MAST-3-Periodic-20 ms-250 ms The Primary CPU must have enough time to update to the Standby CPU via the Hot Standby link. As a rule of thumb, the total task bandwidth must be less than 80%. ➢ BandwidthTASK = ExecTimeTASK / PeriodTASK ➢ Global Bandwidth = ∑ BandwidthTASK In case there are too many exchange variables between Primary and Standby CPU, increase the FAST or SAFE task period. Configuration Training

350 Chapter 7 - Redundant M580 Safety SUMMARY This chapter introduced the Redundant M580 Safety ePAC used in process and machinery safety. QUESTIONS The following questions will help to check understanding of the topics covered in this chapter: ➢ What is the different between Reliability and Availability? ➢ What is the purpose of the dedicated Ethernet port on the M580 Safety Hot Standby CPU? Which type of SFP modules can be used on this Safety CPU's dedicated port? ➢ What is the purpose of having a rotary switch behind the M580 Safety Hot Standby CPU? ➢ What are the available Tasks and its time mode used in the M580 Safety Hot Standby CPU? ➢ Which are the parameters available in the Safety Hot Standby Device DDT for monitoring the tasks synchronization between the Primary and Standby CPUs? Modicon M580 Safety

Appendix 1 – References 351 APPENDIX 1 – REFERENCES This Appendix describes the main references and terminology used in this training manual. References, definitions and general terms used in Functional Safety for process and machine industry sector. CONTENTS: Terms and Definitions.................................................................................................352 Safety Modules PFD/PFH Values ..............................................................................354 Safety Standards ........................................................................................................359 Cross References.......................................................................................................360 Configuration Training

352 Appendix 1 – References TERMS AND DEFINITIONS Following are general terms used in this training manuals: Acronym / Abbreviation-Definition AC / DC-Alternating Current / Direct Current ALARP-As Low As Reasonably Practicable BootP-Bootstrap Protocol BPCS-Basic Process Control System CCOTF-Configuration Change On The Fly CIP-Common Industrial Protocol Comm DTM-Communication Device Type Manager DC-Diagnostic Coverage DDDT-Device Derived Data Type DDT-Derived Data Type DDXML-Device Description using Extensible Markup Language DFB-Derived Function Block DHCP-Dynamic Host Configuration Protocol DIO-Distributed I/O (using DTM technology) DRS-Dual-Ring Switch DTM-Device Type Manager ECC-Error Correcting Code E/E/PE-Electrical/Electronic/Programmable Electronic E/E/PES-Electrical/Electronic/Programmable Electronic System EFB-Elementary Function Block EIP-EtherNet/IP ERIO-Ethernet Remote I/O FDR-Fast Device Replacement FDT-Field Device Tool FMEDA-Failure Mode Effect and Diagnostic Analysis FSA-Functional Safety Assessment FTP-File Transfer Protocol FTA -Fault Tree Analysis FVL-Full Variability Language HAZID-Hazard Identification (Study) HAZOP-Hazard and Operability (Study) HFT-Hardware Fault Tolerance H&RA-Hazard and Risk Assessment Modicon M580 Safety

Appendix 1 – References 353 HRA-Human Reliability Analysis HSBY-Hot Standby IEC-International Electrotechnical Commission IEV -International Electrotechnical Vocabulary IPL-Independent Protection Layers ISA -Instrumentation, Systems and Automation Society ISO-International Organization for Standardization LVL -Limited Variability Language MBTCP-Modbus Transmission Control Protocol NP-Non-programmable NTP-Network Time Protocol PAC-Programmable Automation Controller PE -Programmable Electronics PES-Programmable Electronic system PFD -Probability of Failure on Demand PFDavg-Average Probability of Failure on Demand PFH-Probability to Fail per Hour PHA-Process Hazard Analysis PLC-Programmable Logic Controller QVE backplane-A Bus X only Mx80 backplane supporting M580 CPU or BME CRA (original M340 backplane do not support these modules) RIO-Remote I/O RPI-Request Packet Interval RSTP-Rapid Spanning Tree Protocol SFF -Safe Failure Fraction SIF -Safety Instrumented Function SIL -Safety Integrity Level SIS -Safety Instrumented System SNMP-Simple Network Management Protocol SOE-Sequence Of Events SRS-Safety Requirement Specification VLAN-Virtual LAN or Virtual Local Area Network WSDL-Web Service Description Language XML-Extensible Markup Language Configuration Training

354 Appendix 1 – References SAFETY MODULES PFD/PFH VALUES PROOF TEST INTERVAL (PTI) The proof test is a periodic test that needs to perform to detect failures in a safety-related system so that, if necessary, the system can be restored to a like new condition or as close as practical to this condition. The time period between these tests is the Proof Test Interval. The Proof Test Interval depends on the targeted SIL, the sensors, actuators and the PAC application. The Safety ePAC system is suitable for use in a SIL 3 application and a proof test interval of 20 years. PTI = 1 YEAR The table below shows SIL2 and SIL3 applications for PTI = 1 year: Product Type-Reference-Level-PTI = 1 year ---PFDG-PFHG CPU & Copro-BMEP584040S & BMEP58CPROS3-SIL3 & Cat4 PLe(1)-2.38E-06-5.44E-10 Analog Input-BMXSAI0410-SIL3 & Cat2 PLc(2)-5.76E-06-1.31E-09 Digital Input-BMXSDI1602-SIL3 & Cat2 PLc(2)-6.81E-06-1.56E-09 Digital Output-BMXSDO0802-SIL3 & Cat4 PLe(1)-5.75E-06-1.31E-09 Digital Relay Output -BMXSRA0405 -SIL2 & Cat2 PLd(3)-5.85E-06-1.58E-09 --SIL3 & Cat4 PLd(4)-5.84E-06-1.34E-09 --SIL3 & Cat4 PLe(5)---1.35E-09 Power Supply-BMXCPS4002S-SIL3---- (1) 1 Output @ 80° C (2) 1 Input @ 80° C (3) 1 Relay per output @ 80° C (4) 2 Relays per output @ 80° C (5) 4 Relays per output @ 80° C Modicon M580 Safety

Appendix 1 – References 355 PTI = 5 YEARS The table below shows SIL2 and SIL3 applications for PTI = 5 years: Product Type-Reference-Level-PTI = 5 years ---PFDG-PFHG CPU & Copro-BMEP584040S & BMEP58CPROS3-SIL3 & Cat4 PLe(1)-4.79E-06-5.51E-10 Analog Input-BMXSAI0410-SIL3 & Cat2 PLc(2)-2.88E-05-1.31E-09 Digital Input-BMXSDI1602-SIL3 & Cat2 PLc(2)-3.41E-05-1.56E-09 Digital Output-BMXSDO0802-SIL3 & Cat4 PLe(1)-2.88E-05-1.31E-09 Digital Relay Output -BMXSRA0405 -SIL2 & Cat2 PLd(3)-2.92E-05-1.68E-09 --SIL3 & Cat4 PLd(4)-2.92E-05-1.34E-09 --SIL3 & Cat4 PLe(5)--1.35E-09 Power Supply-BMXCPS4002S-SIL3---- (1) 1 Output @ 80° C (2) 1 Input @ 80° C (3) 1 Relay per output @ 80° C (4) 2 Relays per output @ 80° C (5) 4 Relays per output @ 80° C Configuration Training

356 Appendix 1 – References PTI = 10 YEARS The table below shows SIL2 and SIL3 applications for PTI = 10 years: Product Type-Reference-Level-PTI = 10 years ---PFDG-PFHG CPU & Copro-BMEP584040S & BMEP58CPROS3-SIL3 & Cat4 PLe(1)-1.22E-05-5.69E-10 Analog Input-BMXSAI0410-SIL3 & Cat2 PLc(2)-5.76E-05-1.31E-09 Digital Input-BMXSDI1602-SIL3 & Cat2 PLc(2)-6.81E-05-1.56E-09 Digital Output-BMXSDO0802-SIL3 & Cat4 PLe(1)-5.75E-05-1.31E-09 Digital Relay Output -BMXSRA0405 -SIL2 & Cat2 PLd(3)-5.84E-05-1.68E-09 --SIL3 & Cat4 PLd(4)-5.84E-05-1.34E-09 --SIL3 & Cat4 PLe(5)---1.35E-09 Power Supply-BMXCPS4002S-SIL3---- (1) 1 Output @ 80° C (2) 1 Input @ 80° C (3) 1 Relay per output @ 80° C (4) 2 Relays per output @ 80° C (5) 4 Relays per output @ 80° C Modicon M580 Safety

Appendix 1 – References 357 PTI = 15 YEARS The table below shows SIL2 and SIL3 applications for PTI = 15 years: Product Type-Reference-Level-PTI = 15 years ---PFDG-PFHG CPU & Copro-BMEP584040S & BMEP58CPROS3-SIL3 & Cat4 PLe(1)-2.54E-05-6.0E-10 Analog Input-BMXSAI0410-SIL3 & Cat2 PLc(2)-8.64E-05-1.31E-09 Digital Input-BMXSDI1602-SIL3 & Cat2 PLc(2)-1.02E-04-1.56E-09 Digital Output-BMXSDO0802-SIL3 & Cat4 PLe(1)-8.63E-05-1.31E-09 Digital Relay Output -BMXSRA0405 -SIL2 & Cat2 PLd(3)-8.77E-05-1.68E-09 --SIL3 & Cat4 PLd(4)-8.77E-05-1.34E-09 --SIL3 & Cat4 PLe(5)---1.35E-09 Power Supply-BMXCPS4002S-SIL3---- (1) 1 Output @ 80° C (2) 1 Input @ 80° C (3) 1 Relay per output @ 80° C (4) 2 Relays per output @ 80° C (5) 4 Relays per output @ 80° C Configuration Training

358 Appendix 1 – References PTI = 20 YEARS The table below shows SIL2 and SIL3 applications for PTI = 20 years: Product Type-Reference-Level-PTI = 20 years ---PFDG-PFHG CPU & Copro-BMEP584040S & BMEP58CPROS3-SIL3 & Cat4 PLe(1)-5.44E-05-6.63E-10 Analog Input-BMXSAI0410-SIL3 & Cat2 PLc(2)-1.15E-04-1.31E-09 Digital Input-BMXSDI1602-SIL3 & Cat2 PLc(2)-1.36E-04-1.56E-09 Digital Output-BMXSDO0802-SIL3 & Cat4 PLe(1)-1.15E-04-1.31E-09 Digital Relay Output -BMXSRA0405 -SIL2 & Cat2 PLd(3)-1.17E-04-1.68E-09 --SIL3 & Cat4 PLd(4)-1.17E-04-1.34E-09 --SIL3 & Cat4 PLe(5)---1.35E-09 Power Supply-BMXCPS4002S-SIL3---- (1) 1 Output @ 80° C (2) 1 Input @ 80° C (3) 1 Relay per output @ 80° C (4) 2 Relays per output @ 80° C (5) 4 Relays per output @ 80° C SAFETY MODULES MTTF VALUES Following are the MTTF characteristics: Product Type-Product Reference-MTTF (years) --25°C-55°C->60°C CPU-BMEP584040S-87.2-44.9-24.4 Coprocessor-BMEP58CPROS3-108.0-56.0-30.1 Analog Input-BMXSAI0410-54.2-26.1-14.2 Digital Input-BMXSDI1602-14.7-4.9-2.1 Digital Output-BMXSDO0802-45.8-25.0-13.4 Digital Relay Output-BMXSRA0405-36.9-26.5-17.9 Power Supply-BMXCPS4002S-88.0-47.5-25.4 Modicon M580 Safety

Appendix 1 – References 359 SAFETY STANDARDS CONTEMPORARY FUNCTIONAL SAFETY STANDARDS The primary Functional Safety standards in current use are listed below: ➢ IEC EN 61508 Parts 1 to 3 is a core Functional Safety standard, applied widely to all types of safety critical E/E/PS and to systems with a safety function incorporating E/E/PS ➢ UK Defence Standard 00-56 Issue 2 ➢ US RTCA DO-178B North American Avionics Software ➢ US RTCA DO-254 North American Avionics Hardware ➢ EUROCAE ED-12B European Airborne Flight Safety Systems ➢ IEC 62304 - Medical Device Software ➢ IEC 61513, Nuclear power plants – Instrumentation and control for systems important to safety – General requirements for systems, based on EN 61508 ➢ IEC 61511-1, Functional safety – Safety instrumented systems for the process industry sector – Part 1: Framework, definitions, system, hardware and software requirements, , based on EN 61508 ➢ IEC 61511-2, Functional safety – Safety instrumented systems for the process industry sector – Part 2: Guidelines for the application of IEC 61511-1, , based on EN 61508 ➢ IEC 61511-3, Functional safety – Safety instrumented systems for the process industry sector – Part 3: Guidance for the determination of the required safety integrity levels, based on EN 61508 ➢ IEC 62061, Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems, based on EN 61508 ➢ ISO 13849 – Safety of machinery and safety-related parts of control systems ➢ ISO 10218 – Safety requirements for robots used in industrial environments ➢ ISO 26262, Automotive functional safety ➢ EN 50128, Railway Industry Specific ➢ EN 50129, Railway Industry Specific ➢ NASA Safety Critical Guidelines ➢ UL 1998 – Assessment of software safety and evaluation of computer/software- controlled products ➢ UL 991 – Assessment of controls that employ solid-state devices and are intended for specified safety related protective functions. Configuration Training

360 Appendix 1 – References CROSS REFERENCES MAIN REFERENCES Following are some of the main references: ➢ “Layers of Protection Analysis: Simplified Process Risk Assessment,”Center for Chemical Process Safety, American Institute of Chemical Engineers, New York, New York (2001) ➢ “Application of Safety Instrumented Systems for the Process Industries,” ANSI/ISA-ISA 84.01-1996, ISA, Research Triangle Park, NC (1996). ➢ “Functional Safety: Safety Instrumented Systems for the Process Sector,” International Electrotechnical Commission (IEC), IEC 61511 Geneva, Switzerland (expected 2003). ➢ “Process Safety Management of Highly Hazardous Chemicals; Explosives and Blasting Agents,” 29 CFR Part 1910, OSHA, Washington (1992). ➢ \"Risk Management Programs for Chemical Accidental Release Prevention,” 40 CFR Part 68, Environmental Protection Agency (1996). SAFETY ORGANISATIONS WEBSITE Below is their respective website: ➢ http://www.tuv.com/fr/index.html ➢ http://mahb.jrc.it/ ➢ http://www.csb.gov/ ➢ http://www.aiche.org/ccps/index.aspx ➢ http://www.safetyusersgroup.com/ ➢ http://www.hse.gov.uk/ Modicon M580 Safety

Appendix 1 – References 361 Activity 20 - INSTALL POWER SUPPLY LIBRARY In this activity: • install the \"Predictive Maintenance\" Library into Redundant M580 Safety software. 1. Uninstall previous version a. For proper installation of the latest \"Predictive Maintenance\" library version, it is mandatory to uninstall any previously installed version. Launch Redundant M580 Safety software (DO NOT OPEN any project file) and select menu Tools » Types Library Manager b. Right-Click on the corresponding library, \"Predictive Maintenance\" c. Select menu Delete to remove the library. d. Click on button \"Yes to All\" to remove the library. e. When done, close the application. Configuration Training

362 Appendix 1 – References 2. Start the \"Types Library Update\" a. From the Windows Start Menu, launch the \"Types Library Update\": Hints & Tips If there is a problem in launching the program: Types Library Update, try to launch the program in administrator mode by selecting Run as administrator. b. The Types Library Update windows will be displayed: Modicon M580 Safety

Appendix 1 – References 363 3. Install the power supply library a. Click on the ellipsis button from the Types Library Update windows. b. Select the folder where the Predictive Maintenance Library is copied. Note: Check with your instructor if you do not have the installable library. c. Locate and select the file FAMILY.DSC from the folder. d. Click on Open button. e. Select the newest Libset version (e.g. ) if necessary. f. Click on Install family button to start installation of the power supply library into Redundant M580 Safety software. g. On successful completion, the following will be displayed: h. Click on OK button. i. Click on Exit button when finished. Configuration Training

364 Appendix 1 – References 4. Verify the newly installed library in Redundant M580 Safety software a. From the Windows Start Menu, launch the Redundant M580 Safety software: b. From the main menu, select Tools » Types Library Manager. c. Click on tab All Types and scroll down to look for \"Predictive Maintenance\". d. Click on the \"Predictive Maintenance\" and the libraries for redundant power supply are shown: e. Click on Close button when done. Modicon M580 Safety

Appendix 1 – References 365 Activity 21 - PWS_DIAG IMPLEMENTATION In this activity: • Use PWS_DIAG to read status of the redundant power supplies. ONLY FOR TRAINING PURPOSE Following programming logic is just given as a training exercise and must not be directly used or referred in a real case. Hence, some features might not function as expected by the user. It has been designed for learning purposes. Failure to follow these instructions can result in injury or equipment damage. 1. Create a new section to add a program logic for retrieving the diagnostics information of the two redundant power supplies. a. Return to Redundant M580 Safety and view current project in the Project Browser in Structural View. b. Open the branch Program » Tasks » MAST » Sections. c. Right click Sections and select New Section ... from the menu. Configuration Training

366 Appendix 1 – References d. This will open the New dialog. Type PWS_Status in the Name: field. e. Click the down arrow in the Language: field and select FBD (Functional Block Diagram Language) from the list of available languages. Click OK. f. A design editing window will open in the right pane. The left pane will display a new object called PWS_Status. Modicon M580 Safety

Appendix 1 – References 367 g. Create the following variables accordingly (will be used in the Redundant M580 Safety Operator Screens): Left_PWS_DDT with data type as PWS_DIAG_DDT Right_PWS_DDT with data type as PWS_DIAG_DDT h. Enter the following program logic into the PWS_Status section. Hints & Tips The IP_ADDRESS pin parameter value will depend on the location of the redundant power supplies: Local CPU rack: Leave the parameter empty, use a variable with an empty string, or enter the IP address of the CPU. Remote Drop rack: Enter the IP address of the communication adapter of the rack that contains the power supply module . i. Build the application j. Rectify any error(s). k. Save the application. 2. Connect and Transfer the application to the ePAC a. Connect to the ePAC via USB or Ethernet. b. Transfer the application. c. Switch the ePAC to RUN state, and verify the drop is online and that no errors are present. Configuration Training

368 Appendix 1 – References 3. View the power supplies diagnostics with Device DDT a. In Redundant M580 Safety, open the Variables & FB Instances from the Project Browser. b. Create a New Animation Table for the left and right power supplies variables with data type \"PWS_DIAG_DDT\". c. Expand the variable, and inspect the available properties: d. Observe the values of the left and right power supply variables when the source current to one of the power supply module is switched OFF. Modicon M580 Safety

Appendix 1 – References 369 4. Import an Operator Screen to view the power supplies diagnostics a. Return to the Project Browser. b. Right click the Operator Screens item and select Import. c. Browse to the file \"dual pws diagnostic.XCR\" provided by your Instructor. d. Click Import. The screen will appear in the Operator Screens. e. Observe the values of the two redundant power supply modules when the source current to one of the power supply module is switched OFF. f. Rectify any error(s). g. When done, Save the application. Configuration Training