OPC UA Safety
Safety concept from a single source
There are more than 13 million PROFIsafe nodes in production plants - and the trend is rising. PROFIsafe enables functionally safe communication between a safe controller and safe end-devices (e.g. emergency stop buttons, light grids, or drives with safety functions).
Safe Controller-Controller-Communication
However, until now there has been no manufacturer-independent standard for safe communication between controllers. In the Industrie 4.0 context, however, communication between controllers from different manufacturers is becoming increasinglyimportant. In many scenarios, safety-related data must also be exchanged between controllers, for example in the case of safety functions that extend over several modules (e.g. safely reduced speed when opening a loading unit).
Proven technology for safe communication
OPC UA Part 15:
Safety now enables safe communication between controllers. It is a specification defined jointly by PI and the OPC Foundation. OPC UA is already the most important standard for machine-to-machine communication. PI's many years of experience in the field of functional safe communication and PROFIsafe ensures that OPC UA Part 15: Safety meets all requirements of the IEC61784-3 standard (functional safety of fieldbuses).
The safety mechanisms and many features have been adopted from PROFIsafe.
However, OPC UA Safety also offers functions that were previously not possible with PROFIsafe. These include a maximum user data length of 1500 bytes, the creation of any network topology (star, line, grid, ...), hierarchical safety IDs for simplified management of series machines and dynamic connection setup with changing partners. Modular machines, Autonomous Guided Vehicles (AGVs), Autonomous Moving Robots (AMRs), tool changers, etc. benefit from this.
Changing communication partner
This means that - in contrast to all current functionally safe communication protocols - it is no longer necessary to make all participants known to each other during the project planning stage. It is therefore possible, for example, to add a new mobile robot to the system without having to reparameterize all fixed machines.
Fail-safe communication thanks to OPC UA Safety
Modularization and interoperability are playing an increasingly important role in modern plants and are the core requirements for Industrie 4.0. PROFIBUS & PROFINET International (PI) was an early adopter of OPC UA as an open, cross-vendor standard for machine-to-machine communication. OPC UA allows cross-vendor networking between machines, regardless of the fieldbuses used within the machine.
However, up to now OPC UA has not been able to transfer fail-safe data as is the case with fieldbuses with PROFIsafe. Safety functions involving controllers from different manufacturers therefore had to be performed conventionally with direct cabling or using a special coupler.
OPC UA Part 15:
Safety now enables direct safe communication between controllers. It is a specification defined jointly by PI and the OPC Foundation. OPC UA is already the most important standard for machine-to-machine communication.
PI's many years of experience in the field of functional safe communication and PROFIsafe ensure that OPC UA Part 15: Safety meets all requirements of the IEC61784-3 standard (functional safety of fieldbuses). The safety mechanisms and many features have been adopted from PROFIsafe. In particular, OPC UA Safety also uses the proven "Black Channel" mechanism of PROFIsafe. For this purpose, OPC UA Safety implements the necessary safety measures in a safety layer above the communication layer.
The advantages of PROFIsafe - independence from synchronized clocks, an unlimited number of network terminals and network devices, as well as an unlimited communication rate - are retained.
However, OPC UA Safety also offers functions that were previously not possible with PROFIsafe. These include user data with any structure and a length of up to 1500 bytes, the creation of any network topology (star, line, grid, ...), hierarchical safety IDs for simplified management of series machines, and dynamic connection setup with changing partners.
The last feature in particular is completely new and offers previously unattainable flexibility. Until now, a static, unique code name had to be assigned for each possible safety connection. This must be known at both ends of the connection in order to check incoming telegrams to see whether they come from the correct sender. If you think, for example, of mobile robots that move independently from machine to machine, this procedure becomes complicated. As soon as only one new station is added, all machines mustbe reparameterized. This increases effort and reduces flexibility.
Particularly in the Industrie 4.0 context, it should be possible to reconfigure the safety function without human consent. In this context, the OPC UA Safety solution has the advantage that the check for the correct data source is no longer based on a code name for each connection, but that each data source is directly assigned a corresponding ID. This allows several subscribers to alternately access the same data source and the subscribers do not have to be known to the source. In the example this means that mobile robots can be added at any time without having to adapt the machines.
Outlook
The next steps are also already planned. Test specifications are currently being drawn up in which test procedures are defined. In addition, the development of a software tool for automatic testing has been commissioned. It is also necessary to establish a certification and acceptance procedure similar to PROFIsafe. This is a prerequisite for the simple and fast safety certification of products that implement OPC UA Safety. Case studies will also be created to demonstrate the new features of OPC UA Safety. These include the simplified management of safe addresses for series machines and the ability to communicate with different partners over the same connection during runtime. Furthermore, an OPC UA Mapper for Pub/Sub is specified in order to be able to implement safety functions with high demands on response time.
Functional safe controller-controller communication
OPC UA enables functional safety for communication between controllers of different vendors.
The typical use cases are:
- Emergency-stop for modular machines
- Loading and unloading of machine tools
- Safe coordination of moving machine parts (e.g. crane trolleys)
- Geographically distributed machines (e.g. water & wastewater)
But OPC UA Safety offers the solution for additional request of flexibility in Industrie 4.0 use cases.
By using an identifier per machine instead of a static codename for each possible connection new configurations can be established without having to update the machines.
Scenario Example:
- Stationary machines with autonomous mobile robots (AMR)
- Functionally safe communication between AMRs and machines
- An AMR speaks with precisely one machine at a specific point in time
Here you can find several frequently asked questions:
FAQ OPC Safety
- Runs on top of OPC UA client/server
- Unidirectional, bidirectional, and multicast connections
- Arbitrary network topologies: line, tree, star, ring, …
- Arbitrarily structured user data, length: 1-1500 bytes
- Dynamic connection establishment during runtime
The next steps are:
- Test specification
- TÜV approval in progress
- Mapper for OPC UA Pub/Sub (inclusive TSN)
- optional service compatible to IEC61784-3-3 (PROFIsafe V2.6)