Typical configurations, Dlr topology – Rockwell Automation 1715-OF8I Redundant I/O System User Manual User Manual

Page 204

Advertising
background image

204

Rockwell Automation Publication 1715-UM001C-EN-P - March 2014

Chapter 6

1715 Redundant I/O System in SIL 2 Safety Applications

Typical Configurations

The 1715 system supports single module configurations, where it is acceptable to

either stop the system or allow the signals corresponding to that module to

change to their default fail-safe state. It also supports fault-tolerant I/O

configurations where the system is required to continue operating in the event of

a fault.

Fault tolerant systems have redundant modules that let the system continue

operation in the presence of a fault. The system fails safe if an additional fault

occurs.

All configurations can be used for safety-related applications. Choose the

appropriate configurations based on your application’s fault tolerance

requirements.

DLR Topology

Figure 59 - Simplex DLR with a ControlLogix Controller

For duplex configurations, a SIL 2 fault-tolerant architecture has dual input, dual

adapter, and dual output modules. The input modules operate in 1oo2 (1 out of

2) under no fault conditions and degrade to 1oo1 (1 out of 1) upon detection of

the first fault in either module. The modules fail-safe if faults occur on both

modules. The adapters operate in 1oo2 under no-fault conditions and degrade to

1oo1 upon detection of the first fault. A duplex system could therefore be 1oo2

reverting to 1oo1 on the first detected fault and reverting to fail-safe when both

modules have a fault. Fail-safe is defined as the ‘de-energized’ or ‘off ’ state.

The Ethernet architecture has no affect on SIL 2 safety functions. You can use

either of these example drawings, or any other appropriate Ethernet network.

From a safety aspect, if the Ethernet packets are not sent successfully, then the

SIL 2 safety functions will go to their respective safe states.

1756-EN2TR

1756-L72

CH1

CH1

CH1

CH1

CH1

CH1

TERMINAL IDENTITY

CH1

CH1

CH1

CH1

CH1

CH1

CH1

CH1

TERMINAL IDENTITY

IO BASE

1715-A310

CH1

CH1

CH1

CH1

CH1

CH1

CH1

CH1

TERMINAL IDENTITY

AOTA

Dual.

CH1

CH1

CH1

CH1

CH1

CH1

CH1

CH1

TERMINAL IDENTITY

AOTA

Dual.

CH1

CH1

CH1

CH1

CH1

CH1

CH1

CH1

TERMINAL IDENTITY

AOTA

Dual.

1715-AENTR

1715-AENTR

1715-

OB8DE

1715-IB16D

1715-A2A

1715-A3IO

IO BASE

1715-A310

CH1

CH1

CH1

CH1

CH1

CH1

CH1

CH1

TERMINAL IDENTITY

AOTA

Dual.

AOTA

Dual.

AOTA

Dual.

1715-

OF8I

1715-A3IO

1715-IF16

1715-

TASOB8DE

1715-

TASIB16D

1715-

TASIF16

1715-

TASOF8

Sensor

Actuator

SIL 2 ControlLogix Safety Loop

Advertising
This manual is related to the following products:

1715-IF16 Redundant I/O System User Manual, 1715-OB8DE Redundant I/O System User Manual, 1715-IB16D Redundant I/O System User Manual, 1715-AENTR Redundant I/O System User Manual

Popular Brands
Popular manuals