GE PAC 8000 SafetyNet System

GE PAC 8000 SafetyNet System

SafetyNet Workbench

The SafetyNet Workbench (8841-LC-MT) has all the features of the standard Workbench, but additionally includes the special tools required for safety applications.

On-line download

Users with safety responsibility can download new parameters to a SafetyNet Controller, from a Trusted Host, to a Controller whose Key Switch is set to permit new downloads and where the particular SafetyNet Controller’s Password is known.

New parameter download is carried out as a background task over a number of cycles to ensure that the fault reaction and response times are not compromised. Once download is complete and the new parameters have passed the checking and security tests, the new parameters will be automatically adopted. Where redundant SafetyNet Controllers are used, the stand-by Controller will also be automatically updated.

Note: on-line download should only be used where there are adequate procedures for approving the changes that have been made and testing them prior to download.

MOST Workbench

The MOST Workbench is the engineering and documentation tool for the MOST Process Control and SafetyNet Systems.

The Workbench is used to perform the following tasks:

♦ Configure IO Channel and  Module parameters 

♦ Configure Controller and  network parameters 

♦ Input and manage the IO tag  database 

♦ Engineer and document the  control or safety application 

♦ Generate wizards to simplify HMI design 

♦ Simulate and test control and  safety applications 

♦ Generate reports to assist in  Factory and Site Acceptance  Testing

Trusted Hosts

To prevent access to SafetyNet Controllers by non-approved instances of the Workbench, remote Modbus devices, asset management packages and HMI, only those that the SafetyNet Controller identifies as “Trusted Hosts” can download new parameters. Each Trusted Host is recognised by its IP and MAC addresses (remote Modbus devices are recognised by the serial port to which they are connected). For each Trusted Host a number of other restrictions can be defined:

♦ Modbus write not allowed 

♦ Workbench write not allowed 

♦ HART pass-through not allowed

Change Control Log

The Workbench maintains a Change Control Log that records - for example - when:

♦ IO Modules are added, deleted or moved 

♦ Tags are added to, removed from, or  moved within an IO Module 

♦ IO Configuration parameters are saved 

♦ Controller IP addresses or node  numbers are entered or modified 

♦ External node numbers are entered or  modified 

♦ Serial communications parameters are  entered or modified 

♦ A successful download is made  

♦ A Strategy is removed 

♦ The Controller password is changed

Failsafe Mode

IO Modules will enter Failsafe Mode from the Running State either due to loss of communications with the Controller or because the module has received an instruction from the Controller to enter the Failsafe State. In this state:

♦ The Red Fault LED is lit 

♦ The IO Module is flagged as unhealthy  to the Controller 

♦ All Railbus Write requests are rejected,  except instructions to Reset or to exit the Failsafe State 

♦ Inputs and HART data are read 

♦ Outputs are de-energised 

♦ Background diagnostics continue and if a failure is detected, the module will  enter Controlled Shutdown