HIMA H41q/H51q Safety PLC System

HIMA Programmable Systems The H41q and H51q System Families

Overview of HIMA H41q/H51q Safety PLC System

The HIMA H41q and H51q system families are third-generation programmable electronic systems that have been field validated and designed specifically for safety critical applications in the process industry. These two system families are based on the same hardware and software platform, mainly used to control process flows with extremely high safety and availability requirements such as chemical plants, refineries, and power plants.

The core design philosophy of HIMA PES is to balance safety and usability. HIMA PES can be configured as a single channel or dual channel (redundant) system based on the required safety level (requirement levels AK 1 to 6 in accordance with DIN V 19250 standard) and availability requirements. This flexibility is not only reflected in the central module, but also applies to input/output modules and I/O buses, providing users with a complete solution from basic safety to the highest availability safety system.

The system configuration uses the ELOP II programming system to input, compile, load, test, and monitor user programs through a personal computer. All HIMA modules comply with the requirements of the EU EMC Directive 89/336/EWG and bear the CE mark, ensuring electromagnetic compatibility in harsh industrial environments.

System Architecture and Selection Guide

The HIMA H41q and H51q system families offer multiple models based on the redundancy level of the central module, I/O bus, and I/O module to meet different safety levels and availability requirements. Users can choose based on the number of I/O points and system complexity.

2.1 H41q Compact System

The H41q series is a highly integrated compact system, with all components including the central unit, power supply, fuses, power distribution, and input/output modules installed in a 5U height 19 inch subrack. This integrated design simplifies system integration and saves control cabinet space. It is suitable for applications with fewer I/O points (<192 points).

2.2 H51q Modular System

The H51q series adopts a modular design, consisting of a 5U high central rack and up to 16 4U high I/O sub racks, which can support up to 256 I/O modules and is suitable for large distributed control systems. It is suitable for complex applications with a large number of I/O points (>192 points) or requiring more than 2 serial interfaces.

2.3 Model Naming and Redundancy Concept

The suffix of the system model directly defines its redundant architecture:

M (Mono): Single channel central module and single channel I/O bus. Provide standard availability.

MS (Mono, Safety): A T Ü V certified single channel central module (using a dual processor architecture) and single channel I/O bus. Meet AK 1-6 security levels and standard availability.

H (High): Redundant central module and single channel I/O bus. Provide high availability.

HS (High, Safety): A redundant central module certified by T Ü V (using a dual processor architecture) and a single channel I/O bus. Provide high availability and security (AK 1-6).

HR (High, Redundant): Redundant central module and dual channel I/O bus. Provide extremely high availability.

HRS (High, Redundant, Safety): A T Ü V certified redundant central module (using a dual processor architecture) and dual channel I/O bus. Provide the highest availability and security (AK 1-6).

Core central module

The H41q and H51q system families are based on two core central modules: the secure type (F8652/F8650, dual processor) and the standard type (F8653/F8651, single processor).

3.1 Safe central module F8650/F8652

Specially designed for safety related applications, with T Ü V certification, meeting AK levels 1-6.

Dual processor architecture: Two microprocessors running in parallel with synchronized clocks. The key security mechanism is that one processor processes real data and programs, while the other processes reverse data and programs.

Testable hardware comparator: Real time comparison of all external accesses between two processors. Once a difference is detected, the safety watchdog is immediately set to a safe state and sends out a processor status signal, achieving true fault safety control.

Program memory: using Flash EPROM, supporting at least 100000 write cycles, used to store operating systems and user programs.

Data storage: sRAM is protected against power failure by the lithium battery on the central module and has monitoring function.

Interface and Diagnosis: Provides 2 electrically isolated RS-485 interfaces (maximum 57600 bps), equipped with a 4-digit alphanumeric display screen and 2 LED indicator lights for displaying system status and diagnostic information.

3.2 Standard central module F8651/F8653

Used for standard or high availability (non secure) applications. Adopting a single Intel 386 EX processor with a clock frequency of 25 MHz, it has interfaces and diagnostic functions similar to secure modules, but does not include a dual processor comparison architecture.

Input/output subsystem and safety shutdown

4.1 I/O module characteristics

Online plugging and unplugging: All I/O modules support live plugging and unplugging while the system is running, greatly facilitating maintenance.