Pilz PSS 4000 distributed safety control

Pilz PSS 4000 distributed safety control

In the field of modern industrial automation, the integration of safety control and standard control has become an inevitable trend. The PSS 4000 automation system launched by Pilz is a representative product of this trend. It seamlessly integrates security functions (compliant with EN ISO 13849 PL e and EN/IEC 62061 SIL 3) with standard automation functions through a unified hardware platform and software environment, making it particularly suitable for various application scenarios ranging from standalone devices to large networked factories.

This article is aimed at automation engineers and maintenance personnel, providing a detailed technical guide around the four core dimensions of PSS 4000 system composition, network communication, software programming, and common troubleshooting. Whether you are configuring SafetyNET p network for the first time or need to quickly troubleshoot controller communication interruptions, this article can provide practical operational references.

System architecture and core components

1.1 Distributed Control Concept

Traditional automation typically uses a centralized controller: a central PLC processes all input and output signals. The PSS 4000 adopts the concept of distributed consistent control: user programs can be executed in a distributed manner among multiple controllers, while the entire project is still managed in a centralized engineering manner. This means that regardless of which physical controller the program segment is actually running on, its logical relationship is transparent to the programmer. The direct benefits brought by this architecture include:

Hardware selection and programming can be carried out in parallel, and the hardware can be determined later in the project.

When expanding the device, only the program part needs to be migrated to the newly added controller, without rewriting the entire code.

Support local debugging and partial operation to shorten the overall project cycle.

1.2 Controller Series

The PSS 4000 provides controllers with two performance levels:

PSSuniversal PLC - Universal Controller

Suitable for complex and large-scale automated tasks. It can be used as a central PLC or as a distributed node. Supports five programming languages (IL, STL, LD, FBD, SFC) that comply with EN/IEC 61131-3, and is certified as Limited Variability Language (LVL) by T Ü V S ü d for creating safety related user programs. Typical models include PSSu H PLC1 FS SN SD (with dual SafetyNET p interface) and PSSu H PLC1 FS DP SN SD (with SafetyNET p+PROFIBUS-DP slave interface).

PSSuniversal Multi - Small Application Controller

Suitable for standalone or small interconnected devices. It focuses on local security features and can be configured through the graphical editor PASmulti. Supports up to one security task and can connect up to five devices through SafetyNET p. Typical models include PSSu H m F DP SN SD (SafetyNET p+PROFIBUS-DP).

Common characteristics:

Modular bus supports up to 64 I/O modules (mixed safety and standard)

Integrated power supply

Built in SafetyNET p switch function, supporting linear topology

SD card stores project and configuration data for easy device replacement

Safety level: SIL CL 3 (EN/IEC 61508), PL e (EN ISO 13849)

1.3 I/O System

The I/O system of PSS 4000 is divided into two categories:

PSSuniversal I/O (IP20) - Suitable for installation inside control cabinets. The head module can be selected from PLC, multi, or pure I/O types. I/O modules include digital quantities (4DI, 4DO, 16DI, etc.), analog quantities (2AI, 4AO, RTD, TC, etc.), encoder interfaces (SSI, incremental), and special functional modules such as Fast Control Unit (FCU) - built-in high-performance safety logic that can directly map local safety inputs to outputs within 400 µ s for ultra fast cutoff applications.

PSS67 I/O (IP67) - No control cabinet installation. The module has a protection level of IP67 and can be directly installed on the machine, making it suitable for distributed signal acquisition.

Module replacement and expansion: All modules are plugged into the base and can be hot swappable without disconnecting the wiring (following power-off specifications). During subsequent adaptation, simply add or remove modules, and the system will automatically recognize them.

Real time Ethernet SafetyNET p Detailed Explanation

2.1 Core Features

SafetyNET p is the backbone network of PSS 4000, based on the standard Ethernet IEEE 802.3, which simultaneously transmits security related data and non security data. Its security mechanism follows the Black Channel principle: except for security devices, intermediate network components (such as switches) do not need to have security functions, and the security protocol itself encapsulates all mechanisms such as verification, timeout, serial number, etc.

Key Performance:

Safety level: PL e/SIL 3

Supports linear, star, and ring topologies (ring network redundancy MRP)

The cycle time can be as low as microseconds (depending on the number of nodes)

Simultaneously transmitting secure and non secure messages on the same cable without interfering with each other

2.2 Physical Media and Distance

SafetyNET p supports multiple transmission media to adapt to different industrial environments:

Typical application scenarios for maximum distance of medium type

Twisted pair (CAT5e) 100m cabinet or short distance node interconnection

Multi mode fiber between 5 km workshops, resistant to electromagnetic interference

Single mode fiber optic 32.5 km long-distance cross plant, tunnel, cable car

DSL technology renovation of 10 km old cable without the need for rewiring

In situations where WLAN (IEEE 802.11) line of sight mobile devices, AGVs, etc. cannot be wired

Connectors and cables: It is recommended to use Pilz original RJ45s connectors (model 380 400, working temperature -40~+70 ℃) and CAT5e four core cables (380 000). Prefabricated jumper lengths ranging from 0.5m to 10m are available for selection.

2.3 Coexistence and Routing Capability

SafetyNET p is a 100% standard Ethernet protocol, so it can run in parallel with PROFINET, Modbus/TCP, HTTP and other protocols on the same network without interfering with each other. Simultaneously supporting routing function, commercial switches and routers can be used to divide large equipment networks into multiple network segments for easy maintenance and expansion.

Common network components:

Non managed switches (such as PSSnet SLL 5T): plug and play, suitable for small networks

Management switches (such as PSSnet SHL 8T MRP): support web management, MRP ring network redundancy, and diagnostic functions

Gateway (such as PSSnet GW1 MOD-CAN, MOD EtherCAT): Implement protocol conversion between SafetyNET p and CANopen, EtherCAT subnets

2.4 Network troubleshooting in engineering

When a communication failure occurs, troubleshoot in the following order:

Check physical connection: Is the RJ45 connector securely fastened? Is the cable broken? Does optical fiber have optical power?

Observe if the LED: Link/ACT indicator light on the switch is constantly on? If there is abnormal flashing, there may be packet loss.

Using the diagnostic editor: Open the diagnostic view in PAS4000 software to view the online status, cycle time, and frame loss count of each node.

Check for IP address conflicts: SafetyNET uses MAC based communication, but if TCP/IP services are also used, it is necessary to ensure that the IP addresses are not duplicated.

Ring network redundancy fault: If MRP is enabled, it is necessary to confirm that the ring network management node configuration is correct and all switches support MRP.

Engineering Practice of PAS4000 Software Platform

3.1 Overview of Programming Environment

PAS4000 is a unified engineering platform that integrates configuration, programming, debugging, and diagnostic functions. Its core components include:

Hardware configurator: Define the order and parameters of header modules and I/O modules.

Program Editor:

PASmulti: A graphical editor that allows for the quick implementation of safety functions such as emergency stop, grating, and safety doors by configuring logic through drag and drop connections. Built in rich functional block libraries (FS-Emerger Stop, FS_Light Curtain, FS_Suting, etc.), all security blocks are certified by T Ü V.

PAS IL/STL/LD: Text and ladder diagram editors that comply with IEC 61131-3, used for complex automation tasks and can be mixed with non safety logic programming.

Resource allocator: Allocate various parts of the user program to different physical controllers (resources). This is the key to implementing distributed control: you can write programs first and then map them later without knowing the final hardware layout.

I/O mapping: Associate global variables in the program with actual physical input-output channels.

Diagnostic Editor: Associate diagnostic information (alarm text, recommended measures) for each variable, automatically displayed at runtime.

3.2 Advantages of Hardware Independent Programming

In traditional PLC projects, it is necessary to first determine the hardware configuration (CPU model, I/O address) before writing logic. PSS 4000 supports hardware independent project creation: You can write functional blocks and program structures without hardware, and then allocate resources after hardware configuration is completed. According to Pilz statistics, this method can reduce up to 30% of the project time.

Example scenario: A packaging line has 6 workstations, and initially only 2 controllers are needed. When expanding in the later stage, you don't need to modify the program logic, just move the program segments of workstations 3-6 to the newly added controller in the resource allocator and download them again.

3.3 Software Block Reuse and Standardization

PAS4000 provides three levels of software block libraries:

General safety blocks: emergency stop, grating, safety door, dual hand control, valve monitoring, safety Ethernet connection, etc.

Hardware related blocks: FS_ Absolute Encoder, FS_ Incremental Encoder, FS_ Counter Dual (Position and Speed Safety Assessment), FS_ Analog Input Dual (Redundant Analog Monitoring).

Application related blocks: FS-PressOperatingModes, FS_CamController, FS_SurnerManagement System.

User defined blocks: You can use PAS STL to write your own function blocks, and then call them in PASmulti like built-in blocks. After modification, all instances will be automatically updated with centralized version management.

3.4 Common problems with downloading and starting

Problem 1: Program download failed, prompting "Resource not reachable"

Solution: Check if the controller IP address or SafetyNET p-node ID matches the project. When programming with Ethernet TCP/IP, it is necessary to first set the initial IP through USB or serial port.

Problem 2: After the controller runs, some outputs do not act

Solution: Check if the program segment corresponding to the output in the resource allocator has been assigned to the correct controller. Simultaneously check if the physical address in the I/O mapping is correct.

Problem 3: After triggering the security function, it cannot be reset

Solution: Safety blocks usually require a rising edge reset signal. Check if the reset button is connected to the safety input and if the FS-Reset logic is configured in the program.

Common troubleshooting and system diagnosis

4.1 LED Status Indication

The PSS 4000 controller and I/O module front panel both provide multi-color LEDs for quick status determination:

LED color and status meaning operation suggestions

The green RUN is constantly on and the controller is running normally

Green RUN flashing controller is in STOP or not configured to download items or switch to RUN

Red ERROR constantly on, serious fault (hardware damage), replace module

Red ERROR flashing configuration error or bus fault check hardware configuration, check SafetyNET p connection

The yellow I/O LED is flashing and the corresponding channel has a normal signal

The I/O LED is not lit, but there is a signal wiring error or module damage on site. Check the terminals and measure the input voltage with a multimeter

4.2 Diagnostic Editor Usage Tips

After opening the diagnostic view in PAS4000, you can see:

System diagnosis: The operating status, firmware version, temperature, and power supply voltage of each module.

User diagnosis: Programmers preset alarm messages for each variable. For example, when the status of the FS-Emerger Stop block changes to 'triggered', it automatically displays' emergency stop button pressed - please check station 3 '.

History: A list of alarms sorted by time, supporting filtering and exporting.

Practical function: Right click on any diagnostic item to directly jump to the corresponding position in the program (such as the logical network segment where the input is located), greatly improving debugging efficiency.

4.3 SD card replacement and firmware upgrade

Each PSS 4000 controller has an SD card slot. SD card storage:

User program (compiled binary)

hardware configuration

device firmware

Replace faulty controller: Pull out the SD card of the faulty controller, insert a new controller (of the same model), and the program will automatically load after power on, without the need to download again. This is the fastest on-site replacement method.

Firmware upgrade: Copy the new firmware file to the root directory of the SD card and automatically upgrade when powered on. Note: The firmware version must be compatible with the PAS4000 software version. Backup the original program before upgrading.

4.4 Interpretation of Common Error Codes

Error code (diagnostic display) Possible causes and solutions

0x1001 SafetyNET p connection timeout check for network cable and switch; Increase watchdog time

0x2003 I/O module mismatch. The actual module does not match the model in the hardware configuration. Replace or modify the configuration

0x3005 Security CRC verification failed due to program tampering or storage medium damage. Download the complete project again

0x400A battery voltage low (if using real-time clock). Replace the battery and reset the time

Advanced features and typical application cases

5.1 Safety Movement Monitoring

PSS 4000 supports safe speed and safe position monitoring, with two implementation methods:

Single encoder scheme (maximum PL d)

Using compact I/O modules such as PSSu K F FCU, each controller can monitor up to 8 axes with only one Sin/Cos encoder required. The response time is extremely short (independent of PLC cycles). Suitable for conveyor belts and rotating tables with moderate safety requirements.

Dual encoder scheme (maximum PL e)

By using two non secure encoders (incremental or absolute) in conjunction with the FS_SunterTual and FS_SoluteEncoder function blocks in the user program, secure speed and position monitoring can be achieved. Suitable for high demand scenarios such as elevators and lifting equipment.

Debugging suggestion: When running for the first time, use the "teach" mode to record the actual motion curve, then set the limit value (such as the upper limit of safe speed of 200 rpm), conduct low-speed testing to confirm that the function is correct, and then put it into production.

5.2 Application of Fast Control Unit (FCU)

FCU modules (such as PSSu K F FCU) have the following unique capabilities:

Local logic execution: Directly maps local input to output without going through the SafetyNET p network, with a latency of only 400 µ s.

Can read extremely short signals with a pulse width of 650 µ s (such as synchronous pulses of gratings).

Optimization of the shutdown process for inductive loads (reverse voltage suppression).

Typical scenario: Safety door monitoring of high-speed stamping machines. Once the door is opened, the FCU cuts off the STO input of the servo drive in less than 0.5 milliseconds, which is several orders of magnitude faster than communicating through the network.

5.3 Industry Application Cases

Automotive painting line: On the bumper painting line of Yanfeng Plastic Omnium, PSS 4000 manages a large number of safety light curtains, emergency stop cables, and supports adding I/O modules at will without rewriting the program.

Rail Transit: At Bombardier Transportation Company, PSS 4000 monitors vehicle speed and triggers emergency braking when uncontrolled acceleration is detected. At the intersection of Antwerp Metro, the PSS 4000 with SIL 4 capability (specially certified) replaced the old control board.

Packaging Machinery: A potato chip manufacturer has replaced the original PNOZmulti configuration system with PSS 4000, improving production line availability while maintaining a high level of safety.

Press modification: Replace the mechanical rotating cam with an electronic solution (PSSuniversal PLC+FS_CamController+PSENenco encoder) that meets the EN 692 standard and supports dynamic adjustment of stroke length.

Maintenance and Engineering Optimization Suggestions

6.1 Daily Maintenance Checklist

Check the SafetyNET connectors for looseness and fiber optic connectors for contamination every quarter.

Clean the dust inside the control cabinet every six months to ensure good heat dissipation of the I/O module.

Perform a safety function test once a year: trigger each emergency stop, light barrier, and safety door to confirm that PSS 4000 correctly cuts off the hazard source.

Backup project files (in. paz format) to the company server, while also backing up the contents of the SD card.

6.2 Performance Optimization Techniques

Reduce network load: Separate periodic data from non periodic diagnostic data. Do not set non essential variables to loop transfer.

Optimize program structure: Place time critical logic (such as 1ms response) in FCU or independent fast tasks, and regular logic in slow tasks.

Using ring topology: Enable MRP ring network redundancy, single point disconnection does not affect communication.

6.3 Upgrade and Migration Strategy

If your existing system is based on PSS 3000 or PNOZmulti, when upgrading to PSS 4000, you should pay attention to:

The safety logic can be manually converted: the logic of the original safety relay/configuration module can be re implemented graphically using PASmulti.

Fieldbus integration: Connected to the upper level PLC through gateway modules (such as PROFIBUS-DP slave stations), retaining the original SCADA interface.

Retain the original sensor: The PSS 4000 input module is compatible with 24V DC sensors and does not require replacement.