![](https://www.globalindustrialsupplies.eu/wp-content/uploads/2016/08/siemens-gallery-4-324x200.jpg)
8/21
Siemens ST PCS 7 · 2017 (Preliminary edition)
8
Automation Systems
Modular AS 410-5H and AS 410E systems
Safety-related automation systems
■
Overview
AS Single Station AS 410F
Safety-related automation systems are used for critical applica-
tions where a fault could endanger life or result in damage to the
plant or the environment. These F/FH systems also referred to as
"fail-safe automation systems" detect both faults in the process
and their own internal faults in association with the safety-related
F modules of the ET 200 distributed I/O systems or fail-safe
transmitters connected directly via the fieldbus. They automati-
cally transfer the plant to a safe state in the event of a fault.
■
Design
The PROFIsafe profile allows safety-related communication be-
tween the automation system (controller) and the process I/O via
both PROFIBUS and PROFINET. The decision for choosing
either PROFINET IO or the PROFIBUS DP/PA fieldbuses has
a significant influence on the architecture of the safety-related
system.
For information on the safety-related design versions with
PROFIBUS DP/PA and PROFINET IO, refer to the section
"Safety Integrated for Process Automation", "Introduction".
The safety-related SIMATIC PCS 7 automation systems are
based either on the hardware of the AS 410S standard automa-
tion system (F systems) or the hardware of the AS 410H high
availability automation system (FH systems), which have been
supplemented with safety functions using S7 F systems.
In accordance with the design variant, they are categorized as:
•
AS Single Station AS 410F
with only one CPU (safety-
related)
•
AS Redundancy Station AS 410FH
with two redundant
CPUs (safety-related and high availability)
The availability can be flexibly increased with a redundant de-
sign for the power supply or the Industrial Ethernet communica-
tions module (for details, see the section "Modular S7-400 sys-
tems" under "Flexible and scalable availability").
All AS 410F/FH systems are TÜV-certified and comply with the
safety requirements up to SIL 3 according to IEC 61508.
In these systems with multitasking capability, several programs
can be executed simultaneously in one CPU – basic process
control (BPCS) applications or also safety-related applications.
The programs are reaction-free, i.e. faults in BPCS applications
have no effect on safety-related applications, and vice versa.
Special tasks with very short response times can also be imple-
mented.
The redundant FH systems operating according to the 1-out-of-2
principle consist of two subsystems of identical design. These
are electrically isolated from each other to achieve optimum
EMC, and are synchronized with each other via fiber-optic ca-
bles. In case of an error, there is a bumpless switchover from the
active subsystem to the reserve system. The two subsystems
can be present in the same rack or separated by up to 10 km.
The spatial separation provides additional security in the case of
extreme influences in the environment of the active subsystem,
e.g. resulting from a fire.
The redundancy of the FH systems is only used to increase the
availability. It is not relevant to processing of the safety functions
and the associated fault detection.
© Siemens AG 2017