Bob A.

Wired interlocks after software interlocks ?

6 posts in this topic

Hi Guys, Soul searching has become a full time job for me. So here is another one to ponder. We all understand that a reversing starter has a mechanical interlock and it's control circuit has a matching provision, all for good reason. So in a case with a lesser consequence like a directional valve, is it necessary that we do we do the same thing? My practice has always been to use interposing relays with multiple contacts. So when a case like a directional valve comes up that can drive a cylinder in two directions, the NC contact for one direction gets wired in series as a permissive to the circuit that goes the opposite direction and vise versa. Then in the software app, the same logic is followed such that the outputs cannot both be on at the same time. So my question is in regard to the necessity for this combination software / hardware based redundant provision, Is it really necessary? As always, I thank you for sharing your thoughts... Best Regards, Bob A.

Share this post


Link to post
Share on other sites
It all depends on what these valves do for a living, what do they control and what are the consequences, if any when both are energized or de-energized at the same time.

Share this post


Link to post
Share on other sites
Hi Russ, Well I was speaking hypothetically when I posed the question, but my current requirement is a production facility that is being redesigned from scratch to run under remote control due to hazardous materials. So in this case the valves are moving things in a mechatronics environment. Some are pneumatic and some are hydraulic. I don't know if there would be any dire consequences of a wiring or programming mistake as ther would be in the case of a reversing starter. I'm just curious how many people would come at this with a belt and suspenders approach like I typically use because I don't have the budget now to waste on anything that is not absolutely essential. Thanks for your thoughts, Bob A

Share this post


Link to post
Share on other sites
I know this is a bit away from where you are - I seldom work with valves. A couple of years ago I did a switching job - 2 x HV (11kV) trannies, a couple of HV ATSs, LV to the main switchboards. Power supply for a road tunnel. 3 x main switchboards with a 'wrap around' configuration and a bus tie in each so that if one of the HV supplies failed a bus tie could be opened and half of the switchboard fed from the other 2 switchboards - they were designed to give this redundancy. I had everyone involved here and all having their own requirements - 2 power authorities (2 states - it was on the border) - 2 Roads Authorities for the same reason. Each wanted a whole pile of hardware interlocking on the changeovers - I spent 3 days trying to get my head around it and design what they all wanted in the interlocking process. My client was a bit short on the job and did not allow for all of this as it was not detailed in the specification - only a mention of 'approved safety interlocking' - typical. I got my head around it a designed the system, built it and commissioned it. Then they all started asking questions after the design was approved, the system was tested and approved - second bite at the cherry. Why is there only 1 set of batteries and battery chargers? Why is there only one PLC and not a redundant one as well? These are single points of failure. I hopped on a plane and went to a meeting with all present to answer their questions. When the above questions came up about the single points of failure I pointed out to them that due to them all having different interlocking requirements I had to design the system with 5-600 relays in it. I said to them that there were probably thousands of single points of failure added for their interlocking - connections to relays, relay contacts, coil connections - in fact I only had to have one termination not tight and the system would fail. Why were they now worried about the batteries, chargers and PLC being a single point of failure when they had added thousands? Also, there was no mention of 2 PLCs, batteries and chargers in the specification. There was a deadly silence and my client bought me the best holiday I have ever had on an island off the coast! I had done the design to his request to save him a dollar of course. I believe you can go way too far to be honest but if you are designing the system it has to be safe - otherwise litigation may follow! Sometimes pays to have professional indemnity insurance - trouble is you have to carry it for 7 years after the job is finished in Ozz to comply with the statute of limitations - the insurance companies will not carry it for you - and it is expensive.

Share this post


Link to post
Share on other sites

Many current-technology platforms are utilizing software E-stop circuits.  I was against the concept, but have been swayed by the robustness of the solutions.  Allen-Bradley's STO (Safe-Torque Off) emergency stop circuit simplifies machine design and build, and gives many programming features to work with; extremely well suited for servo motor control.

http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/gmc-rm002_-en-p.pdf

Share this post


Link to post
Share on other sites

One other consideration would be that in some circumstances it is desirable/necessary to open both valves at the same time. This will have the effect of locking the cylinder in more or less its current position. This is sometimes safer than dumping the air in the event of a problem.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now