The trend in data communication of safety-related devices continues to move away from discrete cabling of safety-critical functions towards the use of existing communication resources. In order to follow this trend especially in the area of industrial Ethernet, new methods of resolution are required. The openSAFETY Protocol makes such a safety-related data exchange possible. It was developed by the Ethernet POWERLINK Standardisation Group (EPSG) as an open safety protocol. It is suitable for communication cycles in the µs range and allows to implement safe systems up to SIL-3 (Safety Integrity Level) in accordance with IEC61508. The openSAFETY specification is certified by the TÜV Rheinland.
openSAFETY uses different guarding mechanisms. Besides the guarding of data content by using CRC codes, a time-based monitoring of communication is carried out independently from the (unsafe) transmission protocol. openSAFETY thus enables safe transmission of data over unsafe networks.
Contrary to what the name openSAFETY may suggest, this protocol can be used not only together with POWERLINK as a transmission protocol. Moreover it is possible to use other transmission protocols and media such as CAN together with openSAFETY.
openSAFETY only uses the unsafe transmission layer to exchange the safe openSAFETY frames whose content is not further interpreted by the transmission layer. The use of POWERLINK as the transmission layer is of course preferred because there is a close relationship of the communication mechanisms between POWERLINK and openSAFETY, which can therefore be used optimally.
An openSAFETY network can consist of up to 1023 openSAFETY domains with up to 1023 devices in each domain. The openSAFETY domain may extend over several (also inhomogeneous) networks. Communication between openSAFETY domains is possible via special openSAFETYdomain gateways.
In addition to “Safety Nodes” (SN), each openSAFETY domain has a “Safety Configuration Manager” (SCM), which is responsible for the allocation of node addresses, storage of node-specific parameters and permanent monitoring of the SNs.
openSAFETY uses the basic communication mechanisms familiar from POWERLINK and CANopen, such as safe process data objects (SPDO), safe service data objects (SSDO) and a safe object directory (SOD). IXXAT implemented the reference stack for openSAFETY in close cooperation with the TÜV Rheinland, which carried out development support, software type testing and certification.