A Perplexing New Trend: PC-based Safety Control

05 May 2009

PC-based safety? Can it really be true? A machine safety system built on a PC? Would you trust your arms and fingers on the operation of a Windows PC? Surely this is going to make some people nervous.

Dipl.-Ing. Heinz Eisenbeiss
Dipl.-Ing. Heinz Eisenbeiss

We have to admit, safety has come a long way in the past 20 years. It used to be emergency stop switches hardwired directly to shut off the motors. Then we had all kinds of light curtains and safety mats, then the safety relay, then programmable safety relays. Next we had safety buses and safety PLCs. Now we have safety integrated with regular PLCs. What comes next? A safety PC!

Now two of the largest automation companies in Europe have announced products based on this idea.

Siemens launched its product at Hannover Messe, but you couldn’t tell what it was by the name alone: ‘Simatic WinAC RTX F.’ The ‘F’ on the end stands for failsafe. Dipl.-Ing. Heinz Eisenbeiss (photo), director for worldwide marketing of SIMATIC Industrial Automation Systems, was at the fair to talk about the new product.

You have to understand, what we’re talking about is a completely software-based solution. Hardware is involved, of course, but the safety certification is on the software only. The TÜV stamp is on the CD-ROM. Theoretically, it doesn’t matter what Windows XP PC you use. You could bring one down out of the office. That’s a radical departure from anything that has come before.


Siemens got into the safety business in the early 1990s with the S7 300F, which was their first integrated safety controller. So machine safety, and what it requires, is nothing new to them.

Simatic WinAC RTX F makes use of a PC connected to Profibus to communicate with the sensors and safety equipment.

‘The system is always checking itself internally,’ said Mr. Eisenbeiss. We certainly hope so.

Simatic WinAC RTX F
Simatic WinAC RTX F

‘If it finds anything wrong, the system goes into a safe state,’ he said. ‘The CPU makes all its calculations two ways. It executes each instruction two ways and compares the results. One single wrong bit in memory can signal a stop.’

The newer dual core and quad core computers can handle this high demand style of processing. You couldn’t do this 10 years ago, it would have been unacceptably slow.

It meets all the relevant safety requirements and uses Step 7 as engineering software. This includes EN 954-1 up to Cat. 4, IEC 62061 up to SIL 3, and EN ISO 13849-1 up to PL e.

The software runs on a Windows XP or an embedded XP-based controller and has an optimised runtime system to be able to process extensive PC applications simultaneously with the control task.

It is especially suitable for high-performance tasks with substantial data volumes and simultaneous demanding real-time requirements. Dual-core processors are used to optimise utilisation; for example, with one core for Windows applications, and the other for Simatic WinAC RTX F.

And even though it would run on any x86 PC, Mr. Eisenbeiss would like to suggest using Siemens’ embedded Simatic PCs, or another Simatic industrial PC. He says that during installation of the safety software, the procedure performs a one-time verification of the PC hardware, but once that’s over, and nothing unusual is found, the PC is ready to go to work.

In fact, Siemens will offer preinstalled versions such as the Simatic S7-mEC-RTX F fail-safe modular embedded controller in Simatic S7-300 design and the embedded fail-safe Simatic IPC427C-RTX F rail-mounted PC.

The safety software can be expanded using the safety-oriented peripherals ET 200S, ET 200M, and ET 200pro with IP67 degree of protection, or with the safety-oriented ET 200eco block I/O with IP67 degree of protection.


A prerequisite is that the installed hardware provides the appropriate interfaces which Siemens says is the case with all Simatic Embedded Automation products. The Simatic S7-mEC-RTX F embedded controller can also be expanded with central ET200M I/O modules.


Interestingly, Beckhoff also announced during Hannover Messe 2009 they would launch a safety PC later in the year; we’ll probably see it at SPS/IPC/Drives next November.

Beckhoff has been offering the TwinSAFE safety solution, which integrates safety related functions via bus terminals, for the past six years and now it says it will take the ‘next logical step’ and integrate the safety PLC function into the PC.

Beckhoff’s implementation of TwinSAFE modules into the compact 12 mm housing of an electronic terminal has given them a flexible integration and extension of safety functions—and therefore offers a quite different approach from standard safety systems.

In announcing its intention to have a PC-based safety system, a spokesman for Beckhoff said, ‘With a Safety PLC running on a standard Industrial PC, the performance available for the standard logic is now offered for the safety logic as well. The solution consists of software that is integrated into the TwinCAT system. This software allows safe processing of safety functions. No hardware extension is needed within the PC, which means that every PC can be used as a Safety PLC.’

Beckhoff already uses the Safety over EtherCAT protocol for communication between the industrial PC and the Safety PLC and the decentralised TwinSAFE components (safety inputs/outputs, safety-related drives, safety sensors), and says it will extend this usage with its new PC-based safety PLC.

Contact Details and Archive...

Related Articles...

Additional Information...

Print this page | E-mail this page