4.3 Features
  • Runs on top of:
  • OPC UA Client/Server with the Method Service Set.
  • OPC UA PubSub.
  • From an architectural point of view: easy extensibility for other ways of communication.
  • goal: no modification of existing OPC UA framework.
  • The state machines of this document are independent from the OPC UA Mapper, allowing for a simplified exchange of the mapper.
  • Ready for wireless transmission channels.
  • Modest requirements on safety network nodes:
  • No clock synchronization is necessary (no requirements regarding the accuracy between clocks at different nodes).
  • Within the SafetyConsumer, a safety-related, local timer is required for implementing the SafetyConsumerTimeout. The accuracy of this timer depends on the timing requirements of the safety application.
  • End-to-End Safety: functional SafetyData is transported between two safety endpoint devices across a standard network that is not functionally safety compliant. This includes the lower transport layers such as the OPC UA stack, underlying physical media, and non-safety network elements (e.g. routers and switches).
  • “Dynamic” systems:
  • Safety communication partners can change during runtime,
  • either an increase or decrease, or both, in the number of safety communication partners can occur.
  • Well-defined text-strings are used for diagnostic purposes.
  • Safety communication and standard communication are independent. However, standard devices and safety devices can use the same standard transmission system at the same time.
  • Functional safety can be achieved without using structurally redundant standard transmission systems i.e. a single channel approach can be used. Redundancy can be used optionally for increased availability.
  • For diagnostic purposes, the last SPDU sent and received is accessible in the Information Model of the SafetyProvider.
  • Length of user data: 1 octet to 1 500 octets, structures of basic DataTypes, see 6.2.5.