GA Blue Line

SIL3 certified control and safety functions,

scalable redundancy and availability, up to QMR

PL a

SIL 1

PL b

SIL 2

PL c

PL d

SIL 3
IEC 6150
8
IEC 6151
1

PL e
849
3
1
O
IS
06 1
2
6
C
IE
GA control

GA safety

GEBHARDT Automation GmbH

Control or Safety, opposites?

2

Control system versus safety system

In addition to normal process automation modern plants have
an increasing demand for certified safety systems.
Control systems allow fast and precise control in the normal
mode of operation of machines and auxiliaries. However, if a
failure occurs, certified safety functions provide reliable protection of people, environment and equipment according to good
engineering practices and acknowledged safety regulations.
In typical applications, 80 to 90% of the entire scope of
automation technology is handled by control systems. Safety
functions account for the remaining 10 to 20%.. Both make use
of different computer systems, specialised and optimised for
their specific application area.

The GA BlueLine systems offer an alternative: they allow the

use of both safety and control components in one computer
system. Components used together such as communication
cards, power supply units, etc. meet the high quality requirements for SIL 3. Safety relevant components such as I/O cards
and signal processing are independent from normal control
components.
Blue Line

GA DualCore-S

Theoretically, the division of these functions into two separate systems makes sense. Practically, however, it has a disadvantage, i.e. both systems are overproductive. It is not a flaw,
but it causes unnecessary costs.
The regular control components are designed for this mixed
mode and are certified to be interference-free.
Even the software for both components is completely separate, which means e. g. that the safety system is commissioned
before the normal control part and operates independently of
control functions. Therefore, the safety system ensures protection even during changes in control programming.

safety system

automation system

over-speed
protection

Emergency Stop

SURGE
detect

safety system

compressor

machine

turbine

speed
control

Anti-Surge
control
pressure
control
mixer
control

auxiliaries
...

control and
automation

Components of GA BlueLine systems

3

SIL 3 certified safety cards

Intelligent I/O cards directly perform all
safety-related functions. Each card
uses two redundant microprocessors
to achieve high safety integrity and
high speed.

System racks
The components are used in 19 inch racks. SIL 3 safety
requirements are met by all systems, even the basic DualCoreS. Duplex or triplex redundancy (TMR, triple modular redundancy) can be used in order to increase the system availability.
|

Types of I/O cards:

| MCDIN-S: a family of 24-channel
digital input cards for active and
passive 24V, and for NAMUR
signals
| MCDOT-S: 8- to 16-channel digital
output cards

|
|
|
|

|
|

MCAD-S: 24-channel analog current inputs for 0 to 25 mA,

or 22 current plus 2 frequency input channels
MCADA-S: analog input and output cards with 8 current
input channels plus 8 current output channels, 0 to 25 mA
each.

GA DualCore-S: non-redundant system or distributed

redundant systems with 4 HU height, max. 17 I/O cards
GA DUPLEX SMART-S: double redundant, compact
system with 4 HU height, max. 2x 4 I/O cards
GA DUPLEX/7-S: double redundant system with 7 HU
height , max. 2x 17 I/O cards
GA TMR SMART-S: triple redundant, compact system
with 4 HU height, max. 3x 4 I/O cards
GATMR/10-S: triple redundant system with 7 HU
height, max. 3x 17 I/O cards

General system components

General components are not directly safety related and are
used for safety and regular control functions. Of course, they
fulfill the high quality requirements for SIL3 safety systems.
Types of components:
| ICU mod.1: processor boards with integrated, open
communication and process data logging. Freely programmable for control functions not certified for SIL.
| ICUmod.2: High speed, large memory version of ICU
mod.1
| Power supply units: 24 VDC and 110 to 230 VAC, in a
redundant design

Control components not certified for SIL 3

Regular I/O cards, handled by ICU processor cards, can perform non-certified control functions cost-efficiently. They are
guaranteed not to interfere with safety components.
|
|
|
|
|
|

DIGI32: digital input card, 32 channels

DIGIO: digital input and output card, 16 channels of
each
MCAD: analog input card, 16 current or voltage input
channels
MCMIO: analog input card, 10 current input channels
plus 2 frequency input channels
MCRTD: analog temperature input card, 16x Pt100
DSPDA: analog output card, 8 channels

Software
The programming environments of certified and non-certified
control are completely separated in order to ensure independent functioning of both areas. The familiarisation phase is
eased by the graphical programming with function blocks
(based on IEC 61131-3 standard) and similar handling of both
tools.
|
|
|

GA safeEdit: programming environment for SIL3 certified software development

GA controlEdit: programming environment for noncertified software development
GA TurWin: basic process visualisation with integrated,
open communication to 3rd-party systems (DCS and/or
PLC) and process data logging

Process integration
4

OPC
server

redundant
OPC
server

optional:
separate networ
ks

DUPLEX

DualCore

Connect to other control systems (PLC, field devices) or higher

level systems (DCS, SCADA) via integrated standard interfaces.
GA systems come with on-board Modbus RTU, Ethernet
UDP and Open Modbus TCP. Other protocols are available as
extension.

Optional protocols:
PROFIBUS DP
PROFINET
EtherNet/IP
OPC (requires OPC client or server on PC computer)
other protocols available on demand

TurWin
HMI

HMI network

remote access
& diagnostics

direct DCS
communication:
PROFIBUS
PROFINET
Modbus RTU
Modbus TCP
Ethernet UDP

redundant Ether
net:
control & safety
netwo

GA engineering
& local HMI
OPC
server
or
client

rk

TMR

PROFIB
US
Modbus
OPEN
Modbu
RTU
s TCP,
Ethern
et UDP
, PROF
INET

QMR

Scalable, distributed redundancy

6

Features

every component certified up to

SIL3, even in Simplex architecture

redundant SIL3 communication

between BlueLine systems

scalable redundancy and availability: Simplex (internal

DualCore), Duplex, TMR, QMR

TV approved engineering tool

GA safeEdit

approx. 90 TV certified function

blocks, including complex control
functions

library with SIL certified functional modules for closed-loop control

open communication

data logging on each unit

sequence-of-events data

open communication
PROFINET
PROFIBUS
EtherNet/IP
process data
alarms&events
additional
GA safety systems,
engineering system

redundant SIL3
safety network,
Star, Line or
Ring topology

TMR: Triple Modular Redundancy

QMR: Quadruple Modular Redundancy

EtherNet/IP

control & HMI

network(s)

PROFINET

write data
(non-safe)
system
diagnostics

GA BlueLine systems, overview

7

19 inch rack with 4 HU height

The compact rack with 4 HU and redundant power supplies is
available in 3 variants:

191 mm

40 m
m

mm

19 inch rack with 10 HU

The rack with 10 HU is used for triple modular redundant (TMR)
systems:

483 mm

GA DualCore-S:
- max. 16 safety I/O cards, internal redundancy mode,
typically about 170 redundant SIL3 I/O signals
- max. 17 I/O cards in total, typically about 330 simple
control signals
- simple communication and processor card
- all components hot-replaceable
GA DUPLEX SMART-S:
- max. 4 fully redundant safety I/O cards, typically about
70 redundant 1-out-of-2D SIL3 I/O signals
- max. 4 I/O cards in total, typically about 84 simple control signals
- redundant communication card functioning as a processor card for non-SIL control
- all components replaceable in operation
GA TMR SMART-S:
- max. 4 triple redundant safety I/O cards, typically: about
70 redundant 2-out-of-3 SIL3 I/O signals
- max. 4 I/O cards in total, typically about 84 simple control signals
- triple redundant communication card functioning as a
processor card for non-SIL control
- all components replaceable in operation
GA DualCore-S is the basic rack for distributet redundancy, up
to QMR, with typically about 340 redundant I/O signals.
19 inch rack with 7 HU

324 mm

40 m The rack with 7 HU is used for fully redundant systems:

m

351

mm

483 mm

40 m
m

457,5 mm

351

GA DUPLEX/7-S:
- max. 16 redundant safety I/O cards, typically about 340
redundant 1-out-of-2D SIL3 I/O signals
- max. 17 redundant I/O cards in total, typically about 330
redundant control signals
- redundant ICU communication card functioning as a
processor card for non-SIL control
- all components replaceable in operation

35

1m
m

m
483 m

GA TMR/10-S:
- max. 16 redundant safety I/O cards, typically: about 340
redundant 2- out-of-3 SIL3 I/O signals
- max. 17 redundant I/O cards in total, typically about 330
2- out-of -3 redundant control signals
- redundant ICU communication card functioning as
processor card for non-SIL control
- all components replaceable in operation
Common features
- Redundant wide-range power supplies 110 to 230 VAC
or redundant 24 VDC power supplies are available for
all racks.
- Power supplies can be replaced in operation.
- ICU cards are used in the non-SIL3 area as processor
cards (CPU). In case of redundancy, they can be replaced in operation.
- ICU cards are used in all systems as communication
cards. Integrated interfaces for "Open Modbus TCP",
"Ethernet UDP" and serial "Modbus RTU" are available
as integrated standard. "PROFIBUS is available optionally as an extension. Integration into Windows
OPC protocol is available via OPC server and OPC
client on Windows computers.

MPU-M1 processor card

Technical information

In addition to the smart I/O processor cards, the MPU-M1

card is available. It can be used for application programming up
to SIL3, to further improve performance and memory.
It also allows safety related, redundant SIL3 communication between multiple GA safety systems.
Apart from redundant Ethernet for the GA safeTCP SIL3
safety protocol, the card offers interface extensions for two
additional protocols. Typical applications are PROFINET or
PROFIBUS DP.
On-board, redundant SD memory cards provide space for
high quality data logging, for long term historical trends and
transient events.

I
|
I
I
I
I

modular systems for safety functions (ESD) and analog

closed-loop control, certified by TV according to IEC
61508 up to SIL3 and ISO 13849 up to PLe
flexible scalability
highest process availability:
up to quadruple redundant,
up to 2oo4D system architecture
TMR technology optionally with 3-2-0 or 3-2-1-0 degradation
replacement of components during operation
graphical programming environment, based on the IEC
61131-3 standard
extended programming language, certified by TV, with
support of:
- full extent of logic functions, boolean and bit wise
- time functions and counters
- typical arithmetical, mathematical and interpolation
functions
- ramp functions and functions for analog closed loop
control
- signal monitoring, including alarm generation with
hysteresis
- high, low, average value and middle-of-three selection for analog signals and calculated values
- 2-out-of-3 selection for digital signals and calculated digital values

integrated logic analyser for graphical trend display of

analog and digital signals and values

open communication protocols:

Open MODBUS TCP, MODBUS RTU, Ethernet UDP,
PROFIBUS, PROFINET, EtherNet/IP, OPC
real-time, high-speed process data logging, directly in
the safety control system

Sequence-of-Events alarm management with real-time

timestamp directly in the safety control system

GEBHARDT Automation GmbH is exclusive manufacturer of

turbolog DSP control and safety systems for MAN TURBO AG

GEBHARDT Automation GmbH

GEBHARDT Automation GmbH

Thngenfeld 3
D-58256 Ennepetal
Germany
Telefon:
+49 (0)2333 7908 0
Telefax:
+49 (0)2333 7908 24
E-Mail:
info@gebhardt-automation.de
www.gebhardt-automation.de