Im32p01b10 01en

Download as pdf or txt
Download as pdf or txt
You are on page 1of 142

User's

Manual
ProSafe-RS User’s Guide

IM 32P01B10-01EN

IM 32P01B10-01EN
6th Edition
i

Introduction
This manual provides the overview of ProSafe-RS. Please read first to understand the prod-
uct. Links are also listed to guide you to the descriptions of ProSafe-RS usage for each situa-
tion.
This manual consists of the following parts:
• Part A Overview of ProSafe-RS
Provides an overview of the typical functions of ProSafe-RS. ProSafe-RS can be used ei-
ther on a physical computer or on a virtual computer that is built on a virtualization plat-
form.
• Part B ProSafe-RS Security
Describes the security function that should first be understood when handling ProSafe-
RS products.
• Appendix 1 Glossary
A glossary of terms used in the user manual
• Appendix 2 List of links
A list that guides you to the description of ProSafe-RS usage in typical situations.

6th Edition : Dec. 2019 (YK) IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


All Rights Reserved. Copyright © 2015, Yokogawa Electric Corporation
ii

Safety Precautions for Use


n Safety, Protection, and Modification of the Product
• To protect the system controlled by the Product and the Product itself and to ensure safe
operation, please observe the safety precautions described in this Manual. Yokogawa
Electric Corporation ("YOKOGAWA") assumes no liability for safety if users fail to observe
the safety precautions and instructions when operating the Product.
• If the Product is used in a manner not specified in the User's Manuals, the protection pro-
vided by the Product may be impaired.
• If any protection or safety circuit is required for the system controlled by the Product or for
the Product itself, please install it externally.
• Be sure to confirm the specifications and required settings of the devices that are used in
combination with the Product by referring to the instruction manual or other documents of
the devices.
• Use only spare parts that are approved by YOKOGAWA when replacing parts or consum-
ables of the Product.
• Do not use the Product and its accessories such as power cords on devices that are not
approved by YOKOGAWA. Do not use the Product and its accessories for any purpose
other than those intended by YOKOGAWA.
• Modification of the Product is strictly prohibited.
• The following symbols are used in the Product and User's Manuals to indicate the accom-
panying safety precautions:
Indicates that caution is required. This symbol for the Product indicates the possi-
bility of dangers such as electric shock on personnel and equipment, and also indi-
cates that the user must refer to the User’s Manuals for necessary actions. In the
User’s Manuals, this symbol is used together with a word “CAUTION” or “WARN-
ING” at the locations where precautions for avoiding dangers are described.
<French> Signale qu’il faut faire preuve de prudence. Ce symbole pour le produit
signale la possibilité d’un danger pour le personnel et l’équipement comme un
choc électrique, et signale également que l’utilisateur doit se référer au Manuel de
l’utilisateur afin de prendre les mesures nécessaires. Dans le Manuel de l’utilisa-
teur, ce symbole est utilisé conjointement avec la mention «CAUTION» ou
«WARNING» aux endroits où sont décrites les précautions pour éviter les
dangers.
Indicates that caution is required for hot surface. Note that the devices with this
symbol become hot. The risk of burn injury or some damages exists if the devices
are touched or contacted.
<French> Signale qu'il faut faire preuve de prudence avec la surface brûlante. Les
appareils sur lesquels est apposé ce symbole risquent de devenir brûlants. Tout
contact physique ou matériel avec ces appareils risque de provoquer des brûlures
ou des dommages.
Identifies a protective conductor terminal. Before using the Product, you must
ground the protective conductor terminal to avoid electric shock.
Identifies a functional grounding terminal. A terminal marked "FG" also has the
same function. This terminal is used for grounding other than protective grounding.
Before using the Product, you must ground this terminal.
Indicates an AC supply.
Indicates a DC supply.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


iii
Indicates that a component such as a power supply switch is turned ON.

Indicates that a component such as a power supply switch is turned OFF.

n Notes on Handling User's Manuals


• Hand over the User's Manuals to your end users so that they can keep the User's Man-
uals on hand for convenient reference.
• Thoroughly read and understand the information in the User's Manuals before using the
Product.
• For the avoidance of doubt, the purpose of the User's Manuals is not to warrant that the
Product is suitable for any particular purpose but to describe the functional details of the
Product.
• Contents of the User's Manuals are subject to change without notice.
• Every effort has been made to ensure the accuracy of contents in the User's Manuals.
However, should you have any questions or find any errors, contact us or your local dis-
tributor. The User's Manuals with unordered or missing pages will be replaced.

n Warning and Disclaimer


• Except as specified in the warranty terms, YOKOGAWA shall not provide any warranty for
the Product.
• YOKOGAWA shall not be liable for any indirect or consequential loss incurred by either
using or not being able to use the Product.

n Notes on Software
• YOKOGAWA makes no warranties, either expressed or implied, with respect to the Soft-
ware Product's merchantability or suitability for any particular purpose, except as speci-
fied in the warranty terms.
• Purchase the appropriate number of licenses of the Software Product according to the
number of computers to be used.
• No copy of the Software Product may be made for any purpose other than backup; other-
wise, it is deemed as an infringement of YOKOGAWA's Intellectual Property rights.
• Keep the software medium of the Software Product in a safe place.
• No reverse engineering, reverse compiling, reverse assembling, or converting the Soft-
ware Product to human-readable format may be performed for the Software Product.
• No part of the Software Product may be transferred, converted, or sublet for use by any
third-party, without prior written consent from YOKOGAWA.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


iv

Documentation Conventions
n Symbols
The following symbols are used in the User's Manuals.
Indicates precautions to avoid a danger that may lead to death or
WARNING severe injury.

Indicates precautions to avoid a danger that may lead to minor or


CAUTION moderate injury or property damage.

IMPORTANT Indicates important information required to understand operations or


functions.
Indicates additional information.

Indicates referenced content.


In online manuals, you can view the referenced content by clicking
the links that are in green text. However, this action does not apply
to the links that are in black text.

n Typographical Conventions
The following typographical conventions are used throughout the User's Manuals.

l Commonly Used Conventions throughout the User's Manuals


• Δ Mark
Indicates that a space must be entered between character strings.
Example:
.ALΔPIC010Δ-SC
• Character string enclosed by braces { }
Indicates character strings that may be omitted.
Example:
.PRΔTAG{Δ.sheet name}

l Conventions Used to Show Key or Button Operations


• Characters enclosed by brackets [ ]
When characters are enclosed by brackets in the description of a key or button operation,
it indicates a key on the keyboard, a button name in a window, or an item in a list box
displayed in a window.
Example:
To alter the function, press the [ESC] key.

l Conventions of a User-defined Folder


• User-defined folder name enclosed by parenthesis ( )
User definable path is written in a pair of parentheses.
Example:
(RS Project Folder)\SCS0101

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


v
If the RS Project Folder is C:\MYRSPJT, the above path becomes
C:\MYRSPJTSCS0101.

n Drawing Conventions
Drawings used in the User's Manuals may be partially emphasized, simplified, or omitted for
the convenience of description.
Drawings of windows may be slightly different from the actual screenshots with different set-
tings or fonts. The difference does not hamper the understanding of basic functionalities and
operation and monitoring tasks.

n Explanation of Hardware and Software Behaviors in the User's


Manuals
In the User's Manuals, system behaviors are explained assuming that the latest versions of
YOKOGAWA software and hardware at the time of publication of the User's Manuals are in-
stalled.
If additional precise information about the safety of legacy versions of software or hardware is
required, a link to the corresponding explanation is provided. Please refer to the information
according to your system.

n Definitions of Node and Module Terms


In the User's Manuals, nodes and modules are referred to by using collective terms, another
terms, or abbreviations based on the following definitions:
• Definitions of nodes
• Node: A node is a collective term for an FIO node and an N-IO node.
• FIO node: This is a collective term for a safety control unit, a safety node unit, and a
unit for optical ESB bus repeater module.
• CPU node: This is another term for a safety control unit. The abbreviation of safety
control unit is SCU.
• I/O node: This is another term for a safety node unit. The abbreviation of safety node
unit is SNU.
• N-IO node: This is a collective term for a node interface unit and an N-IO I/O unit.
The abbreviation of node interface unit is NIU.
• Definitions of modules
• I/O module: This is a collective term for an FIO I/O module and an N-IO I/O module.
• FIO I/O module: This is a collective term for an analog I/O module and a digital I/O
module for FIO, and a communication module.
• N-IO I/O module: This is a collective term for the modules that can be mounted on an
N-IO I/O unit.
• AIO/DIO module: This is a collective term for an analog I/O module, a digital I/O mod-
ule, and a universal type I/O module.
• Analog I/O module: This is a collective term for an analog input module and an ana-
log output module.
• Digital I/O module: This is a collective term for a digital input module and a digital out-
put module.
• Universal type I/O module: This is a collective term for the I/O modules for which the
channel signal category can be changed by software.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


vi
• Input module: This is a collective term for an analog input module, digital input mod-
ule, and a universal type I/O module with defined input channels.
• Output module: This is a collective term for an analog output module, digital output
module, and a universal type I/O module with defined output channels.
• Communication module: This is a collective term for a serial communication module,
an Ethernet communication module, and a fire and gas communication module.

n Full Names and Simplified Terms


In the User’s Manuals, simplified terms listed in the following table are used.

Table Info-1 Full Names and Simplified Terms


Full Name Simplified Term
Automation Design Suite AD Suite
Automation Design Organizer AD Organizer
Automation Design Server AD Server
Automation Design project AD project
Automation Design Master Database ADMDB
Automation Design Suite Administration Tool ADS Administration
Tool
iDefine for ProSafe-RS iDefine
Modification Package ModPack
SCSV1-S SCSV1
(SCS supporting the SSC10S/SSC10D safety control units)
SCSP1-S SCSP1
(SCS supporting the SSC50S/SSC50D safety control units)
SCSP2-S SCSP2
(SCS supporting the SSC60S/SSC60D safety control units)
SCSP3-S SCSP3
(SCS supporting the S2SC70S/S2SC70D safety control units)
SCSU1-S SCSU1
(SCS supporting the SSC57S/SSC57D safety control units)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


vii

Copyright and Trademark Notices


n All Rights Reserved
The copyright of the programs and online manuals contained in the software medium of the
Software Product shall remain with YOKOGAWA.
You are allowed to print the required pages of the online manuals for the purposes of using or
operating the Product; however, reprinting or reproducing the entire document is strictly pro-
hibited by the Copyright Law.
Except as stated above, no part of the online manuals may be reproduced, transferred, sold,
or distributed to a third party in any manner (either in electronic or written form including, with-
out limitation, in the forms of paper documents, electronic media, and transmission via the
network). Nor it may be registered or recorded in the media such as films without permission.

n Trademark Acknowledgments
• CENTUM, ProSafe, Vnet/IP, PRM, Exaopc, FieldMate Validator, and STARDOM are reg-
istered trademarks or trademarks of Yokogawa Electric Corporation.
• The names of corporations, organizations, products and logos herein are either regis-
tered trademarks or trademarks of Yokogawa Electric Corporation and their respective
holders.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


TocA-1

ProSafe-RS User’s Guide

IM 32P01B10-01EN 6th Edition

CONTENTS
PART-A Overview of ProSafe-RS................................. A-1
A1. Requirements..................................................................................... A1-1
A1.1 Hardware requirements............................................................................. A1-2
A1.2 Software requirements.............................................................................. A1-5
A2. Overview of SCS................................................................................ A2-1
A2.1 SCS hardware configuration.....................................................................A2-4
A2.2 SCSP2 hardware configuration................................................................ A2-9
A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS............A2-10
A2.3.1 SCS operating mode..................................................................A2-12
A2.3.2 Security level of SCS................................................................. A2-15
A2.3.3 Diagnosis for hardware.............................................................. A2-17
A2.4 Dual-redundancy in the SCS...................................................................A2-18
A2.4.1 Redundant configuration in SCS................................................A2-19
A2.4.2 CPU redundant status................................................................A2-22
A3. Outline of the safety system generation function.......................... A3-1
A3.1 Window components common to builders............................................A3-12
A3.2 Types of downloading............................................................................. A3-16
A4. Configuration of maintenance function...........................................A4-1
A5. Overview of the SCS Maintenance Support Tool............................ A5-1
A5.1 Relationships among functions of SCS Maintenance Support Tool.............
..................................................................................................................... A5-2
A5.2 Application examples at maintenance..................................................... A5-4
A5.3 Customization of the SCS Maintenance Support Tool window............. A5-7
A6. Virtualization platform....................................................................... A6-1
A6.1 Outline of virtualization platform..............................................................A6-2
A6.2 System configuration of virtualization platform..................................... A6-3
A6.2.1 Virtualization host computer.........................................................A6-4
A6.2.2 Thin client.....................................................................................A6-6
A6.3 Software environment............................................................................... A6-7
A6.3.1 Virtualization host computer.........................................................A6-8
A6.3.2 Thin client.....................................................................................A6-9
A6.3.3 License.......................................................................................A6-10

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


TocA-2
A6.4 Precautions on the virtualization platform............................................ A6-11
A6.4.1 Precautions related to Vnet/IP communication on the virtualization
platform...................................................................................... A6-12
A6.4.2 Precautions on using ProSafe-RS on a virtual machine............ A6-14

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


TocB-1

ProSafe-RS User’s Guide

IM 32P01B10-01EN 6th Edition

CONTENTS
PART-B ProSafe-RS security........................................ B-1
B1. Overview of ProSafe-RS security..................................................... B1-1
B2. Security for project database........................................................... B2-1
B3. Security of SCS.................................................................................. B3-1
B4. NIU status and security..................................................................... B4-1
B4.1 Status of the NIU maintenance port......................................................... B4-2
B4.2 Operation mode of the NIU........................................................................B4-3
B4.3 Shifting the Status of the NIU................................................................... B4-5
B4.4 Checking the status of the maintenance port of the NIU....................... B4-6
B5. Security of SCS Maintenance Support tool.....................................B5-1
B6. Access control and history management........................................B6-1

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


TocApp.-1

ProSafe-RS User’s Guide

IM 32P01B10-01EN 6th Edition

CONTENTS
Appendix
Appendix 1. Glossary...........................................................................App.1-1
Appendix 2. List of links...................................................................... App.2-1

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A. Overview of ProSafe-RS> A-1

A. Overview of ProSafe-RS
ProSafe-RS is the Safety Instrumented System (SIS) comprising Safety Control Station (SCS)
and Safety Engineering PC (SENG).
This section describes the following topics to give an overview of ProSafe-RS:
• Operating Environment
• Overview of the SCS
• Configuration of System Generation Function
• Configuration of Maintenance Function
• Configuration of the SCS Maintenance Support Tool
• Virtualization platform

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1. Requirements> A1-1

A1. Requirements
This section explains the hardware and software requirements. It also explains the software
that can collaborate with ProSafe-RS and software that can co-exist on the same computer.
SEE
ALSO For more information about hardware on which the virtualization platform runs, and Yokogawa system prod-
ucts running on virtualization platform virtual machines, refer to:
IA system products virtualization platform (GS 30A05B10-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.1 Hardware requirements> A1-2

A1.1 Hardware requirements


This section describes the hardware environment used in a ProSafe-RS system.
If CENTUM software is also installed on the same computer, the computer must also meet the
requirements for CENTUM.
Likewise, if iDefine software is installed on the same computer, the computer must also meet
the requirements for iDefine.
SEE
ALSO For more information about the hardware requirements of the computer where iDefine is to be installed, refer
to:
2., "System Requirements" in iDefine Installation Guide (PR03076-MAN-991_01)

n Hardware requirements for SENG


You must ensure that the computer that is used as SENG meets the hardware requirements
as shown in the following table. Conditions will differ depending on the package being used.
• When using the Engineering Server Function:

Table A1.1-1 Hardware requirements for SENG (Windows 10, Windows 7)


Component Requirements
CPU Intel Core i5 equivalent or above
Main memory 8 GB or more
Hard disk space Available space of at least 100 MB x the number of SCS units

Table A1.1-2 Hardware requirements for SENG (Windows Server 2016, Windows 2008 R2)
Component Requirements
CPU Xeon 4 core (2.2 GHz) equivalent or above
Main memory 8 GB or more
Hard disk space Available space of at least 100 MB x the number of SCS units

• When using the Safety System Engineering and Maintenance Function:


When installing the Engineering Server Function in the same computer, observe the hard-
ware requirements for the Engineering Server Function. Also be sure to total the required
space available for the hard disk space.

Table A1.1-3 Hardware requirements for SENG (Windows 10, Windows 7)


Component Requirements
CPU Intel Core i5 equivalent or above
Main memory 8 GB or more
Hard disk space Available space of at least 60 GB

Table A1.1-4 Hardware requirements for SENG (Windows Server 2016, Windows 2008 R2)
Component Requirements
CPU Xeon 4 core (2.2 GHz) equivalent or above
Main memory 8 GB or more
Hard disk space Available space of at least 60 GB

• When using the SOE Viewer Package, SOE OPC Interface Package and Forced I/O
Viewer Package:

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.1 Hardware requirements> A1-3
When installing the SOE Viewer Package or the SOE OPC Interface Package on the
same computer where the Engineering Server Function, or the Safety System Engineer-
ing and Maintenance Function is installed, observe the hardware requirements for each
function. Also be sure to total the space required by each function and available for the
hard disk space.

Table A1.1-5 Hardware requirements for SENG (Windows 10, Windows 7)


Component Requirements
CPU Intel Core 2 Duo processor (2.13 GHz) equivalent or above, or Xeon Dual Core (2.0
GHz) equivalent or above
Main memory 4 GB or more
Hard disk space • Available space of at least 20 GB (required)
• Available space of at least 40 GB (recommended)

Table A1.1-6 Hardware requirements for SENG (Windows Server 2016, Windows 2008 R2)
Component Requirements
CPU Xeon Dual Core (2.93 GHz) or higher (mandatory)
Main memory 4 GB or more
Hard disk space • Available space of at least 20 GB (required)
• Available space of at least 40 GB (recommended)

The components for which requirements are same irrespective of OS and license conditions
are summarized in the following table.

Table A1.1-7 SENG hardware requirements (components for which requirements are the same for all
the conditions)
Component Requirements
Display • When using a square monitor, a resolution of at least SXGA (1280x1024), True
Color (required)
• When using a wide-screen monitor, a resolution of at least WXGA+ (1440×900),
True color
Graphics DirectX 9 graphic processing unit or equivalent, and supports the following (mandato-
ry):
• Windows Driver Display Model (WDDM)
• Pixel Shader 2.0
• 32 bits per pixel
• 128 MB graphic memory
Peripheral unit • DVD-ROM drive (mandatory)
• 1 PCI Express slot is necessary for the Vnet/IP interface card (mandatory) (*1)
• Mouse (mandatory)
*1: When connecting the computer to the Vnet/IP.

n Hardware requirements for a file server


The hardware requirements for the computer used as a file server are as follows:

Table A1.1-8 Hardware requirements for a file server (Windows Server 2016, Windows Server 2012 R2,
Windows Server 2008 R2, Windows Server 2008)
Component Requirements
CPU 2 GHz or higher
Main memory 2 GB or more
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.1 Hardware requirements> A1-4
Table A1.1-8 Hardware requirements for a file server (Windows Server 2016, Windows Server 2012 R2,
Windows Server 2008 R2, Windows Server 2008) (Table continued)
Component Requirements
Hard disk space • Available space of at least 20 GB (required)
• Available space of at least 50 GB (recommended)
However, when placing the history management database on the hard disk, an ad-
ditional available space of at least 60 GB is recommended
Display SuperVGA (800 x 600) or higher (mandatory)
Peripheral unit • DVD-ROM drive (mandatory)
• Network adapter (mandatory)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-5

A1.2 Software requirements


This section describes the software requirements for SENG. It also explains the software that
can collaborate with ProSafe-RS and software that can co-exist on the same computer.

n Software requirements for SENG


This section describes the software requirements for SENG.

l Supported OS
Windows OS versions to be supported by ProSafe-RS are as follows:
• Windows 10 Enterprise 2016 LTSB (64-bit) (*1)
• Windows 10 IoT Enterprise 2016 LTSB (64-bit) (*1)
• Windows 7 Professional SP1 (64-bit)
• Windows Server 2016 Standard (64-bit)
• Windows Server 2008 R2 SP1 Standard (64-bit)
*1: For the LTSB model, whose functions are not updated, only security patches and hotfixes are provided. Exercise caution be-
cause Windows 10 Enterprise LTSB is functionally different from other Windows 10 models. LTSBs are sold only with volume
licenses.

TIP Windows Server 2008 SP2 Standard Edition and Windows Server 2012 R2 can be used as a domain control-
ler or file server not running ProSafe-RS software.

Before installing ProSafe-RS, make sure that a Windows OS version and service pack appro-
priate for the ProSafe-RS software release number are installed on the computer.

IMPORTANT
• On a Windows pre-installed computer, various Windows utilities and other software may
have been installed in addition to the Windows OS. These additional functions are not on-
ly unnecessary for SENG but also can disturb its operations. To avoid disturbance to op-
erations, reinstall the Windows OS.
• It is assumed that security patches are applied according to the customer's security poli-
cy. YOKOGAWA recommends to apply security patches to ProSafe-RS systems. It is rec-
ommended to apply all required security patches before the system goes into operation
and also apply security patches that are released after the system went into operation as
promptly as possible. YOKOGAWA offers security patch application services. Contact
YOKOGAWA Service for more information.
• When using a Windows 10 Enterprise LTSB computer, some customization is required
when you install Windows 10.

SEE
ALSO For more information about the procedure for the customization at installation of Windows 10 Enterprise
LTSB, refer to:
Appendix 5., “Customization at Installation of Windows 10” in Installation Guide (IM 32P01C50-01EN)

l .NET Framework
When the ProSafe-RS software is installed, .NET Framework is automatically installed. How-
ever, .NET Framework included in the ProSafe-RS software medium will not be installed auto-

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-6
matically if a newer version has already been installed in the computer, to avoid downgrading
of .NET Framework.
The following table shows the version of supported .NET Framework for each Windows OS.

Table A1.2-1 Version of supported .NET Framework


Windows OS Version of supported .NET Framework
Windows 10 .NET Framework 4.6.2
Windows 7
Windows Server 2016
Windows Server 2008 R2

l Software that can coexist with ProSafe-RS


The ProSafe-RS software can coexist with the following software programs.
The following table lists the software that has been confirmed to run without affecting the op-
eration of ProSafe-RS when installed on the same computer.

IMPORTANT
Use only the volume license version of Microsoft Word and Microsoft Excel.

Table A1.2-2 List of software that can coexist with ProSafe-RS


Classification Software name Version (*1)(*2)(*3) Remarks
Spread sheet Microsoft Excel (32-bit) 2016, 2013 SP1
(*4) (*5)
Word processor Microsoft Word (32-bit) 2016, 2013 SP1
(*4)(*5)
WWW browser Microsoft Internet Explor- 11
er
SQL Server Microsoft SQL Server 2016 SP2, 2012 SP4 or When coexisting with
later SQL server available for
iDefine:
Security Yokogawa standard anti- -
virus software (*6)
Whitelisting Software for - Model: SS1WL1C,
Endpoint Security (*7) SS1WL1S
Document viewer Adobe Acrobat 2017 Used for the Instruction
Manual Package
Adobe Acrobat Reader DC, 2017
*1: Please confirm the required operation environment of each software for OS on which each software operates.
*2: SP is an abbreviation of Service Pack.
*3: The software version has been confirmed at the time of the release of this document. For more information about the latest
supported version, contact YOKOGAWA.
*4: If CENTUM software is installed on the same computer, make sure that installed software also meets the software require-
ments for CENTUM.
*5: Only the volume license version is subject to operation guarantee.
*6: This anti-virus software is based on the anti-virus software product from McAfee Inc. and customized for YOKOGAWA control
systems. It is provided with Endpoint Security Services (LS1SN001/LS1SR001).
*7: This whitelisting software is based on the application control technology from McAfee Inc. and customized for YOKOGAWA
control systems.

n CENTUM integration system


When ProSafe-RS is integrated with CENTUM, available ProSafe-RS functions are limited de-
pending on the software release number of CENTUM. This section explains precautions when

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-7
installing the ProSafe-RS and CENTUM software on separate computers or on the same
computer.
SEE
ALSO For more information about integration with CENTUM, refer to:
B., “CENTUM integration” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)

l Relationship between ProSafe-RS functions and CENTUM release


numbers
When using ProSafe-RS R4.05.00, CENTUM VP of release number R6.07 or later is recom-
mended.
For the version of the Engineering Server Function, use the version or later included in this
version ProSafe-RS. If you use the old versions of the Engineering Server Function, AD Suite
will not properly operate.
When using CENTUM VP of the release number that is not recommended, the following re-
striction applies:

Table A1.2-3 When CENTUM VP is earlier than R6.07


Limitation
• System alarm messages added in R4.05.00 are not displayed on HIS. The same applies to the messag-
es that are received through an OPC server.
• In the SCS Status Display view and SCS Report dialog box, the status of Operation data reset switch is
not displayed.
• In the SCS Report dialog box, CPU model of S2CP471 is not displayed correctly.
• Even if “Skip Password Dialog Box for Manual Operation FB” is enabled in the SCS Constants Builder,
the Password Input dialog box displayed when manipulating MV from HIS is not omitted.

Table A1.2-4 When CENTUM VP is earlier than R6.06


Limitation
• The SCS simulation test does not operate correctly.

Table A1.2-5 When CENTUM VP is earlier than R6.05


Limitation
• The tags of the function blocks PSI_I, PSI_R, PNI_I, PNI_R added in R4.03.10 are not displayed on HIS.
• System alarm messages added in R4.03.10 are not displayed on HIS. The same applies to the messag-
es that are received through an OPC server.
• The system alarm messages to which the string “Safety Subsystem” is added in R4.03.10 is displayed
without “Safety Subsystem”. In other words, the legacy message strings are displayed. The same applies
to the messages that are received through an OPC server.
• In the SCS Status Display view and SCS Report dialog box, number of locked safety subsystem commu-
nication I/O is not displayed.

Table A1.2-6 When CENTUM VP is earlier than R6.04


Limitation
• The instrument faceplate of mapping blocks S_HSDTR/S_GASDTR cannot be displayed in HIS. Process
alarm messages are not displayed properly.
• System alarm messages added in R4.03.00 are not displayed on HIS. Messages through OPC are also
not displayed.
• System alarm messages that are supposed to be suppressed by the alarm suppression function during
device reset are not suppressed and are displayed in HIS.
• System alarm messages and process alarm messages that are supposed to be suppressed by the chat-
tering alarm suppression function are not suppressed and are displayed in HIS.

Table A1.2-7 When CENTUM VP is earlier than R6.02


Limitation
• Operation and monitoring of SCSP3 cannot be performed on HIS.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-8

l IT security setting
• You can fortify computer security. To fortify the security, select "Standard model" with the
IT Security Tool at installation of both ProSafe-RS and CENTUM VP.
• If you integrate ProSafe-RS with CENTUM VP earlier than R5.01, manually relax some
security items according to the IT security setting of CENTUM VP.
SEE
ALSO For more information about IT Security Tool, refer to:
6.1, “IT Security Tool” in ProSafe-RS Security Guide (IM 32P01C70-01EN)

l Coexistence of ProSafe-RS and CENTUM on the same computer


Observe the following precautions when installing the ProSafe-RS and CENTUM VP software
on the same computer.
• Use the CENTUM VP software of R6.06 or later when installing ProSafe-RS R4.05.00
and CENTUM VP on the same computer.
• Use the CENTUM VP software of R6.07 or later when installing ProSafe-RS R4.05.00
and CENTUM VP on the same computer and when using the PROFIBUS-DP Configura-
tor of CENTUM VP.
• Unless specially instructed, install the control bus driver from the ProSafe-RS software
medium.
If one of the systems has been upgraded, follow the instruction provided for each revi-
sion.
• On a computer installed with both the ProSafe-RS and CENTUM software, configure Win-
dows settings according to the instructions in the installation manual of CENTUM.
• PROFIBUS-DP Configurator (SYCON.net/YOKO) and PROFINET Configurator (SYC-
ON.net-A2LP/YOKO) of CENTUM VP, and PROFINET Configurator (SYCON.net-SLP/
YOKO) of ProSafe-RS cannot be started simultaneously.
TIP • PROFIBUS-DP Configurator (SYCON.net/YOKO), PROFINET Configurator (SYCON.net-A2LP/YOKO),
and PROFINET Configurator (SYCON.net-SLP/YOKO) are products of Hilscher.
• The features exclusively prepared for ProSafe-RS cannot be used in the commercially available Hilscher
SYCON.net.

SEE
ALSO For more information about iDefine version that can coexist with ProSafe-RS and CENTUM VP, refer to:
“n Use of iDefine” on page A1-9
For more information about installing the control bus driver, refer to:
B3.3.1, “Installing the Control Bus Driver” in Installation Guide (IM 32P01C50-01EN)
For more information about setup of Windows with CENTUM VP, refer to:
B4.2, "Setting Up Windows" in CENTUM VP Installation (IM 33J01C10-01EN)

n FAST/TOOLS integration system


l Coexistence of ProSafe-RS and FAST/TOOLS on the same computer
FAST/TOOLS and ProSafe-RS software cannot run on the same computer.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-9

l Version
When using ProSafe-RS R4.05.00, the recommended version of FAST/TOOLS is R10.03 or
later. However, FAST/TOOLS R10.03 does not support the following devices and functions:
• N-IO nodes
• Mapping blocks S_HSDTR, S_GASDTR
• Fire and gas communication
• S2CP471

n Use of iDefine
l Coexistence of ProSafe-RS and iDefine on the same computer
When using ProSafe-RS R4.03 or later, iDefine and ProSafe-RS software can coexist.
When using ProSafe-RS R4.05 or later, iDefine software can coexist on the computer where
ProSafe-RS and CENTUM VP R6.07 or later software coexist. iDefine and CENTUM VP
alone cannot coexist.

IMPORTANT
You cannot install iDefine software on the computer where ProSafe-RS and PRM client soft-
ware coexist.

l Version
The following table shows the version numbers of ProSafe-RS and iDefine that can be used
in combination.

Table A1.2-8 Allowed version number combinations of ProSafe-RS and iDefine


ProSafe-RS release number iDefine version number Coexistence
R4.02.00 1.16.1 Not allowed
R4.03.00 1.16.2 Allowed
R4.03.10 1.16.3 Allowed
R4.04.00 1.16.4 Allowed
R4.05.00 1.16.5 Allowed, can coexist with
CENTUM VP R6.07 or later

iDefine is a product of Trinity Integrated Systems Ltd.


SEE
ALSO For more information about the software requirements of the computer where iDefine is to be installed, refer
to:
2., "System Requirements" in iDefine Installation Guide (PR03076-MAN-991_01)

n Use of PRM
l Coexistence of ProSafe-RS and PRM on the same computer
Whether or not the PRM and ProSafe-RS software can run on the same computer is as fol-
lows:
• A PRM server and ProSafe-RS software cannot run on the same computer.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-10
• A PRM client and ProSafe-RS software can run on the same computer. Note, however,
that a PRM client cannot run on the same computer if the computer has a license of SOE
OPC Interface Package of ProSafe-RS.
• If you install the PRM client on SENG that is connected to the narrowband Vnet/IP-Up-
stream network, you need additional Ethernet wiring for PRM client communications.

IMPORTANT
You cannot install iDefine software on the computer where ProSafe-RS and PRM client soft-
ware coexist.

l Precautions when installing ProSafe-RS and PRM on the same computer


When ProSafe-RS R4.03.10 and PRM are installed on the same computer, occasionally the
error messages related to DTM (Device Type Manager) is displayed in the PROFINET Config-
urator. When you open PROFINET Configurator for the first time, the error messages are dis-
played in the message area of PROFINET Configurator at the time of registering GSDML.
GetInformation failed with device: DTM name

You can ignore this error message when the DTM name is not YFGW410.

l Version
When using ProSafe-RS R4.05.00, the recommended version of PRM is R3.30 or later. PRM
versions earlier than PRM R3.30 do not support SCSP3 station. Also, PRM versions earlier
than R3.12 cannot be connected to the narrowband mode of Vnet/IP-Upstream.

n Use of Exaopc
l Coexistence of ProSafe-RS and Exaopc on the same computer
Exaopc and ProSafe-RS software cannot run on the same computer.

l Version
When using ProSafe-RS R4.05.00, the recommended version of Exaopc is R3.78 or later.
When using Exaopc of the version that is not recommended, the following restriction applies:

Table A1.2-9 When Exaopc is earlier than R3.78


Limitation
• The system alarm messages newly added to R4.05.00 are not notified to Exaopc Client.

Table A1.2-10 When Exaopc is earlier than R3.77


Limitation
• The system alarm messages added to R4.03.10 are not notified to Exaopc Client.
• In R4.03.10, system alarm messages with “Safety Subsystem” mentioned in the legacy message are no-
tified to Exaopc Client as a legacy message without “Safety Subsystem”.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A1.2 Software requirements> A1-11
Table A1.2-11 When Exaopc is earlier than R3.76
Limitation
• The system alarm messages added to R4.03.00 are not notified to Exaopc Client.
• Process alarm messages generated from mapping blocks S_HSDTR/S_GASDTR are not notified to
Exaopc client successfully.
• Alarm status added in the R4.03.00 cannot be acquired in the OPC interface related to inquiries of condi-
tion name.
• A recover alarm message about completion of the suppression period of the chattering alarm suppres-
sion function is not notified to Exaopc client.

Table A1.2-12 When Exaopc is earlier than R3.74


Limitation
• N-IO related system alarms are not notified to Exaopc client.

n Use of Exaquantum
l Coexistence of ProSafe-RS and Exaquantum on the same computer
Exaquantum and ProSafe-RS software cannot run on the same computer.

l Version
When using ProSafe-RS R4.05.00, the recommended version of Exaquantum is R3.01 or lat-
er. ProSafe-RS can be connected to Exaquantum R2.20 or later. However, because the ver-
sions of Exaquantum earlier than R2.60 do not support the IT security function, you must se-
lect the Legacy model to use the IT security function of ProSafe-RS.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2. Overview of SCS > A2-1

A2. Overview of SCS


The ProSafe-RS SCS (Safety Control Station) is a station dedicated for safety control applica-
tions.
The SCS consists of the function that monitors the safety conditions of the plant, the applica-
tion logic execution function that performs pre-determined safety operations according to
each safety control request and the external communication function that communicates infor-
mation with devices other than SCSs.

n Classification of SCS application


In the SCS, you can create the following applications:
• Safety application
This is an application which executes safety functions. The safety application includes ap-
plication logic written in the language conforming to the IEC 61131-3 standards.
The following programming languages defined in IEC 61131-3 are available for the SCS:
• Function Block Diagram (FBD)
• Ladder Diagram (LD)
• Structured Text (ST)
• Application to connect with other systems
You can create the following applications:
• CENTUM integration
This is an application for exchanging data with the CENTUM system.
• FAST/TOOLS Integration
This is an application for exchanging data with FAST/TOOLS. In SCSU1, you can
create an application for gas flow calculation in accordance to the specifications of
American Gas Association.
• Subsystem communication
This is an application for exchanging data with the SCS and the subsystem connec-
ted via Modbus. It supports Modbus communications using serial communication
module and Ethernet communication module.
• Safety subsystem communication
This is an application for safely exchanging data between SCS and subsystem devi-
ces. It supports communication using fire and gas communication module.
• Modbus slave communication
It is an application that exchanges information between an external device (a Modus
master) and the SCS that are connected through Modbus communication. It is com-
patible for the Modbus communication that exchanges information via serial commu-
nication module and Ethernet communication module.
• DNP3 communication application
This is an application for communicating between the DNP3 master and SCSU1 con-
nected via DNP3.

n Overview of SCS software configuration


SCS is equipped with an application logic execution function for detecting dangerous situa-
tions and executing control to prevent or mitigate such situations and an external connection
function inclusive of functions for integration with CENTUM which is the production control
system of Yokogawa Electric. Note that these functions exchange data with a station on the
control bus via a control bus communication function which serves as an interface. In particu-

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2. Overview of SCS > A2-2
lar, when data is being written into the application logic execution function, the memory inside
the SCS is protected with various functions for ensuring safety with such as security levels.
CENTUM
PRM
(managing HART devices)
SENG HIS FCS

Control bus
SCS
DCS of other companies
Control bus communication function (Higher-level System)

Modbus
Application logic Communication
execution function External
communication function Subsystem
Application logic
execution Modbus
Communication
AIO/DIO data
input/output function ProSafe-SLS

Communication data ProSafe-SLS


input/output function
Communication
Inter-SCS safety
communication function

SCS Link Fire and Gas


Transmission function Communication

Diagnostic function HART Device

SENG: Station that handles engineering and maintenance of SCS


HIS: Station that executes operation and monitoring of CENTUM
FCS: Control station of CENTUM
PRM: Plant Resource Manager

Figure A2-1 Overview of SCS function configuration

n Application logic execution function


This function monitors the safety condition of the plant and makes the process shift to the
safety state on detecting any hazards. It mainly performs the following processing.
• Receiving Analog Input (AI)/Digital Input (DI) data from the field
• Execution of user-defined application logic
• Sending Analog Output (AO)/Digital Output (DO) data to the field
• Inter-SCS safety communication
• SCS link transmission
• Communication data I/O (subsystem communication function, safety subsystem commu-
nication function)
• Self-diagnosis

l Application logic
An SCS executes application logic written in the IEC 61131-3 program language. The applica-
tion logic is defined by the user using Multi Language Editor and downloaded to the SCS.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2. Overview of SCS > A2-3
An SCS supports the following three languages of IEC 61131-3:
• Function Block Diagram (FBD)
• Ladder Diagram (LD)
• Structured Text (ST)
TIP The application logic execution function explained here is not simply a name for a function that handles exe-
cution of the application logic; rather, it is a generic name for all the functions explained above, including the
actual execution of the application logic. In this manual, this term is used in the following explanation as well.

SEE
ALSO For more information about Structured Text (ST), refer to:
2., “Structured text” in POU Reference Manual (IM 32P03B20-01EN)
For more information about Function Block Diagram (FBD), Ladder Diagram (LD), refer to:
1., “Overview of POU” in POU Reference Manual (IM 32P03B20-01EN)

n External communication function


This is a function for exchanging information with external systems connected to an SCS and
it does not influence the application logic execution function. Main operations are as follows:
• Diagnostic information collection function
• SOER function
• CENTUM Integration Function
• FAST/TOOLS integration function (SCSP1, SCSP2 and SCSU1)
• Modbus slave communication function
• PRM-supported HART On-demand Communication
• DNP3 communication function (SCSU1 only)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.1 SCS hardware configuration> A2-4

A2.1 SCS hardware configuration


If the safety control unit is S2SC70D or S2SC70S (SCSP3), these three following methods
are available to connect the I/O node to the SCSP3:
• N-IO nodes only connection
• Safety node units only connection
• Combined connection of N-IO nodes and safety node units
If the safety control unit is SSC60D or SSC60S (SCSP2), only the safety node unit can be
connected.
The following table shows the main hardware names used in SCS.

Table A2.1-1 Main hardware names used in SCS


Name Description Note
SCU Safety control unit SSC60D/SSC60S (*1) , and S2SC70D/
S2SC70S
SNU Safety node unit SNB10D
PSM Power supply module SPW481, SPW482, and SPW484. Always re-
dundant.
CPU Processor module (CPU module) SCP461 (SSC60 only), SCP461 S2, and
S2CP471
SEC401/ ESB bus coupler module Used when SNU and N-IO nodes are used.
SEC402 Installed in slots 7 and 8 of SCU. Always re-
dundant.
SSB401 ESB bus interface module Always redundant
SNT401/ Optical ESB Bus Repeater Master Mod- Always redundant
SNT411 ule
SNT501/ Optical ESB Bus Repeater Slave Module Always redundant
SNT511
S2EN402/ N-ESB bus coupler module Used when N-IO node is used. Installed in
S2EN404 SCU. Always redundant.
FIO FIO I/O module -
N-IO node Node for installing N-IO Configured with node interface unit and N-IO
I/O unit.
PSU Power supply unit for N-IO S2PW503 and S2PW504. Always redundant.
S2EN501 N-ESB bus module Used when N-IO node is used. Installed in N-
IO node. Always redundant.
N-IO N-IO I/O module -
ESB bus Bus to connect SCU and SNU -
N-ESB bus Bus to connect SCU and N-IO node -
Optical ESB Bus to connect SCU, SNU, and N-IO -
bus node
*1: N-IO node is not connectable.

n N-IO node only connection


The following configuration are used when connecting only the N-IO nodes to the safety con-
trol unit.
When connecting the safety control unit and N-IO nodes by using the N-ESB bus, the
S2EN402/S2EN404 is mounted to the safety control unit, and S2EN501 to the N-IO node.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.1 SCS hardware configuration> A2-5
When connecting the safety control unit and N-IO node by using the optical ESB bus, the
SEC401/SEC402 is mounted to the safety control unit, and S2EN501 to the N-IO node.
The connection between N-IO nodes must be connected with the N-ESB bus or the optical
ESB bus.
The following figure shows an example of configuration with N-IO nodes-only connection.

PSM: Power supply module for SCU and SNU (SPW48x) ESB bus
CPU: Processor module (SCP461 S2, S2CP471)
SEC40x: ESB bus coupler module SCU
S S
SSB401: ESB bus Interface module 2 2 S S S S C C P P SCSP3
SNT4x1: Optical ESB bus repeater master module E E N N E E
N N T T C C P P S S
SNT5x1: Optical ESB bus repeater slave module 4 4 4 4 4 4 U U M M
S2EN40x: N-ESB bus coupler module 0 0 x x 0 0
x x 1 1 x x
FIO: FIO I/O module
PSU: Power supply unit for N-IO node (S2PW50x)
S2EN501: N-ESB bus module
N-IO: N-IO I/O module
N-ESB bus Optical ESB bus

N-IO node N-IO node

S S S S
2 2 2 2
E E P P E E P P
N N N N
N N S S - - N N S S - -
5 5 U U 5 5 U U
0 0 I I 0 0 I I
1 1 O O 1 1 O O
N-ESB bus Optical ESB bus

N N N N N N N N
- - - - - - - -
I I I I I I I I
O O O O O O O O

N-IO node N-IO node

S S S S
2 2 2 2
E E P P E E P P
N N N N
N N S S - - N N S S - -
5 5 U U 5 5 U U
0 0 I I 0 0 I I
1 1 O O 1 1 O O

N N N N N N N N
- - - - - - - -
I I I I I I I I
O O O O O O O O

Figure A2.1-1 Configuration example of an N-IO node-only connection

n Safety node unit only connection


The following configuration are used when connecting only the safety node units to the safety
control unit.
When connecting the safety control unit and safety node unit by using the ESB bus, the
SEC401/SEC402 is mounted to the safety control unit, and SSB401 to the safety node unit.
When connecting the safety control unit and safety node unit by using the optical ESB bus,

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.1 SCS hardware configuration> A2-6
the SEC401/SEC402 and SNT401/SNT411 is mounted to the safety control unit, and
SNT501/SNT511 and SSB401 to the safety node unit.
The connection between the safety node units must be connected with an ESB bus, or an op-
tical ESB bus through SNT401/SNT411 and SNT501/SNT511.
The following figure shows a configuration example of a safety node units-only connection.

PSM: Power supply module for SCU and SNU (SPW48x) ESB bus
CPU: Processor module (SCP461 S2, S2CP471)
SEC40x: ESB bus coupler module
SCU
SSB401: ESB bus Interface module S S S S C C P P SCSP2/SCSP3
SNT4x1: Optical ESB bus repeater master module F F F F N N E E
T T C C P P S S
SNT5x1: Optical ESB bus repeater slave module I I I I 4 4 4 4 U U M M
S2EN40x: N-ESB bus coupler module O O O O x x 0 0
1 1 x x
FIO: FIO I/O module
PSU: Power supply unit for N-IO node (S2PW50x)
S2EN501: N-ESB bus module
N-IO: N-IO I/O module
Optical ESB bus ESB bus

SNU SNU

S S S S S S P P S S P P
F F F F N N N N S S F F F F F F F F S S
T T T T B B S S B B S S
I I I I 5 5 4 4 4 4 M M I I I I I I I I 4 4 M M
O O O O x x x x 0 0 O O O O O O O O 0 0
1 1 1 1 1 1 1 1

ESB bus
ESB bus
Optical ESB bus

SNU SNU

S S S S P P S S P P
F F F F F F N N S S F F F F F F F F S S
T T B B S S B B S S
I I I I I I 5 5 4 4 M M I I I I I I I I 4 4 M M
O O O O O O x x 0 0 O O O O O O O O 0 0
1 1 1 1 1 1

ESB bus

Figure A2.1-2 Configuration example of a safety node units-only connection

n Combined connection of N-IO node and safety node unit


N-IO nodes and safety node units can be connected to a single safety control unit. To use
both nodes together, you can connect the N-IO node and safety node unit, or separate them.
• Connecting N-IO nodes and safety node units together
When connecting the safety control unit together with the safety node units and N-IO no-
des, connect with the following configuration.
When connecting the safety control unit and N-IO node using the optical ESB bus, the
SEC401/SEC402 and SNT401/SNT411 are mounted to the safety control unit, and
S2EN501 to the N-IO node.
N-IO node and safety node unit are connected through an optical ESB bus. SNT501/
SNT511 and SSB401 are installed to the safety node unit.
The following figure shows a configuration example of an N-IO node and safety node unit
connection.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.1 SCS hardware configuration> A2-7
ESB bus
PSM: Power supply module for SCU and SNU (SPW48x)
CPU: Processor module (SCP461 S2, S2CP471)
SEC40x: ESB bus coupler module SCU
S S S S C C P P SCSP3
SSB401: ESB bus Interface module F F F F N N E E
SNT4x1: Optical ESB bus repeater master module T T C C P P S S
I I I I 4 4 4 4 U U M M
SNT5x1: Optical ESB bus repeater slave module O O O O x x 0 0
S2EN40x: N-ESB bus coupler module 1 1 x x
FIO: FIO I/O module
PSU: Power supply unit for N-IO node (S2PW50x)
S2EN501: N-ESB bus module
N-IO: N-IO I/O module
Optical ESB bus

N-IO node

S S
2 2
E E P P
N N
N N S S - -
5 5 U U
0 0 I I
1 1 O O

N N N N
- - - -
I I I I
O O O O

Optical ESB bus

SNU

S S S S P P
F F F F F F N N S S
T T B B S S
I I I I I I 5 5 4 4 M M
O O O O O O x x 0 0
1 1 1 1

ESB bus

Figure A2.1-3 Configuration example of an N-IO node and safety node unit connection

• Separating N-IO nodes and safety node units, and connecting them together
When N-IO nodes and safety node units are separated from each other, and they are
connected with the safety control unit, the N-IO nodes-only connection and the safety
node units-only connection are combined.
The following figure shows a configuration example when N-IO node and safety node unit
are separated and connected together.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.1 SCS hardware configuration> A2-8
PSM: Power supply module for SCU and SNU (SPW48x)
CPU: Processor module (SCP461 S2, S2CP471)
SEC40x: ESB bus coupler module S S SCU
2 2 S S C C P P SCSP3
SSB401: ESB bus Interface module F F F F E E E E
SNT4x1: Optical ESB bus repeater master module N N C C P P S S
I I I I 4 4 4 4 U U M M
SNT5x1: Optical ESB bus repeater slave module O O O O 0 0 0 0
S2EN40x: N-ESB bus coupler module x x x x
FIO: FIO I/O module
PSU: Power supply unit for N-IO node (S2PW50x)
S2EN501: N-ESB bus module
N-IO: N-IO I/O module
N-ESB bus ESB bus

N-IO node SNU

S S S S P P
2 2 F F F F F F F F S S
P P B B S S
E E N N I I I I I I I I 4 4 M M
N N S S - - 0 0
5 5 O O O O O O O O
0 0
U U I I 1 1
1 1 O O

N N N N
- - - -
I I I I
O O O O

Figure A2.1-4 Configuration example when N-IO node and safety node unit are separated and connec-
ted together

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.2 SCSP2 hardware configuration> A2-9

A2.2 SCSP2 hardware configuration


When CPU nodes are SSC60D or SSC60S (SCSP2), it is possible to mount SEC401 or
SEC402 as ESB bus coupler modules. If SEC402 is mounted, ESB buses can be connected
to the upper and the lower connectors, which allows connection of up to 13 I/O nodes. The
following figure shows the SCS hardware configuration where SEC402 is used to connect I/O
nodes.
Vnet/IP
ESB Bus CPU Node
One CPU node in one SCS.
-PSM (always redundant)

PSM
PSM
IOM
IOM
IOM
IOM
IOM
IOM
SEC402
SEC402
SCP461
SCP461
-SEC402 (always redundant)
-IOM (up to 6 or 8 modules can be mounted)

ESB Bus I/O Node


Up to 9 I/O nodes can be connected to the
upper or lower connector of SEC402,
PSM
PSM

PSM
PSM
IOM
IOM
IOM
IOM
IOM
IOM
IOM
IOM
SSB401
SSB401

IOM
IOM
IOM
IOM
IOM
IOM
IOM
IOM
SSB401
SSB401
respectively, in one SCS.
However, the maximum number of nodes is 13
in total on both connectors.
Input Input -PSM (always redundant)
-SSB401 (always redundant)
Output Output -IOM (up to 8 modules can be mounted)

ESB Bus
PSM
PSM

PSM
PSM
IOM
IOM
IOM
IOM
IOM
IOM
IOM
IOM
SSB401
SSB401

IOM
IOM
IOM
IOM
IOM
IOM
IOM
IOM
SSB401
SSB401 ESB bus cables are used to connect between
SEC402 and SSB401. The allowable cable
length is 10 m for the upper and lower
connectors respectively, and 20 m in total
on both connectors.

Figure A2.2-1 SCS hardware configuration (Example of SCSP2)

Table A2.2-1 Main hardware module of SCS (SCSP2)


Name Description Note
CPU CPU Modules SCP461
IOM Input/Output Modules -
PSM Power Supply Module Model SPW48x always redundant
SEC402 (*1) ESB Bus Coupler Module Used when I/O nodes are used.
Installed in slots 7 and 8 of CPU node (always
redundant) .
Cannot be used for SCSV1/SCSP1.
SSB401 ESB Bus Interface Module Always redundant
CPU Node Node which has CPU Module on it SSC60D/SSC60S
I/O Node Node which does not have CPU Module Node to which CPU is not mounted
on it
ESB Bus Extended Serial Backboard Bus Bus to connect nodes
*1: You can also use SEC401 for SCSP2.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-10

A2.3 RAS (Reliability, Availability,


Serviceability) functions of SCS
This section explains functions related to reliability, availability and serviceability of the SCS
(hereinafter referred to as RAS in this manual). Moreover, it is a function that implements
safety. The function includes the ability to shift to a safe state in a fast and reliable manner
when an error occurs in the plant or system.
The RAS functions of the SCS are as follows:
• Operating mode
• Security level
• Diagnostic management function, diagnostic information messages
• Operation during start, and operation during error
• Dual redundancy
SEE
ALSO For more information about the functions for checking the SCS status, refer to:
H., “Monitoring the SCS status” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about the operations upon SCS error occurrence and recovery procedures, refer to:
G2., “Operations and recovery procedures during the SCS error occurrence” in Engineering Guide Vol. 1
(IM 32P01C10-01EN)

n Positioning of RAS function


RAS stands for Reliability, Availability and Serviceability, and is an important index when eval-
uating the system performance. Reliability means robustness against error occurrence, avail-
ability means shortness of downtime and serviceability means ease of repair at failure.

l Functional relation of software


The RAS function diagnoses whether hardware and software are running normally and han-
dles maintenance of them if any errors are detected. Since this function is able to shut the
system down and change the SCS status as required, it is one of the most essential SCS
functions.

l Relationship with other hardware


The RAS function collects hardware error information concerning the I/O modules and other
components in the station. The RAS function organizes hardware error information and exe-
cutes pre-defined safety operations accordingly, such as shutting down. Error information is
sent to the SENG and HIS as diagnostic information messages. The SCS saves diagnostic
information generated internally. And the information can be referenced from SENG. You can
delete saved diagnostic information messages from SENG.
The figure below shows how the RAS function of the SCS is positioned.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-11

SENG HIS

V net

Diagnosis
System Alarms
Information

Download,
Changing
SCS FCS
Actions

RAS
function

Error I/O module


Information shutdown

Input/output
modules

Figure A2.3-1 Positioning of RAS function

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-12

A2.3.1 SCS operating mode


The operating mode indicates the operation status of an SCS. Operations of the functions that
are implemented by the system program of the SCS are determined by the operating mode.
The operating mode is outlined as follows:
• The operating mode indicates the overall operating status of SCS, not the status of indi-
vidual output modules.
• The operating mode indicates the status of a single SCS, regardless of whether the CPU
configuration of the SCS is single or dual-redundant.
• For an SCS with dual-redundant CPU, the operating mode remains the same before and
after a control right switchover of the CPU.
There are five SCS operating modes: Stop mode, Loading mode, Initial mode, Waiting mode,
and Running mode
The following figure shows the transitions between operating modes. Note that it is possible to
shift to the Stop mode from all other modes, but the arrows indicating these shifts are omitted
for the sake of clarity.

Loading
Mode

The request of Finish of


Offline Download Offline Download
start from notified from
SCS Manager SCS Manager

The application-logic execution All output channels of


The SCS starts upon function starts upon output modules are
a start request. completion of “Output Enabled”
diagnosis.
Stop Initial Waiting Running
Mode Mode Mode Mode
At least one
output channel of
an output module is
“Output Disabled” .
SCS Power ON

Can be transferred
from all other modes
SCS stopped

Figure A2.3.1-1 Transitions between operating modes

n Stop mode (stopped status)


This is the initial state of the SCS.

n Loading mode (during offline download)


In this mode, program and database are being downloaded from the SCS Manager to the
SCS.

n Initial mode (initializing status)


In this mode, the SCS is initializing databases, processing the diagnostic at startup, and start-
ing the I/O modules as follows:

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-13
• Input modules
If started successfully, input values are set to applicable input variables. If the startup of
any module has failed, an error is recognized for the module.
• Output modules
The outputs of all channels remain disabled after the startup is completed, so that the
output values from the application logic will not be sent to the field immediately.
• Subsystem communication modules
Receives only the input from subsystems while having an output that is invalid.
• Fire and gas communication modules
If the startup process is successfully completed, fire and gas communication modules re-
ceive only the input from subsystems. If the startup process ends in an error, the SCS
handles the fire and gas communication modules as erroneous.

n Waiting mode (waiting for output enable request)


Application logic is periodically executed on each scan period. However, the output channel
will not output the application logic value if the status is set to "Output Disable". The waiting
mode status can be checked in the SCS State Management window and the LED display of
the CPU module.
When "Output enable operation" is performed, the outputs on the normal channels of output
modules are enabled. If you execute the "Output enable operation" just after starting up the
SCS, the SCS also enables the output of inter-SCS safety communication, SCS link transmis-
sion and subsystem communication.
TIP • Failure on the output channel should be removed, then perform "Output enable operation".
• Even when the channel is set to "Output Disabled", if the physical data is rewritten using the forcing
function, the output value from the output channel changes.

SEE
ALSO For more information about Data value in unlocked / locked status and output disable / enable status, refer to:
A6.2, “I/O variable” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about Output enable operation, refer to:
C8., “Output enable operation” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about SCS State Management Window, refer to:
H1.2, “SCS State Management window” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)

n Running mode (controlling status)


This mode indicates that the SCS is running normally. All output channels of output modules
are outputting the output values from the application logic. The Running mode status can be
checked with the SCS State Management Window and LED display of the CPU module.

l Output status monitoring


All output channels of output modules are monitored. If any of the channels becomes Output
Disable status due to a failure in the corresponding module or in the output channel itself, or
after adding new channels during online modification, the SCS will change its operating mode
to the Waiting mode. The operating mode changes to the Running mode when the cause of
the channel failure is removed, the output enable operation is completed and all output chan-
nels are placed in the Output Enable status.

n Checking of operation mode


The operating mode of SCS can be checked with the following methods.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-14
• It is possible to check that the operating mode is either the Waiting or Running mode with
the SCS State Management window of the SCS Maintenance Support Tool, the SCS Sta-
tus Display view of HIS and the LED display of a CPU module.
• If the operating mode is either the Waiting or Running mode, the operating mode can be
referenced from the application logic as well.

n Influence on operating mode


Engineering and occurrence of errors can affect the operating mode as follows.
• The operating mode is not affected even if a subsystem communication error, safety sub-
system communication error, or communication module error occurs.
• Occurrence of errors in SCS link transmission has no influence on the operating mode.
• If output modules/channels are added via online change download, the added modules/
channels are started from the Output Disable status. If the operation mode was the Run-
ning mode before online changes, the mode changes to the Waiting mode. Perform the
output enable operation.
• If channels in the Output Disable status or output modules including such channels are
deleted via online changes and there are no longer any channels in the Output Disable
status in SCS, the operating mode shifts from the Waiting mode to the Running mode.
• If a single output module is changed to dual redundant configuration by online change
download, IOM download is executed in order to initialize the modules. The outputs of the
target modules become disabled after downloading. Since some channels are in the Out-
put Disable status, the operating mode of SCS shifts to the Waiting mode. Perform the
output enable operation after the output modules recover to normal.
• It is possible to perform the output enable operation regardless of the status of communi-
cation modules.
• It is possible to perform the output enable operation even if the status of communication
with sub-systems is BAD. In this case, only outputs that are ready to communicate will
start.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-15

A2.3.2 Security level of SCS


The security level of SCS indicates the level of protection against erroneous writing to the
memory in SCS from the connected stations or devices. An overview of SCS security level is
as follows:
• One SCS has one security level.
• The security level can be confirmed from LED on the CPU module and the SCS State
Management window of SCS Maintenance Support Tool or Status Display View of HIS.
• SCS limits changes made from the outside according to security level.
• Security level can be referred to by applicable logic.
• Security level can be changed by an authorized user with the password using the SCS
Manager.
• Using the system function block (SYS_SEC_CTL) makes it possible to control whether or
not to allow security level change operations from an SENG with an external hardware
switch or similar.
• Security level can be changed under the following conditions:
• The SCS is either in the Waiting or Running mode,
AND
• The SYS_SEC_CTL is set to allow security level changes or is not used.
The following figure illustrates the transition of states of the security level.
Offline Download or SCS Restart or Master database offline download

Online Levels Offline Level


[ SYS_SEC_CTL
check (*1) ]
Level 2 Level 1 Level 0
[ Level 0
[ Level 1 password check
password check & SYS_SEC_CTL
& SYS_SEC_CTL check ] check ]

*1: It is allowed to reset the security level from Level 1 to Level 2 via the RST input in the SYS_SECURE block,
regardless of the security level change enable/disable status of SYS_SEC_CTL.

Figure A2.3.2-1 Transition of security level status

n Definition of each security level


There are two classifications of levels; online level and offline level. The Online level is used
when SCS is in normal operation. The Offline level is used when SCS is not in normal opera-
tion.

l Online level
The Online Level is a security level to be used when normal operation is performed in SCS.
The SCS itself provides security of the Online Level by controlling access to the memory from
the outside.
The Online Level is separated into two levels according to limits of functions which can be
used.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-16
Table A2.3.2-1 Online level
Level Description
Level 2 The highest security level. SCS is usually operated at this security level.
Level 1 A temporary security level used by engineers or authorized users for maintenance of
equipment or changing applications online

l Offline level
The Offline Level is a security level to be used when a regular operation is not performed in
SCS. This is displayed as "Level 0" on the LED of SCS or the SCS State Management win-
dow of SENG. In the Offline Level, SCS does not limit access to SCS from the outside. How-
ever, information which was used at test may be stored in SCS databases depending on op-
erations performed by those tools.

IMPORTANT
To restore an SCS to Online Level from Offline Level, restart the SCS or do offline download.
This ensures that the system returns to the security level for normal operation.

l Security level at the start of SCS


The security level is Level 2 when SCS starts normally.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.3 RAS (Reliability, Availability, Serviceability) functions of SCS > A2-17

A2.3.3 Diagnosis for hardware


The SCS carries out diagnosis at the following timing to check whether various types of hard-
ware including I/O modules are in the normal state:
• At the start of the hardware
• At specified periodical intervals during operation
This section describes the HKU function in the CPU module, and the cabinet status monitor-
ing function in the N-IO node.

n HKU (House Keeping Unit)


The HKU function in the CPU module monitors the operation environment of the CPU mod-
ule. An error in the CPU operating environment is notified to the user via diagnostic informa-
tion messages and status display window. The following items are monitored by the HKU
function.
• Fan status in the safety control unit
• Surrounding temperature of the safety control unit
• Battery temperature

n Cabinet status monitoring


The N-ESB bus module of N-IO node monitors the operating environment of the cabinet. An
error in the operating environment of the cabinet is notified to the user via diagnostic informa-
tion messages and status display window.

l Temperature monitoring
The SCS monitors the surrounding temperature of the N-ESB module, as well as the upper
limit and lower limit value in the hardware. It monitors whether the temperature exceeds the
prescribed value or not.

l Power supply diagnosis


The SCS monitors the status of the power supply unit (PSU) connected to the N-ESB module
unit. The following are the methods in diagnosing a power supply:
• PSU output stop diagnosis
The SCS monitors the output voltage in redundant PSUs. It is judged as an error if output
in either of the PSUs stops.
• Output over-voltage diagnosis
The SCS monitors the output voltage of the PSUs, as well as the upper limit and lower
limit value in the hardware. It monitors whether the output voltage exceeds the prescribed
value or not. It is judged as an error if it exceeds the maximum value.

l Input monitoring from external devices


By inputting a single point of discrete signal from an external device, which can detect power
supply and fan abnormalities, in an external alarm input of the base plate, errors from the ex-
ternal device can be notified.
The safety control unit outputs the diagnostic information message according to the discrete
signal that is inputted from the external device.
Because this function is interference-free, it cannot be used for safety logic.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-18

A2.4 Dual-redundancy in the SCS


ProSafe-RS supports dual-redundant configurations of SCS CPU modules and input/output
modules. With the dual-redundant configuration, the continuous controllability and operating
efficiency can be improved. Moreover, with dual-redundantly configured hardware, the con-
tinuity of plant safety monitoring will be guaranteed by switching the control rights when an
error occurs in the SCS hardware.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-19

A2.4.1 Redundant configuration in SCS


In SCS, redundant configuration can be selected for the CPU module and I/O modules. The
control bus, power supply module, ESB bus, ESB bus interface module, optical ESB bus re-
peater module, N-ESB bus, N-ESB bus module, and F-SB bus are always in redundant con-
figurations.

n CPU module
• The CPU module on the standby side performs the same control processing as the con-
trol side even while it is in the standby status. For this reason, it is possible to take over
outputting data immediately after the control right is switched. Moreover, the operating
mode of the SCS does not change.
• Only the CPU on the control side accesses the hardware composing the SCS and the
CPU on the standby side always sets the equivalent value as the processing result.
Therefore, the CPU modules on both sides always perform processing using the same
data.
• In redundant configuration, if the CPU module on the standby side is not in the STBY sta-
tus and the control right cannot be switched, the same operation as single configuration
CPU module is performed.
• SOE data related to discrete inputs might be lost when the control right is switched be-
tween the CPU modules.
• With the CPU module of SCSP2, the data loaded with the previous scan may be used
instead of updating the data with the value from the input module when performing a scan
immediately after a control right switchover of the CPU. Also note that data loaded from 1
or 2 scans earlier may be used with subsystem communication modules.
• With the CPU module of SCSP3, the data loaded with the previous scan may be used
instead of updating the data with the value from the input module or fire and gas commu-
nication module when performing a scan immediately after a control right switchover of
the CPU. Also note that data loaded from 1 or 2 scans earlier may be used with subsys-
tem communication modules.

n FIO I/O modules


Redundant configuration is possible in the FIO node(*1) by mounting the same type of FIO
I/O module to two adjacent slots. In the case of redundant configuration, one side becomes
the control side and the other becomes the standby side. Switching of the control right is per-
formed by input/output modules. The switching has no influence on the application logic.
*1: An odd-numbered slot and the even-numbered slot obtained by adding 1 to the odd slot number

• It is not allowed to have redundant configuration across two nodes.


• SOE data related to discrete inputs might be lost when the control right is switched be-
tween the input modules even though the frequency is low.
• A HART communication error may occur when the control right is switched between ana-
log input/output modules that support HART communication.

Table A2.4.1-1 Operation of redundant AIO/DIO modules


AIO/DIO module Redundant operation
Analog input module The input data of the input module on the control side is stored in the
Discrete input module input variable.
Analog output module The SCS outputs the same value for output modules on both the control
Discrete output module and standby sides. Only the output module on the control side outputs
signals to the field. If an error occurs on the module on the control side,
the control right is switched and outputting is continued

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-20
SEE
ALSO For more information about implementing dual-redundant subsystem communication, refer to:
D1.2, “Dual-redundant communication” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about implementing dual-redundant Modbus slave communication, refer to:
“■ Redundancy of Modbus communication” in F4., “Precautions for engineering” in Engineering Guide
Vol. 2 (IM 32P01C20-01EN)

n NIO I/O modules


Redundant configuration is possible in the N-IO node by mounting the same type of N-IO I/O
module to two adjacent slots. In the case of redundant configuration, one side becomes the
control side and the other becomes the standby side. Switching of the control right is per-
formed by input/output modules. The switching has no influence on the application logic.
• SOE data related to discrete inputs might be lost when the control right is switched be-
tween the input modules even though the frequency is low.
• A HART communication error may occur when the control right is switched between ana-
log input/output modules that support HART communication.

Table A2.4.1-2 Redundant operation in N-IO I/O modules


Signal type Redundant operation
AI/DI The input data of the input module on the control side is stored in the
input variable.
AO/DO The SCS outputs the same value for output modules on both the control
and standby sides. Only the output module on the control side outputs
signals to the field. If an error occurs on the module on the control side,
the control right is switched and outputting is continued

n Optical ESB bus repeater module


The optical ESB bus repeater modules are always used in a redundant configuration.

n Power supply module


A redundant power supply module is installed on each of CPU nodes, I/O nodes, and N-IO
nodes of the SCS. The SCS monitors the status of the power supply at regular intervals and,
if an error occurs, it notifies the user about the error via the SCS State Management window
of the SENG, the Status Display view of the HIS, and diagnostic information messages. If one
of the two power supplies mounted on the CPU node has generated an error, it notifies two
diagnostic information messages; one corresponding to the error of the power supply module
on the CPU node and the other corresponding to the error of the power supply module on
node 1.

n ESB bus and ESB bus interface module


The ESB bus is redundant. The two ESB buses are connected to their corresponding ESB
bus interface modules. The following operations also apply when optical ESB bus repeater
devices are present along the communication route.
• Normally, redundant ESB buses are used in an alternating fashion.
• If an error occurs in either ESB bus interface module, the user is notified of the error with
a diagnostic information message. If both buses fail, the error is treated as a node failure.
• If an error occurs in one ESB bus or ESB bus interface module, the SCS continues com-
munication by using only the other ESB bus that is normal.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-21
• An erroneous bus is monitored for normal recovery at regular intervals.
• Errors in communication with all I/O nodes, except CPU node, are judged to be ESB bus
error.

n N-ESB bus and N-ESB bus module


The ESB bus has redundant configuration. Each N-ESB bus module is connected to N-ESB
bus, respectively.
• Normally, redundant N-ESB buses are used in an alternating fashion.
• If an error occurs on either N-ESB bus module, the error is notified to the user via a diag-
nostic information message. If both buses fail, the error is treated as a node failure.
• If an error occurs in either N-ESB bus or N-ESB bus module, the SCS continues commu-
nication using only the normal ESB bus on the other side.
• An erroneous N-ESB bus is monitored for normal recovery at regular intervals.

n F-SB bus
The F-SB bus has redundant configuration.
• The F-SB bus is normally used at the same time on both sides.
• If an error occurs in either F-SB bus, the SCS continues communication using only the
normal ESB bus on the other side.
• An erroneous F-SB bus is monitored for normal recovery at regular intervals.

n Vnet/IP communication
Vnet/IP is redundant. Independent subnets using bus 1 and bus 2 comprise redundant buses.
Normally, bus 1 is used for control communication. If a communication error occurs on bus 1,
bus 2 is used to perform control communication.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-22

A2.4.2 CPU redundant status


The availability of an SCS can be improved by making CPUs redundant. Each of the redun-
dant CPUs can be in either control or standby states, which are unique to the CPU.

n CPU status
In order to show the status of a redundant configuration, it is necessary to indicate the status
of each CPU separately. The operating status of the CPU is called the CPU status.
• The CPU status indicates the operating status of the CPU.
• The processing of the SCS references the CPU status as necessary. The user can check
the CPU status via the CPU's LED, the SCS State Management window of the SENG,
and the Status Display view of HIS.
• If an error occurs in the standby CPU, the FAIL status is notified to the application logic
via a system block.
The figure below illustrates the CPU status shift. Note that in order to explain the CPU status,
the operating modes it can shift to the Initial mode are called "CTRL" and "STBY." These indi-
cate whether the CPU has the control right and are specific to the redundant status, i.e., not
related to the operating mode.

CPU Fail
CTRL

Remove the cause Program


of CPU Fail Start
Control
FAIL RDY
Change
Program
CPU Fail
Start

STBY
CPU Fail

Figure A2.4.2-1 CPU status

l FAIL (CPU stopped)


The power is supplied to the CPU, but the software is not running in this status.

l RDY (CPU initializing status)


The system program is being set in the main memory in this status.

l CTRL (control status)


The system program runs inside the CPU and the CPU has the right to access input/output
modules in this status.

l STBY (standby status)


The system program runs inside the CPU but the CPU does not have the right to access in-
put/output modules in this status.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-23

n CPU status shift in redundant configuration


The figure below illustrates each CPU status and how it may shift in redundant configuration.
The thick arrows from (a) to (d) indicate the flow from the startup to normal operation in redun-
dant configuration. Note that the figure below does not represent the status by the mounting
positions of the CPUs. Even if the states of the two CPUs are switched, the indication in the
figure shows them in the same status.

(a)
(e)
FAIL CTRL control side
CTRL
FAIL CPU status
FAIL
stand-by side
STBY
CPU status

(b) (c) APC (d)

RDY CTRL CTRL

FAIL RDY STBY

Single Operation

Figure A2.4.2-2 States at redundant configuration

Table A2.4.2-1 CPU status


Status Description
(a) CPUs on the both sides stopped.
(b) The controlling CPU starts up and sets programs and databases in the main memory.
(c) (*1) The controlling CPU obtains the control right and starts up the standby CPU. Upon launching, the
standby CPU copies the image of the main memory of the controlling CPU into its main memory
(this status is displayed as "APC" and not the same as status (e)). The controlling CPU executes
the user application.
(d) Both the controlling and standby CPUs operate normally in redundant configuration. This status
is called the redundant control status.
(e) (*1) In this status, the standby CPU is stopped in redundant configuration, or the controlling CPU is
stopped and the control right is switched. The same operation as in single configuration is per-
formed.
*1: Single operating status.

The CPU shifts to each status in the following manner.

Table A2.4.2-2 Conditions of CPU status shift


Before After Shifting conditions
(a) (b) • The power supply to the SCS is started.
• SCS offline download is completed.
• The system is restarted.
(b) (c) The controlling CPU started normally.
(c) (d) APC of the standby CPU is completed.
(d) (e) The control right is switched due to a failure of the controlling CPU hardware or the
standby CPU failed.
(e) (c) The standby CPU is replaced or a CPU recovered from transient failure.
(b) (a) An error occurred in the self-diagnosis at startup.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A2.4 Dual-redundancy in the SCS > A2-24
Table A2.4.2-2 Conditions of CPU status shift (Table continued)
Before After Shifting conditions
(c) (a) A fatal error occurred while operating in single CPU operation.
(d) (a) Power failure occurred in the SCS (including momentary power failure).
(e) (a) A fatal error occurred while operating in single CPU operation.

l APC status
The APC status refers to the status where the data in the CPU memory is being copied from
the control side to the standby side.
The APC status can be checked by the LED on the CPU, the SCS Status Display window of
the SENG or the Status Display view on the HIS. The start and end of the APC status are
notified via a diagnostic information message.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-1

A3. Outline of the safety system


generation function
This section gives an overview of the tools used to configure and maintain a safety system.
It also describes the different types of applications that can be created by using ProSafe-RS.

n Recreating an SCS project with R4 and selecting the engineering


method
If an SCS project has been recreated, you must select the engineering method based on the
presence of a safety I/O list.

l Guidelines for selecting an engineering method


The engineering method of the project should be selected based on one of the following
guidelines:
If a safety I/O list that is consistent with the SCS project exists, or if you are engineering by
using a newly created safety I/O list, the I/O list engineering method is recommended. Select
an I/O list engineering when you use iDefine as an engineering tool.
Also, when performing engineering for safety subsystem communication, select I/O list engi-
neering.
If a safety I/O list that is consistent with the SCS project does not exist, or if you are using a
SCS project that was created by using an SCS with RS original engineering, choose the RS
original engineering method instead.
TIP If you upgrade to version R4, the metered license is applied regardless of the engineering method that you
select.

l Editor and tools that are used for I/O list engineering
The following table shows the editors and tools used when performing I/O list engineering.
You can start the SCS Manager from the System Structure Navigator in AD Organizer.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-2
Table A3-1 Editor and tools that are used in I/O list engineering
Category Operation Means to Editor or tool name Remarks
operate edi-
tors and
tools
SCS Man-
ager/AD Or-
ganizer
Safety ap- Safety logic definition SCS Man- Multi-Language Editor -
plication ager (*1)
Variables and parameters SCS Man- Dictionary View (*1) I/O variables are auto-
definition ager matically created from
the safety I/O list. Instan-
ces of subsystem com-
munication I/O FB, PRO-
FINET communication in-
put FB, and fire and gas
communication input FB
are automatically gener-
ated from the safety com-
munication I/O list. Inter-
nal variables and FB in-
stances can be defined
by iDefine.
I/O I/O list definition AD Organ- Safety I/O Editor The following information
izer Safety Communication is generated:
I/O Editor • Dictionary View
• I/O Wiring View
• I/O Parameter Builder
• Communication I/O
Builder
Node/IOM detailed defini- AD Organ- IOM Definition Editor The information for the
tion izer following is created:
• I/O Wiring View
• I/O Parameter Builder
System Creation of SCS projects SCS Man- SCS Manager The contents will be re-
ager flected in the AD Organ-
izer.
SCS project attribute SCS Man- SCS Project Properties
ager
SCS constant definition SCS Man- SCS Constants Builder -
ager
SCS parameter setting SCS Man- Hardware Architecture -
ager View
POU definition SCS Man- Link Architecture View -
ager (*1)
Safety communication SCS Man- Binding List View -
association ager
SCS Link transmission SCS Man- SCS Link Transmission -
data definition ager Builder
RS genera- Database generation AD Organ- RS Generation Manager -
tion izer
Authorize SCS Man- Integrity Analyzer -
ager
SCS Man- Cross Reference Ana- -
ager lyzer
Test Start test function SCS Man- SCS Manager (*1) -
ager
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-3
Table A3-1 Editor and tools that are used in I/O list engineering (Table continued)
Category Operation Means to Editor or tool name Remarks
operate edi-
tors and
tools
SCS Man-
ager/AD Or-
ganizer
Download Offline download SCS Man- SCS Manager -
ager
Online download SCS Man- SCS Manager -
ager
CENTUM Tag and annunciator defi- SCS Man- Tag Name Builder (*1) -
integration nition ager
Alarm definition SCS Man- ProSafe-RS Alarm Priori- -
ager ty Builder / Alarm Pro-
cessing Table Builder
MODBUS Definition of addresses of SCS Man- Modbus Address Builder -
communi- Modbus devices ager
cation
Subsystem Communication I/O data AD Organ- Safety Communication -
communi- definition izer I/O Editor
cation
Safety sub- Communication I/O data AD Organ- Safety Communication -
system definition izer I/O Editor
communi-
cation
DNP3 com- DNP3 slave definition SCS Man- DNP3 Communication -
munication ager Builder
*1: iDefine can be used as well.

n Safety application definition


Safety applications are created with tools and builders called from the AD Organizer and the
SCS Manager.
When using AD Suite to perform I/O list engineering, you need to use the editors in AD Or-
ganizer to set the items instead of using I/O Wiring View, I/O Parameter Builder, and Commu-
nication I/O Builder.
If you select I/O list engineering and use iDefine, you can create the application logic by using
iDefine based on the ProSafe-RS I/O file that was exported from AD Organizer. The ProSafe-
RS I/O file is a file generated for engineering with iDefine based on the safety I/O list, safety
communication I/O list, and IOM definition.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-4
Plant information Safety I/O list Safety Communication I/O List iDefine

IOM information (*3)

(*2)
AD Suite
AD Organizer
Safety
Safety I/O Editor Communication IOM Definition Editor
I/O Editor

RS Generation Manager

(*1)

SENG
SCS Manager

Link Hardware
Binding List View Dictionary View I/O Wiring View
Architecture View Architecture View

SCS Link
Multi-Language SCS Project I/O Parameter Communication SCS Constants
Transmission
Editor Properties Builder Builder I/O Builder Builder

SCS

Input variables SOER Time synchronization


POU method
Output variables I/O action on a failure SCS common
SOER constants
Internal variables Input

Output Passwords

Safety subsystem
SCS project Link transmission communication
Binding SCS parameters
attribute definition definition I/O definition

SCS

Binding Link transmission


definition

*1 : In the case of I/O list engineering, you can reflect the safety I/O list, safety communication I/O list, and IOM definition to the SCS
Manager builder by running the reflection process through RS Generation Manager. If you run the reflection process on the
engineering data that was created by using iDefine through RS Generation Manager, the application data can be reflected to the
Multi-Language Editor and SCS.
*2 : AD Organizer exports the data that was created from the safety I/O list, safety communication I/O list, and IOM definition to iDefine.
*3 : AD Organizer imports the engineering data that was created by using iDefine.
Legends
: Builder or editor
: Definition, file, parameter, or variable
: Group of definitions or files
: Download of builder definitions
: Communication

Figure A3-1 Overview of safety application definition

l AD Organizer
AD Organizer is installed in the SENG computer. You can perform the ProSafe-RS engineer-
ing by using AD Organizer. AD Organizer comes with some built-in engineering tools, and
SCS Manager is one of them.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-5

l Safety I/O Editor


This is an engineering tool that can be used from AD Organizer.
The tool is used to create safety I/O lists based on plant information data and import them as
engineering data.
It is also used to define variables that are related to the safety I/O. You specify the SCS node
and IOM applicable to the P&ID tag and the associated connection information based on the
information that is displayed in the Safety I/O Editor.
With this editor, you can export a file containing data for engineering with iDefine.

l Safety Communication I/O Editor


This is an engineering tool that can be used from AD Organizer.
This tool is used to create safety communication I/O lists based on plant information data and
import them as engineering data.
It is also used to define variables that are related to the safety communication I/O. You specify
the SCS node and IOM applicable to the P&ID tag and the associated connection information
based on the information that is displayed in Safety Communication I/O Editor.
With this editor, you can export a file containing data for engineering with iDefine.

l IOM Definition Editor


This is an engineering tool that can be started from AD Organizer.
In the IOM Definition Editor, a list of nodes and I/O modules are displayed with their proper-
ties.
You can use the IOM Definition Editor to define the I/O module configuration and set the prop-
erties of nodes and I/O modules. If I/O module assignment information is not defined in the
safety I/O list or safety communication I/O list, you can define the assignment of I/O modules
to nodes by using IOM Definition Editor.

l ADMDB
This is the server database that stores all the engineering data that is included in the AD
Server. The revision history of the engineering data and the hardware configuration informa-
tion are also stored in this database.
The AD Server manages the engineering data.

l Generation Manager
For SCS projects that are created with I/O list engineering, Generation Manager reflects the
information of the safety I/O lists, safety communication I/O lists, and I/O module configuration
and builds SCS projects.

l Hardware Architecture View


• Set the configuration name.
• Define the IP address of the SCS.

l Link Architecture View


• Configuring the security settings of the SCS project.
• Defining the POU.(*1)
• Adding variable groups.
• Starting the Multi-Language Editor to edit the POU that you have defined.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-6
*1: POU: Program Organization Unit It is a generic term for the programs, function blocks (FB), and functions (FU) that are writ-
ten with the function block diagram (FBD) and ladder diagram (LD)

l SCS Project Properties


Defining Project properties including station type, domain number, and station number of SCS
Designating location of the integrated CENTUM project folder, in the case of CENTUM Inte-
gration Configuration

l SCS Constants Builder


Settings SCS common constants and time synchronization method

l Dictionary View
If you select the RS original engineering method, the Dictionary View is used to set the pa-
rameters of FUs and FBs and define project variables. If you select the I/O list engineering
method, the variables that were defined by using AD Organizer and iDefine are read-only in
Dictionary View.

l Multi-Language Editor
Edit the POUs for the LBD, LD, and ST.
POUs that were defined by using iDefine are read-only in Multi-Language Editor.

l Binding List View


Binding variables from the producer to the consumer of Inter-SCS safety communication

l SCS Link Transmission Builder


Defining SCS link transmission safety communication and SCS global switch communication

l I/O Wiring View


In the SCS project where the RS original engineering method is selected, the I/O Wiring View
is used to define the following:
• Analog I/O modules, discrete I/O modules, universal type I/O modules (these three types
of modules are collectively called "AIO/DIO modules"), and communication modules
• Wiring between I/O module channels and I/O variables
If you select I/O list engineering, this builder is read-only.

l I/O Parameter Builder


In the SCS project where the RS original engineering method is selected, I/O Parameter
Builder is used to configure the node, module, and channel parameters, including the settings
for the operation when a fault is detected in an I/O module or channel, and to define SOER
collection through DI/DO.
If you select I/O list engineering, this builder is read-only.

l Communication I/O Builder


For SCS projects for which I/O list engineering is selected, this builder becomes read-only.
Use Safety Communication I/O Editor when you assign communication I/O data for safety
subsystem communication and perform wiring of communication I/O variables. The contents
of Safety Communication I/O Editor will be reflected in this builder by running a reflection from
AD Organizer.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-7

n CENTUM integration application definition


The following figure shows the outline of CENTUM integration application definition and the
associated builders.
These builders are opened from the engineering launcher of the SCS Manager.
• Tag Name Builder
This builder defines tag names for FBs and variables which can be used for CENTUM In-
tegration Configuration, and also defines annunciator messages.
Defining a tag name results in the creation of a mapping block for CENTUM Integration
Configuration.
When engineering by using iDefine, you can also define the tag names for FBs and varia-
bles by using iDefine. Use the reflection process from Generation Manager to reflect the
definitions in Tag Name Builder. Tag names that were defined by iDefine are read-only in
Tag Name Builder.
• Alarm Priority Builder
This builder defines alarm priority. The condition of alarm activation is set to each alarm
priority as in CENTUM.
• Alarm Processing Table Builder
The Alarm Processing Table Builder is used to import the ‘Alarm Processing Table de-
fined in CENTUM’ to SCS project.
This table determines the priority of process alarms that are generated from mapping
blocks when integrating with CENTUM.
When engineering by using iDefine, you can also configure the tag names in iDefine. The tag
names are read-only except for configured tools.
In a CENTUM integration structure, the application of ProSafe-RS needs to be defined with
those builders. Furthermore, engineering of CENTUM including SCS definition and tag list
generation needs to be executed on CENTUM ENG. This allows HIS to access SCS data with
a tag name and to display annunciator messages.
The following figure provides an overview of CENTUM Integration Application Definition.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-8
Definition
iDefine

SENG
Definition
Tag Name Builder AD Suite
Reflection

Import Definition
Alarm Processing Alarm Priority
Table Builder Builder

SCS

Safety Application CENTUM Integration


Application
Alarm
Priority
Tag Data
Map Mapping
Information Variables Blocks/Elements Alarm
Processing Table

Communication

ENG HIS

Download
SCS Tag list Builder SCS Tag list

Alarm Processing Table

Figure A3-2 Outline of CENTUM Integration Application Definition

n Defining applications that use communication modules


In ProSafe-RS, you can create an application that exchanges data with other system through
a communication module. Modbus slave communication, Modbus subsystem communication,
and safety subsystem communication are supported. Safety subsystem communication can
be used with SCSP3 only. In addition, you can create DNP3 communication applications in
SCSU1. Modbus slave communication and Modbus subsystem communication are interfer-
ence-free functions. Safety communication is included in safety subsystem communication.
The following builder is used for Modbus slave communication:
• Modbus Address Builder
It defines the Modbus device address.
The following figure shows the outline of the definitions of Modbus slave communication appli-
cation.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-9

SENG

Modbus Address
Builder

Definition

SCS

Modbus
Safety Slave
Application Communication
Application Other System
(Modbus Master)
Map
Modbus devices Communication
Variables Application
defined virtually

Figure A3-3 Outline of Modbus slave communication application definition

The following builder or editor is used for subsystem communication:


• Communication I/O Builder (for RS original engineering)
• Safety Communication I/O Editor of AD Organizer (for I/O list engineering)
It defines the communication data, and allocates the communication I/O FB there.
The following two types of subsystem communication are supported:
• Using the serial communication module, you can create an application for subsystem
communication between SCS and Modbus PLC.
• Using Ethernet communication module, you can create an application for the subsystem
communication between the SCS and Modbus/TCP PLC.
The following editor is used for fire and gas communication:
• Safety Communication I/O Editor of AD Organizer
Define communication data and assign the PROFINET communication I/O FB and fire
and gas communication FB to the communication data.
Using fire and gas communication modules, you can create an application for safety sub-
system communication between the SCS and fire and gas devices.
The following builder is used to define DNP3 communication applications:
• DNP3 Communication Builder
This builder enables SCS to act as a DNP3 slave station and associates DNP3 data with
application logic variables.
The following figure shows the outline of the DNP3 communication application definitions.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-10

SCADA

DNP3 Ethernet
Defined by DNP3 client
Communication Builder Defined by
IOM Definition Editor,
Key: DNP3 data type and index or I/O wiring view and
I/O Parameter Builder

SCS ALE111 module


IEC application DNP3 communication application
parameters parameters

FB DNP3 data
Instances

Figure A3-4 Outline of DNP3 communication application definition

n Definition of FAST/TOOLS integration application


The following describes the builder and outline of the FAST/TOOLS integration application
definitions. FAST/TOOLS integration is an interference-free function.
In FAST/TOOLS integration, you can define I/O modules and create function blocks in addi-
tion to using the following builders and tools:
• Domain Properties Setting Tool
It selects the operating mode of Vnet/IP-Upstream.
• Message Cache Tool
A group is defined when the network configuration of Vnet/IP-Upstream is in the narrow-
band mode.
• Tag Name Builder
You can enter tag name, and other information to the data to be handled in FAST/
TOOLS.
When engineering by using iDefine, you can also define the tag names for FBs and varia-
bles by using iDefine. Use the reflection process from Generation Manager to reflect the
definitions in Tag Name Builder. Tag names that were configured by using iDefine are
read-only in Tag Name Builder.

n Engineering tools
The following describes the tools that are used after you have created a ProSafe-RS applica-
tion:

l Integrity Analyzer
The Integrity Analyzer is used to analyze the safety of existing created application logics. It
detects unauthorized FB /FU as the safety function, and outputs results of analyzing on
screen or on the analysis report.

l Cross Reference Analyzer


It shows, on screen or on the analysis report, the difference between the application previous-
ly downloaded (which runs currently on SCS) and the application to be downloaded soon as

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3. Outline of the safety system generation function> A3-11
well as the extent of impact in case of downloading. The Cross Reference Analyzer is for limit-
ing the scope of retesting when application logic is modified.

l Self-Documentation function
This is for printing user applications. The entire definitions of an SCS project or any parts can
be selected as a printed item.

l Project Attribute Tool


This tool can be used to display the attribute of an SCS project.

l Test Project Creation Tool


This tool can be used to copy a project that is running at a plant site and create a project for
test purpose.

l Import/Export function
Import or export functions can be used to import or export SCS project data. Therefore, these
data can be used for test functions or for reusing applications.

l Project Comparing Tool


This tool can be used to detect the difference between two specified SCS projects and to dis-
play and print the result.

l Version Control Tool


This is for controlling the version history of an SCS project to support the project updates by
users.
By using Version Control Tool, you can save (check-in) the project data of an SCS project at a
certain point upon adding a version number and restore (check-out) project data of a certain
version. If you are performing I/O list engineering, start this tool from AD Organizer. If you
start it from the Start menu, the data of AD Suite cannot be handled by the tool.

l Master Database Restoring Function


This function is used to restore the contents of the master database as the work database.
Use this function to discard changes made to the work database and use the master data-
base as the data subject to engineering (work database). If you are performing I/O list engi-
neering, start this tool from AD Organizer. If you start it from the Start menu, the data of AD
Suite cannot be handled by the tool.

l Database Validity Check Tool


The Database Validity Check Tool is used to check the integrity of the database in the work
database and master database of SCS project, and SCS database in SCS. The master data-
base can be repaired if the master database has lost validity due to such as an error that has
occurred during online change download. This repair function of the tool repairs the master
database by replacing it with the work database.

l SCS Information
This function is used to display and print SCS project usage conditions such as POUs used
within the SCS and the number of variables. This function can also be used to check the data-
base revisions in the SCS project, number of project I/O licenses and their usage. You need
to build an SCS project before using this function.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.1 Window components common to builders> A3-12

A3.1 Window components common to builders


Multiple builders are used for engineering applications that will run on the SCS. This section
describes the base window layout common to all the builders, taking the SCS Constants
Builder window as an example.
Title Bar Menu Bar Toolbar

SCS Constants Builder - [Pjt:SCS0101 File:StnDef-i.edf]


File Edit View Tool Window

Interval of SCS Communication


Repeated

Interval of Repeated Warning Alarms 600 sec

Synchronous Mode V net

Scan Period for External System 1 sec

Modbus Word Order Direct

16-bit Modbus Master Support Mode Disable

Alarm Notify Action when AOF Released No

Message

Ready

Data Menu Area Workspace


(Client Area)

Status Bar Message Display Area

Figure A3.1-1 Window of SCS Constants Builder

n Title bar
The title bar displays project name, file name, etc.

n Menu bar
The menu bar contains the [Edit], [Tools] and other menus. The menu structure of the menu
bar differs depending on the builder; the menu bar used on most builders is as follows.

l File menu

Table A3.1-1 File menu


Menu item Description
Open Opens a file created by this builder and saved with a specific name (SVA file)
Close Closes the window
Save Saves the data displayed in the window in a file
Save As (*1) Saves the data displayed in the window in a file with a specific name
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.1 Window components common to builders> A3-13
Table A3.1-1 File menu (Table continued)
Menu item Description
External File - Imports the contents saved in a file with a specific format to the currently
Import
> opened window
Exports the contents of the currently opened window into a file with the specific
Export
format
Displays a dialog box for displaying and editing information related to the win-
Properties
dow properties
Print Launches Document Generator for printing the data displayed in the window
Status Label - Custom
Imports the alarm status texts modified on the CENTUM builders.
> Import
(*2)
Delete Deletes the alarm status texts imported from the CENTUM builders.
Shows a list of files saved with specific names (SVA files) that were opened in
Latest File
the past
Exit SCS Constants Build-
er Closes SCS Constants Builder
(*3)
*1: On the SCS Constants Builder, you need to save the settings separately on each tab sheet.
*2: Only available on SCS Constants Builder
*3: Builder name is displayed as the affix of the menu name.

TIP If there is no document window, only [Open], [Latest File] and [Exit SCS Constants Builder] are displayed.

l Edit menu

Table A3.1-2 Edit menu


Menu item Description
Undo Cancels the previously performed edit operation
Cut Deletes the selected character string and copies it onto the clipboard
Copy Copies the selected character string onto the clipboard
Paste Inserts the character string stored in the clipboard
Clear Clears the character string of the selected field
Find Displays a dialog box to search for a specified character string set in the builder
Replace Displays a dialog box to search and replace a specified character string set in
the builder

l View menu

Table A3.1-3 View menu


Menu item Description
Toolbar Determines whether or not to display the toolbar
Status Bar Determines whether or not to display the status bar
Data Menu Area Determines whether or not to display the data menu area
Message Display Area Specifies whether or not to show the message display area

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.1 Window components common to builders> A3-14

l Tools menu

Table A3.1-4 Tools menu


Menu item Description
Environment Setting... Starts Builder Environment Tool for setting the operation environment common-
ly used for builders

l Window menu

Table A3.1-5 Window menu


Menu item Description
Cascade Arranges document windows so that they overlap
Tile Horizontally Arranges document windows horizontally
Tile Vertically Arranges document windows vertically
Arrange Icons Arranges minimized document windows

n Toolbar
The toolbar contains icons representing frequently used functions in the menu bar.
Standard

Figure A3.1-2 Toolbar

Table A3.1-6 Functions assigned to the toolbar


Button Name Assigned function

Open Same as [Open] of the [File] menu

Save Same as [Save] of the [File] menu

Print Same as [Print] of the [File] menu

Cut Same as [Cut] of the [Edit] menu

Copy Same as [Copy] of the [Edit] menu

Paste Same as [Paste] of the [Edit] menu

Undo Same as [Undo] of the [Edit] menu

Display/Hide Data Menu Same as [Data Menu Area] of the [View] menu

n Data menu area


The data menu area has the following functions.
• Displays input guidelines for the selected data (e.g., meaning of an input item and data
input range).
• If data has options, the area displays the option menus and allows selecting an option. In
that case, it is also possible to select an option by pressing a key.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.1 Window components common to builders> A3-15
• Displays tree view and changes the workspace tabs (excepts for SCS Constants Builder).

n Message display area


The message display area displays the execution result of saving files, etc.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.2 Types of downloading> A3-16

A3.2 Types of downloading


The downloading functions transfer SCS execution data which contain application logics to an
SCS.
The SCS database is saved as the master database in the SENG and the same data as in
the SCS is maintained at all times. There is no function to upload the SCS execution data to
the SENG because the SCS execution data is saved in the SENG as the master database.

n Overview and types of downloading


l Offline download
This function downloads a database generated from application logic created in the SENG.
During download, the functions running on the SCS stop and resume operation after the com-
pletion of downloading.

l Online change download


This function downloads only a portion of database generated from application logic, created
in the SENG, that have been updated since the last download. The functions running on the
SCS keep operating during the download as well. Note that online change download may not
be possible depending on the content of the updates.

l Master database offline download


This function downloads the execution data that was active in an SCS again after replacing a
CPU module. The SCS database saved in the master database on the SENG is downloaded.
This download is performed when replacing hardware. In case of a redundant CPU module,
this download is not required if only one module is replaced.
TIP Close the I/O lock window when performing the following operations.
Otherwise, an error message will be displayed and the downloading will be stopped.
• Online change downloading
• Offline downloading
• Master database offline downloading

l IOM download
This function downloads the execution data that was active in an input/output module to a
new input/output module after replacing it. The data of the input/output module (part of the
SCS database) saved in the master database on the SENG is downloaded.
This download can only be performed when replacing hardware of input/output modules.

l Save and download operation marks


The operation marks set on the HIS can be saved in SENG.
The saved operation marks can be downloaded to the SCS.
SEE
ALSO For more information about saving and downloading operation marks, refer to:
B7.1, “Engineering on the SENG side” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)

n Relationship between downloading functions and databases


The destination database for saving varies depending on the type of downloading. The rela-
tionship between different types of downloading and databases is explained below.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.2 Types of downloading> A3-17

SENG

SCS project

Work database Master database Master database


Save
(Automatically saved
Source files at offline download/ Source files
online change download)

SCS database Master database SCS database


Restore

Offline download/ Master database offline download/


online change download IOM download
SCS

SCS database

Figure A3.2-1 Relationship between downloading functions and databases

TIP • Master Database Restoring Function is provided in order to copy the master database to the work data-
base in case a recovery is needed. Do not operate the master database folder/files directly by using
Windows explorer, or edit the master database.
• SCS projects are also registered in the ADMDB and managed by the AD Server.

l Offline download
The work database generated by building is downloaded to an SCS. The master database is
overwritten by the work database.

l Online change download


Only differences between the work database generated by building and the master database
are downloaded to an SCS. The master database is overwritten by the work database.

l Master database offline download


The master database is downloaded to an SCS.

l IOM download
Only data in the master database related to input/output modules is downloaded to an SCS.

l Relationship between downloading functions and SCS security levels


Since the downloading functions attempt to write data to an SCS, download operations may
not be allowed depending on the SCS security level. Before performing the downloading func-
tions, it is necessary to use the SCS security level operation function and change the security
level of the SCS.
The table below shows whether or not each type of download is allowed according to the se-
curity level.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A3.2 Types of downloading> A3-18
Table A3.2-1 Relationship between downloading functions and SCS security levels
Online
Security Offline down- Master database Save and Download
change IOM download
level load offline download Operation Marks
download
Yes (only for failing
Level 2 - - - input/output mod- Yes
ules)
Yes (only for failing
Level 1 - Yes - input/output mod- Yes
ules)
Yes (only for failing
Level 0 Yes Yes Yes input/output mod- Yes
ules)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A4. Configuration of maintenance function> A4-1

A4. Configuration of maintenance


function
This section describes the outline of the functions used for maintenance of SCS and field de-
vices.

n Outline of functions to use for maintenance


l Set SCS security level
This is for changing the SCS security level in the case of downloading the database to the
SCS or forcing parameters.

l I/O Lock window


This is for locking/unlocking I/O channels during maintenance, and shows the locking status
of the I/O channels. When inputs or outputs are locked, it is possible to set their values.

l Communication I/O Lock window


This is for locking/unlocking I/O of subsystem communication and safety subsystem commu-
nication during maintenance. It shows the locking status of the inputs/outputs. It is possible to
set their values when inputs or outputs are locked.

l SCS Link Transmission Lock window


During maintenance, locking or unlocking the communication data of link transmission can be
performed on this window. The locking and unlocking status can also be monitored. When a
communication data is locked, the value of the communication data can be changed.

l Inter-SCS Communication Lock window


This is for locking or unlocking inter-SCS safety communication FBs for each SCS during
maintenance and shows the locking status of the FBs. When inter-SCS safety communication
FBs are locked, it is possible to set their values.

l Restart SCS
This is for restarting SCS.

l Master database offline download


This is for downloading the master database to SCS and restarting the SCS.

l Save operation marks/Download operation marks


Operation marks specified for SCS tags on an HIS in the CENTUM integration structure are
initialized and thus lost when offline download to the SCS, master database offline download
or SCS restart (including when recovering from power failure) are executed. This function
makes it possible to recover initialized operation marks to the status at the last saved opera-
tion.
The Save Operation Marks is a function to save operation marks specified for tags on an HIS
in the SENG.
The Download Operation Marks is a function to download saved operation marks to the SCS.
SEE
ALSO For more information about saving/downloading operation marks, refer to:
B7.2.3, “Other builders” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5. Overview of the SCS Maintenance Support Tool> A5-1

A5. Overview of the SCS Maintenance


Support Tool
SCS Maintenance Support Tool provides functions to keep track of the SCS status in
ProSafe-RS maintenance. For example, SCS Maintenance Support Tool is used for when
maintaining applications, analyzing cases of tripping by demand from the plant and analyzing
diagnostic information generated in the SCS. SCS Maintenance Support Tool can always be
used as long as the SCS is in operation regardless of its security level.
SCS Maintenance Support Tool has the following functions:
• SCS status display
• Diagnostic information operation
• Online monitoring of application logic
• Message Cache Tool
• SOE Viewer
• Forced I/O viewer function

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.1 Relationships among functions of SCS Maintenance Support Tool> A5-2

A5.1 Relationships among functions of SCS


Maintenance Support Tool
The figure below shows the relationships among the functions included in SCS Maintenance
Support Tool.

SENG

SCS engineering functions SCS Maintenance Support Tool

Password
SCS Manager check(*1)
SCS status display Setup Tool

Application
definition Diagnostic
Online monitoring information operation
function

Windows
[Start] menu Password Message Cache Tool
check(*2)

SOE Viewer

Forced I/O viewer


SOE Viewer
function

SCS

*1: When the "Access Control and Operation History Management Package" is used, password checking
is not performed because user authentication check is done when SCS Manager is started.
*2: When the "Access Control and Operation History Management Package" is used, password checking
is not performed because user authentication check is done when the SCS Maintenance Support Tool is started.

Figure A5.1-1 Relationships among functions included in SCS Maintenance Support Tool

n SCS status display


The tools for showing the SCS running status include SCS Status Overview window and SCS
State Management window.
The SCS Status Overview window and the SCS State Management window are called up
from the Maintenance Launcher menu of SCS Manager. The SCS Status Overview window
can be launched from the [Start] menu of Windows. Note that the SCS Status Overview win-
dow and the SCS State Management window cannot be displayed at the same time. If you
call up and display the SCS Status Overview window or the SCS State Management window
again from the Maintenance Launcher menu of SCS Manager, the currently displayed window
is closed and the newly called window appears.
If you close the SCS Status Overview window or the SCS State Management window, all win-
dows started from that window are closed. The windows related to the SCS Status Overview
window or the SCS State Management window will not be closed even if you close the SCS
project in SCS Manager.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.1 Relationships among functions of SCS Maintenance Support Tool> A5-3

n Diagnostic information operation


The Diagnostic Information window is provided as a tool for displaying diagnostic information
stored in SCS.
The Diagnostic Information window is opened from the SCS Status Overview window or the
SCS State Management window. The Diagnostic Information window displays diagnostic in-
formation in the range selected by the engineer in the SCS State Management window.

n Online monitoring
The online monitoring function displays the operating status of the application logic in SCS.
Using this function, the user can keep track of the values of variables as well as the condition
statuses on FBD and LD.

n Message Cache Tool


Message Cache Tool is used for checking the diagnostic information messages and SOE
event acquisition conditions. Moreover, it is used to change various Message Cache Service
settings and manage the collected data.

n SOE Viewer
SOE Viewer is a tool to display event information held by SCS. It also displays the diagnostic
information messages. The SOE Viewer is capable of displaying events and messages in
chronological order, which helps you analyze messages output from the SCS.

n Forced I/O Viewer function


Forced-I/O information is a collection of information such as variables that are locked in the
Lock window of SENG by using the forcing function.
Forced I/O Viewer function is a function to display the forced-I/O information in a list. Forced-
I/O information of multiple SCSs can be displayed collectively.
Forced I/O Viewer function consists of Forced I/O Viewer that displays the forced-I/O informa-
tion and Forced I/O Viewer Setup Tool that makes the setting for collecting the forced-I/O in-
formation.

n Customizing SCS Maintenance Support Tool


Setup Tool is used to customize the display and operation methods of SCS Maintenance Sup-
port Tool. Setup Tool allows you to define the settings related to fonts and operations for the
SCS Status Overview window, the SCS State Management window and the Diagnostic Infor-
mation window.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.2 Application examples at maintenance> A5-4

A5.2 Application examples at maintenance


Maintenance can be classified into two types: regularly performed maintenance and mainte-
nance performed when an unexpected error occurs. This section describes how to use SCS
Maintenance Support Tool when an unexpected error occurs, for example, in a case where
the SCS diagnostic function detects errors in input/output modules.
Maintenance operations are performed by maintenance personnel in most cases. This section
assumes that analysis of causes is performed by engineers and tasks of eliminating abnor-
mality is handled by maintenance personnel, and describes the tasks involved separately.

Errors occur in input/output


modules diagnosis

1. SENG power ON

2. SCS State Management Check the current SCS status.


window

3. Diagnostic Information Check diagnostic information messages.


Engineer

window

Check actions to take from the diagnostic


4. Help dialog box information messages.

Check detailed actions defined by the user.


5. User-defined action guide

Analyze the causes.


6. SOE Viewer
Maintenance
personnel

Remove the causes.


7. Maintenance

8. SCS State Management Check the SCS status after removing the causes.
window
Engineer

Delete the diagnostic information messages.


9. Diagnostic Information
window

10. SENG shutdown


and power OFF

Completed

Figure A5.2-1 Workflow for maintenance operation

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.2 Application examples at maintenance> A5-5

n Step 1: SENG power on


The engineer turns ON the power supply of the SENG in order to analyze the causes of the
error diagnosed.

n Step 2: SCS State Management window


The engineer launches the SCS State Management window of a station that detected a diag-
nosed error from SCS Manager. The engineer checks the current status based on the display.
The diagnostic information mark is displayed for the input/output modules on which the diag-
nosed errors occurred. The engineer selects those input/output modules and then displays
the Diagnostic Information window in order to check the diagnostic information messages re-
lated to those input/output modules.

n Step 3: Diagnostic Information window


The engineer checks the messages output by the SCS diagnostic functions. An action to be
taken for a diagnostic information message can be checked with a help message displayed
by double-clicking the diagnostic information message and displaying the Help dialog box. To
acknowledge the diagnostic information message, click the corresponding message in the Di-
agnostic Information window and then click [Acknowledgement] button on the toolbar. The Ac-
knowledgement dialog box appears. Click the [OK] button in this dialog box; the status of the
diagnostic information message is placed in the acknowledged status (operation when ac-
knowledging individually).

n Step 4: Help dialog box


The Help dialog box displays help messages corresponding to message numbers. If the
counter-actions measures specific to devices are available, the engineer can call the user-de-
fined action guide from the Help dialog box to check actions to take.

n Step 5: User-defined action guide


The engineer learns what actions to take against the error from the information of user-de-
fined action guide. Note that the guide must be defined in advance by the engineers.

n Step 6: SOE Viewer


The engineer identifies the causes of the error based on the diagnostic information messages
and/or SOE event information at the time diagnosed errors occur. The engineer then identifies
a procedure to eliminate the causes. It is possible to keep messages as records by saving
them in a file.

n Step 7: Maintenance
The maintenance personnel removes the causes according to the operation procedure made
by the engineer.

n Step 8: SCS State Management window


The engineer displays the SCS State Management window and checks that the input/output
modules have recovered from the error.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.2 Application examples at maintenance> A5-6

n Step 9: Diagnostic Information window


The engineer deletes the messages output by the SCS diagnostic functions. To delete a diag-
nostic information message, click the corresponding message in the Diagnostic Information
window and click [Deletion] button on the toolbar; the Deletion dialog box appears. Click the
[OK] button in this dialog box to delete the diagnostic information message (using the opera-
tion to delete individual message).

n Step 10: SENG shutdown and power off


After analyzing the cause of the diagnosed error and removing the cause, if the SENG is not
used normally, the engineer shuts the SENG down and turns the power OFF.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.3 Customization of the SCS Maintenance Support Tool window> A5-7

A5.3 Customization of the SCS Maintenance


Support Tool window
The operation environment of the SCS Maintenance Support Tool window can be customized.

n Items that can be customized


You can use Setup Tool to specify the following operation environment settings:
• Selecting the method of acknowledgment/deletion
The method to acknowledge/delete diagnostic information messages can be specified.
• Font setting
The font and font size used in the SCS Maintenance Support Tool window can be speci-
fied.
• Color selection
The background color and text color can be specified.
Setup Tool consists of the following tabs:
• General
Allows settings for the entire SCS Maintenance Support Tool
• Diagnostic Information
Allows settings for the Diagnostic Information window

n Displaying Setup Tool


Click the [Setup Tool] button on the toolbar of the SCS Status Overview window or the SCS
State Management window. SCS Maintenance Setup dialog box appears.

SCS Maintenance Setup

General Diagnostic Information

Font

Font Name BatangChe[Baltic]

Height 16

Color

Text Color

Back

OK Cancel Apply

Figure A5.3-1 General Tab of SCS Maintenance Setup Dialog Box

n General tab
Make settings related to the overall appearance of the window including font and text color in
the "General" tab.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.3 Customization of the SCS Maintenance Support Tool window> A5-8

l Font
The setting items related to font are as follows.
• Font name
This item is used to select a font name. The font specified here is used in all windows
related to SCS Maintenance Support Tool. The default font installed in SENG becomes
the initial font.
• Height
This item is used to select a font size. The font size specified here is used in all windows
related to SCS Maintenance Support Tool.

l Color
The setting items related to color are as follows.
• Text color
This item is used to select a text color. The text color specified here is used in all windows
related to SCS Maintenance Support Tool.
• Back
This item is used to select a text background color. The background color specified here
is used in all windows related to SCS Maintenance Support Tool.

n Diagnostic Information tab


Make settings for operations specific to the Diagnostic Information window in the "Diagnostic
Information" tab.

SCS Maintenance Setup

General Diagnostic Information

Acknowledgement method

Individual Group

Deletion method

Individual Group

User-defined action guide

File: C:\RS-Projects\Guide\UserHelpTop.htm

Setup

OK Cancel Apply

Figure A5.3-2 Diagnostic Information Tab of SCS Maintenance Setup Dialog Box

l Method of acknowledgment
The setting items related to the method of acknowledgment are as follows.
• Individual
Select this option to acknowledge the diagnostic information messages individually. It is
recommended to use [Individual] during a normal operation.
• Group

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A5.3 Customization of the SCS Maintenance Support Tool window> A5-9
Select this option to acknowledge all diagnostic information messages in a batch.

l Method of deletion
The setting items related to the method of deletion are as follows.
• Individual
Select this option to delete the diagnostic information messages individually. It is recom-
mended to use [Individual] during a normal operation.
• Group
Select this option to delete all diagnostic information messages in a batch.

IMPORTANT
If you select [Group] as the acknowledgement/deletion method, all diagnostic information
messages displayed in the screen become the target of the acknowledging/deleting opera-
tion. So, you should not use this function during normal plant operation; use it only temporarily
when testing, etc.

l User-defined action guide


In the help dialog box for each diagnostic information message, a help text regarding the cau-
ses and resolution for the occurred message can be displayed as a guidance. Copying the
default User Defined Action Guide and editing the contents can create a new user-defined ac-
tion guide. The procedure is as follows:
1. Click the [Setup] button. The dialog box is displayed to specify the folder for copying the
default action guide.
2. Click the [OK] button after specifying a folder. Then the file will be copied. The file name
will be UserHelpTop.htm. The file name should not be changed.
Edit the copied guide accordingly so as to create a new user-defined action guide.
SEE
ALSO For more information about how to create a user-defined action guide, refer to:
“■ User-defined action guide” in H6.3, “Diagnostic information message help function” in Engineering
Guide Vol. 1 (IM 32P01C10-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6. Virtualization platform > A6-1

A6. Virtualization platform


ProSafe-RS runs not only on physical computers but also on virtual machines on the virtuali-
zation platform. This section describes an outline of the virtualization platform, the system
configuration, the software environment, and precautions.

n Terminology
This section describes virtualization and related terms.
Virtualization is a technology to make a single unit of physical hardware look like multiple logi-
cal units of hardware, or to make multiple units of physical hardware look like a single unit of
logical hardware. In this document, we mainly deal with the technique that makes it look like
there are multiple computers in the server.
• Virtualization software
Refers to the software that realizes virtualization.
• Virtualization host computer
Refers to a server on which virtualization software is installed and that is able to make it
look like there are multiple computers in it.
• Virtual machine
Virtualization can make it look like there are multiple computers on the virtualization host
computer, and these pseudo computers are referred to as virtual machines.
• Host OS
Refers to the OS operating as the foundation on the virtualization host computer.
• Guest OS
Refers to the OS running the virtual machines.
• Thin client
Refers to a client computer that contains minimum functions and performance and that is
used for user interface.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.1 Outline of virtualization platform > A6-2

A6.1 Outline of virtualization platform


In this document, the virtualization platform indicates the platform for integrating multiple com-
puters with Yokogawa system products installed in the server. Hyper-V is used for the virtuali-
zation software.
In the virtualization platform, Vnet/IP functions on virtual machines are realized by using ge-
neric network card and Vnet/IP Interface Package instead of using Vnet/IP interface card. A
virtual machine with this Vnet/IP communication function is referred to as a virtual Vnet/IP sta-
tion.

Virtualization host computer

Virtual machine Virtual machine


(Virtual Vnet/IP station)
Application software

Vnet/IP interface package Application software

Host OS Guest OS Guest OS

Virtualization software (Hyper-V)

Virtualization host computer hardware

Figure A6.1-1 Hypervisor type virtualization host computer

Operation of the virtual machines on the virtualization host computer is performed on the thin
client remotely connected via the network.
SEE
ALSO For more information about detailed functions of virtualization platform, refer to:
A., “Overview” in Virtualization Platform Setup (IM 30A05B20-01EN)
For more information about how to operate the virtualization host computer, refer to:
B., “Operating virtualization host computers” in Virtualization Platform Setup (IM 30A05B20-01EN)
For more information about how to set up a thin client, refer to:
C., “Setting up thin clients” in Virtualization Platform Setup (IM 30A05B20-01EN)
For more information about procedure to set up ProSafe-RS running on virtualization platform, refer to:
A2.2.2, “Setup Procedure for ProSafe-RS Running on a Virtual Machine on the Virtualization Platform” in
Installation Guide (IM 32P01C50-01EN)
For more information about virtualization platform IT security setting, refer to:
1., “Overview” in Virtualization Platform Security Guide (IM 30A05B30-01EN)
For more information about IT security setting for ProSafe-RS running on virtualization platform, refer to:
1., “Overview” in ProSafe-RS Security Guide (IM 32P01C70-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.2 System configuration of virtualization platform > A6-3

A6.2 System configuration of virtualization


platform
The following figure shows an example of the system configuration of the virtualization plat-
form.
Device installed in
Level 3 can also be used
Thin client Network
SNTP server Domain Management
controller System
Remote UI network (redundant)
L2SW for
Plant information plant information
network network

L2SW for Remote Virtualization


UI network (redundant) host computer
Router
L2SW for storage
(redundant) Network
Storage network Domain Management
Local
(redundant) controller System
console
Storage controller
(redundant) HA-cluster
network

Management L2SW for


network management network

L2SW for cluster


Shared storage communication
Vnet/IP (redundant)
L2SW for Vnet/IP
(redundant)

FCS SCS

Figure A6.2-1 Example of system configuration of virtualization platform

ProSafe-RS R4.04.00 and later software can run on the virtual machines of the virtualization
platform.
SEE
ALSO For more information about hardware on which the virtualization platform runs, and Yokogawa system prod-
ucts running on virtualization platform virtual machines, refer to:
IA system products virtualization platform (GS 30A05B10-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.2 System configuration of virtualization platform > A6-4

A6.2.1 Virtualization host computer


Virtualization host computers in the virtualization platform environment have the following
structures:
• Single structure
• HA cluster structure (cluster structure with increased availability)
If HA cluster structure is used for increased virtualization server availability, live migration and
failover functions can be used.

n Live migration
Live migration is a feature that enables you to move active virtual machines to another virtual-
ization host computer without stopping them. With this feature, you can apply security patches
to the host OS or replace the hardware of the virtualization host computer without shutting
down the virtual machines.

l Disabling automatic live migration


In the virtualization platform environment, the default settings are changed to disable auto-
matic live migration.
TIP Automatic live migration is configured to be disabled in the following scenarios:
• When the resources of virtual machines are over committed in a virtualization host computer that consti-
tute an HA cluster
• When the network that the virtual machines connect is specified in [Protected network] and its communi-
cation is interrupted.

However, automatic live migration may not be suppressed sometimes. For example, if you
shutdown a host OS while a virtual machine is active in a virtualization host computer that
forms a part of an HA cluster, live migration occurs automatically.

n Failover
Failover is a function to restart the virtual machines of a virtualization host computer that
stops due to an error, on another virtualization host computer in an HA cluster. This function is
used to reduce the down time of a system when a virtualization host computer stops due to
an error.
Restoration by restarting the virtual machine by using failover runs in the same way as [OS
startup after unexpected shutdown].
Apart from the HA cluster failover that is explained in this section, there is another function
called replication failover.

l Failover conditions
Failover occurs in the following scenarios:
• When an active virtualization host computer stops due to an error.
• When communication is interrupted in both the management network and the HA-cluster
network on an HA cluster that consists of three or more virtualization host computers.

l Automatic restart of virtual machines


If the guest OS of a virtual machine with failover settings stops responding, the virtual ma-
chine restarts automatically. Unlike failover, the virtual machine restarts on the virtualization
host computer that the virtual machine is originally allocated.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.2 System configuration of virtualization platform > A6-5
Restoration by restarting the virtual machine runs in the same way as [OS startup after unex-
pected shutdown].

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.2 System configuration of virtualization platform > A6-6

A6.2.2 Thin client


Thin client is a terminal that you use to operate the virtual machines on a virtualization host
computer through remote connection. In the virtualization platform environment, Microsoft Re-
mote Desktop Protocol is used as the connection protocol.

n Number of virtual machines that you can connect simultaneously


from a thin client
You can connect a thin client to multiple virtual machines simultaneously, but this consumes a
lot of resources from the thin client. If too much resources are consumed, the remote connec-
tion may be disconnected. If that happens, verify the memory usage of the thin client and re-
duce the number of virtual machines that are simultaneously connected.

n Connecting a virtual machine and the USB devices of a thin client


This section describes whether you can use the USB devices that are connected to a thin cli-
ent from a virtual machine.
You can use the following thin client USB devices from a virtual machine:
• Speaker
• USB storage devices
You can use these devices by configuring the corresponding settings in the virtual machine
and the thin client.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.3 Software environment> A6-7

A6.3 Software environment


This section describes the software environment of the components.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.3 Software environment> A6-8

A6.3.1 Virtualization host computer


This section describes the software environment of the virtualization host computer.

n Host OS
This section describes the software environment of the host OS.

l Operating system
The following host operating systems are supported:
• Windows Server 2016 Datacenter Edition Desktop Experience

l IT Security Tool
The IT Security Tool, which is used to configure IT security settings of the host OS, is provi-
ded in the software medium for the virtualization platform.

n Virtual machine
This section describes the software environment of the virtual machine.

l Operating system
The following operating system is supported for virtual machines:
• Windows Server 2016 Standard Edition

l Vnet/IP interface package


In a physical environment, Vnet/IP stations use a dedicated card for Vnet/IP communication.
In a virtualization platform environment, Vnet/IP stations use the Vnet/IP interface package
and a general network adapter for Vnet/IP communication.
You must install the Vnet/IP interface package on a virtual machine before installing
YOKOGAWA system products.
The following sections describe the important notes for Vnet/IP communication in the virtuali-
zation platform environment.
SEE
ALSO For more information about notes of Vnet/IP communication in virtualization platform environment, refer to:
A6.4.1, “Precautions related to Vnet/IP communication on the virtualization platform” on page A6-12

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.3 Software environment> A6-9

A6.3.2 Thin client


This section describes the software environment of the thin client.

n Operating system
The thin clients that are supported in the virtualization platform environment uses the follow-
ing operating systems:
• Windows 10 IoT Enterprise 2015 LTSB or later (hereinafter referred to as Windows 10
IoT)
• Wyse ThinOS 8.4 or later (hereinafter referred to as Wyse ThinOS)

n Yokogawa RDP Monitoring Software


If you use Windows 10 IoT, YOKOGAWA provides the Yokogawa RDP Monitoring Software in
the software medium for virtualization platform. This software detects communication errors
between virtualization host computers and thin clients.
The Yokogawa RDP Monitoring Software behaves as follows:
• It considers an interruption in communication for three seconds or more including signing
out by user, as a communication error.
• It displays a user notification dialog box when an error is detected.
• It notifies users of errors in all communication channels when multiple virtual machines
are connected.

n IT Security Tool
The IT Security Tool, which is used to configure IT security settings in Windows 10 IoT, is pro-
vided in the software medium for the virtualization platform.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.3 Software environment> A6-10

A6.3.3 License
You need a license to use the Vnet/IP interface package. After installing YOKOGAWA system
products, assign the license to the virtual machine.
The virtual Vnet/IP stations without licenses are the same as the Vnet/IP stations that are not
connected to the Vnet/IP network cable.
SEE
ALSO For more information about required OS license for virtualization host computer and thin client, refer to:
IA system products virtualization platform (GS 30A05B10-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-11

A6.4 Precautions on the virtualization platform


This section describes precautions on Vnet/IP communication on the virtualization platform,
and precautions on setting up ProSafe-RS for virtual machines.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-12

A6.4.1 Precautions related to Vnet/IP communication on the


virtualization platform
This section describes precautions related to Vnet/IP communication on the virtualization plat-
form

n License
You need a license to use the Vnet/IP interface package. After installing YOKOGAWA system
products, assign the license to the virtual machine.
The virtual Vnet/IP stations without licenses are the same as the Vnet/IP stations that are not
connected to the Vnet/IP network cable.

n Security
You must control the administrative privileges of the virtual Vnet/IP station to ensure the se-
curity of the Vnet/IP communication.

n Functions not supported by the virtualization platform


The virtualization platform does not support the following functions:

l Vnet/IP open communication


The virtualization platform uses the plant information network for open communication, and
does not use Vnet/IP open communication. Attempting to install the Vnet/IP open communica-
tion driver will result in an error and installation will fail.

l FAST/TOOLS integration
The virtualization platform does not support FAST/TOOLS integration. Also, wide area com-
munication and narrow band communication supported by FAST/TOOLS integration cannot
be used.

n Precision of time synchronization


The relative time synchronization precision between virtual Vnet/IP station and other stations
are as follows:
• ±50 ms within the domain
• ±75 ms among domains
This precision does not apply to the relative time synchronization between stations other than
virtual Vnet/IP stations, and remains the same as earlier.

n Limitations related to IP address and network connectivity


The following limitations related to IP address and network connection applies to virtual
Vnet/IP stations:
• Do not configure IP addresses 192.168.0.0 to 192.168.255.255 for virtual network adapt-
ers that are not used for Vnet/IP communication on the virtual machines.
• The virtual network adapters other than the Vnet/IP virtual network adapter cannot con-
nect to the network in the range from 192.168.0.0 to 192.168.255.255 either directly or
through network switches and routers.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-13

n L2SW segments within the Vnet/IP domain


The range that is connected to only an L2SW without devices such as layer 3 switches (here-
inafter, referred to as L3SW) or V net routers is called the Vnet/IP domain. In the virtualization
platform environment, the range connected by including this virtual L2SW is called the Vnet/IP
domain.
In a virtualization platform environment, you can install up to seven L2SW segments within
the Vnet/IP domain. This does not include virtual L2SW.

n Notes when connecting SNTP server to the Vnet/IP network


When you connect the SNTP server to a Vnet/IP network on which virtual Vnet/IP stations are
connected, and try to synchronize the network time with the absolute time, adopt any of the
following network configurations:
• If a domain with one or more virtual Vnet/IP stations that are installed with Vnet/IP firm-
ware is available, you must connect the SNTP server to that domain.
• If you cannot connect the SNTP server to a domain that satisfies the conditions men-
tioned earlier, or if the domain to which the Vnet/IP station belongs does not have stations
installed with Vnet/IP firmware, configure the network by satisfying all the following condi-
tions:
• Install the SNTP server in a place where all the Vnet/IP stations that belong to a time
group can communicate.
• In this time group, include a minimum of one station that is installed with Vnet/IP firm-
ware.
• Specify the IP address of the SNTP server in the time group settings in the properties
of the domain that has stations installed with Vnet/IP firmware.
TIP The following stations are installed with Vnet/IP firmware:
• Stations installed with Vnet/IP interface card
• FCS that can connect to Vnet/IP
• SCS
• Vnet router
• Wide area communication router

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-14

A6.4.2 Precautions on using ProSafe-RS on a virtual


machine
This section describes precautions on using ProSafe-RS on a virtual machine.

n Resources required for a virtual machine


The following table shows an estimation of resources that are required for ProSafe-RS sys-
tem to run in a virtual machine.
If you install multiple functions on a virtual machine, you must compare resources required for
respective functions and assign the maximum value of them to the virtual machine. Ensure to
total the required available space for the hard disk space.
If CENTUM VP software is also installed on the same virtual machine, the virtual machine
must also meet the requirements for CENTUM VP software.

Table A6.4.2-1 Estimation of resources required for a virtual machine


Function and package Type of setup Number of Memory size Hard disk Disk access
CPU cores (GB) space (GB) speed (MB/s)
(*1)
Engineering Server Function Recommen- 4 8 80 32
(*2) ded setting
Safety System Engineering Recommen- 4 8 80 32
and Maintenance Function ded setting
SOE Viewer Package / SOE Recommen- 2 4 80 16
OPC Interface Package / ded setting
Forced I/O Viewer Package
SCS Simulator Recommen- 3 4 - 16
ded setting (8
simulators)
Small-scale 2 4 - 16
setting (4
simulators)
License Management Recommen- 2 4 80 16
ded setting
Small-scale 1 2 40 8
setting
File Server Recommen- 2 4 80 32
ded setting
iDefine for ProSafe-RS (*3) Recommen- 2 8 80 16
ded setting
*1: If the operation history database of Access Control and Operation History Management Package is placed on the virtual ma-
chine, at least 60 GB of additional disk space is required.
*2: Only the license of this package can be distributed alone to a virtual machine and run it as an AD Server.
*3: This function cannot coexist with CENTUM VP software.

n Precautions for running live migration


You must stop SENG programs before you run live migration. If you run live migration while
SENG programs are running, problems may occur for example creation of master database
fails after online maintenance. To avoid such problems, you must handle a live migration as a
maintenance task and prepare a plan to execute it.

n Precautions after execution of failover


The virtual machine startup due to failover runs as “OS startup after unexpected shutdown”.
After failover runs, perform the following tasks.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-15
Use Project Comparing Tool or Database Validity Check Tool to check the status of database
after failover runs. If necessary, roll back SCS project by using the database repair function of
Database Validity Check Tool or Version Control Tool and reflect the changes that are made
before failover runs to restore the project or the database.

n Precautions when connecting remote desktop


Remote desktop connection is required between the virtual machines and the thin clients
when using ProSafe-RS on the virtualization platform.
Precautions when connecting the remote desktop on the virtualization platform are as follows:
• Install the remote desktop session host role service on the virtual machines.
• Set the number of remote desktop connection sessions that can be connected to one vir-
tual machine at the same time to 1.
• Disable the limit on the number of connected sessions for each user.
• It is recommended to limit the number of thin clients and users who can remotely connect
to virtual machines to the minimum necessary.
• The ProSafe-RS and CENTUM VP remote operation monitoring servers cannot both be
installed on the same virtual machine.
SEE
ALSO For more information about how to set the number of sessions that can be connected simultaneously on re-
mote desktop, refer to:
B1.6, “Changing session settings in remote connection” in Virtualization Platform Setup (IM
30A05B20-01EN)
For more information about how to grant permission for remote connection with thin clients and how to regis-
ter users, refer to:
B1.4, “Configuring system products after installing” in Virtualization Platform Setup (IM 30A05B20-01EN)
For more information about setting to limit the number of thin clients and users that can be remotely connec-
ted to the minimum, refer to:
B2.5.6, “Limiting connections to virtual machines” in Virtualization Platform Setup (IM 30A05B20-01EN)

n Precautions when using shared storage


If the path for shared storage is switched while SCS Test Function Window is being started,
the start of SCS Test Function Window may fail.
If the start of SCS Test Function Window failed, restart it.

n Precautions when using iDefine in the virtualization platform


environment
Dongle Gateway, which is a Windows service, is required to use iDefine in the virtualization
platform environment. The license for iDefine is authenticated via Dongle Gateway.
SEE
ALSO For more information about Dongle Gateway specifications, refer to:
Dongle Gateway Installation and User Guide (PR03076-MAN-983_01)

l Installing Dongle Gateway and inserting a USB dongle


Install Dongle Gateway on thin clients where IT security settings are applied, physical
SENGs, or virtual machines with SENG software installed.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-16
Insert a USB dongle into computers where Dongle Gateway is installed. If you install Dongle
Gateway on a virtualized SENG, insert a USB dongle in the USB device server and have it
recognized via the network.
With one USB dongle, you can use iDefine for the number of licenses granted to the dongle.
The following table shows the combinations of computers that can install Dongle Gateway
and where to insert the USB dongle.

Table A6.4.2-2 Computers on which Dongle Gateway can be installed and where to insert the USB
dongle
Computers on which Dongle Where to insert the USB dongle Remarks
Gateway can be installed
Thin client Thin client Windows version
Physical SENG Physical SENG -
Virtualized SENG USB Device Server (*1) -
*1: Please contact YOKOGAWA for recommended products for USB Device Server.

SEE
ALSO For more information about Dongle Gateway IT security setting, refer to:
“■ The users for using iDefine in a virtualization environment” in 2.2.3, “User/Group Management” in
ProSafe-RS Security Guide (IM 32P01C70-01EN)
For more information about how to install Dongle Gateway, refer to:
Dongle Gateway Installation and User Guide (PR03076-MAN-983_01)

l License authentication
To use iDefine in a virtualization platform environment, authenticate the license via Dongle
Gateway.

IMPORTANT
• If the iDefine for the number of Dongle Gateway licenses granted to the USB dongle is
already connected to the Dongle Gateway at the same time, trying to connect another
iDefine will cause license authentication to fail.
• If communications between iDefine and Dongle Gateway are disconnected, such as if
there is a communication error or if the USB dongle is pulled out, update of the license
information will fail and the iDefine license will be invalidated. If communication between
iDefine and Dongle Gateway is restored within 5 minutes and license information can be
acquired, the iDefine license is re-activated and iDefine can be used. If the license infor-
mation cannot be acquired, Dongle Gateway releases the license and becomes available
from other iDefine.

SEE
ALSO For more information about how to authenticate iDefine license via Dongle Gateway, refer to:
Dongle Gateway Installation and User Guide (PR03076-MAN-983_01)

n Transfer of data files


The method to transfer files, such as the safety I/O list and data files to be exchanged with
iDefine, to and from the guest OS of virtual machines differs from the method used for physi-
cal computers.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<A6.4 Precautions on the virtualization platform > A6-17
SEE
ALSO For more information about how to extract and capture data files, refer to:
B2.8, “Copying files” in Virtualization Platform Setup (IM 30A05B20-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B. ProSafe-RS security> B-1

B. ProSafe-RS security
ProSafe-RS has the following security functions to prevent access to the system by unauthor-
ized users and devices, and unintended changes caused by operation mistakes made by
users.
• Security for the project database
You can configure the SENG function so that the user is required to enter a password
when changing the project data with SCS Manager. (Recommended)
• Security for access to SCS
You can limit access to SCS from the outside based on the SCS security level. The user
is required to enter a password when changing the SCS security level. (Mandatory)
• Security for the SCS Maintenance Support Tool
On SENG, you can limit writing to SCS with the SCS Maintenance Support Tool by setting
a password. (Recommended)
• Access control and operation history management
Access control and operation history management can be performed on projects that are
saved in the AD Server. You can also use the Access control and operation history man-
agement package.
• Countermeasures against threats to IT security
ProSafe-RS security threats include attacks via the network, direct attacks by executing
actions on an SENG, and analysis of important data carried out by stealing an SENG.
The security features are designed to take measures against these types of security
breaches.
This section provides an overview of the ProSafe-RS security function, and the main proce-
dures for setting passwords and implementing security relating to unauthorized access and
protection against unintended operations.

SENG SCS

Security Function

Security for
Verify password SCS project Project Database

SCS Manager Verify password Security for


Access to SCS

SCS Maintenance Security for the


Verify password Support Tool SCS Maintenance
Support Tool

Setting
information

Figure B-1 Password-based security functions

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B1. Overview of ProSafe-RS security> B1-1

B1. Overview of ProSafe-RS security


The figure below illustrates the security management of SCS and SENG in ProSafe-RS.

AD Server SENG

User management
Access control Logon control

System Structure
Navigator Access control and operation history management

Operation history
Access control management
Safety I/O Editor

Security of Database Security of SCS Security of


Safety SCS Maintenance
Communication support tool
I/O Editor
Database Protection against
access control unintended
IOM operation
Definition editor

Modification Access control Error detection


RS generation management management
for SCS

History
management

ModPack-based
change management SCS Access
Control

SCS

Figure B1-1 Overview of security management

n IT security
This section describes the requirements for IT security.
For SENG, Windows OS is used as a platform. Therefore, it is necessary to prevent, detect,
and recover from computer viruses and attacks from the external through the network. For ex-
ample, there are countermeasure such as network access control using firewall and system
backup.
In the CENTUM Integration Structure, it is necessary to consider comprehensive IT security
including ProSafe-RS system and CENTUM system.
You can harden the security of the PC designated as a SENG terminal to enhance the
ProSafe-RS IT security (PC hardening). This section describes the details regarding PC hard-
ening and the setting guidelines.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B1. Overview of ProSafe-RS security> B1-2
TIP When integrating ProSafe-RS with CENTUM VP, configure the security settings during installation of ProSafe-
RS and installation of CENTUM VP, respectively.
When integrating ProSafe-RS with CS 3000, select Legacy model in IT security tool.
Configure the IT security of the computer that has iDefine installed by referring to iDefine Security Manual
(PR03076-MAN-981_01).
If your security model is a legacy model, anyone will be able to start iDefine Test Manager.
If your security model is a standard or strengthened model, any user that belongs to the PSF_ENGINEER or
PSF_ENGINEER_LCL group will be able to start iDefine Test Manager.

l An example of registering a user to the user account


IT security enhancement for a PC can protect the ProSafe-RS system from the illegal access
by any user other than the user of ProSafe-RS user groups. For protecting the ProSafe-RS
system from the accidental mistaken accesses by the users of ProSafe-RS groups, the
ProSafe-RS Security features should be used. By combining IT security enhancement for a
PC and ProSafe-RS Security, you can fortify security of ProSafe-RS.
The typical examples of registering a ProSafe-RS user to the user groups are shown as fol-
lows:
(A) ProSafe-RS Engineer (Integrated with CENTUM VP)
ProSafe-RS Engineer user should be assigned to both PSF_ENGINEER group of
ProSafe-RS and CTM_ENGINEER group of CENTUM VP.
(B) ProSafe-RS Engineer (Not Integrated with CENTUM VP)
ProSafe-RS Engineer user should be assigned only to the PSF_ENGINEER group.
(C) Maintenance and service persons
The user who requires the role for upgrading SENG software to newer versions, main-
taining or changing the hardware components such as I/O modules should be assigned
only to the PSF_MAINTENANCE group.
(D) Network and System Administrator (User who is responsible for network maintenance)
This user is considered as the administrative user of Windows environment in SENG.
This user needs to be assigned only to the PSF_MAINTENANCE group.
(E) User account for emergency attention (For domain or parallel management in standard
model)
When ProSafe-RS system is running in an Windows domain environment, if the domain
controller encounters an abnormality, no one can logon to the SENG with the domain
account. You need to prepare the user accounts who are assigned to the PSF_MAINTE-
NANCE_LCL group for an emergency attention. If the domain controller encounters an
abnormality, user can logon to the SENG with this user account, then maintain and op-
erate ProSafe-RS.
Though the users in the above groups are all granted with the Write permission to all the Proj-
ect folders, in the cases of (C) and (D), the Write permission is not required. An engineer
should define a password by using the security feature of the project database and keep the
password as secret to the users whom you do not grant the Write permission so as to protect
the project database. Moreover, ProSafe-RS provides security features for accessing the SCS
and for Maintenance Support Tool. These security features can be utilized in accordance with
the role of the users so as to protect the database and SCS from the accidental operation
mistakes.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B1. Overview of ProSafe-RS security> B1-3
SEE
ALSO For more information about user groups of ProSafe-RS, refer to:
2.2, “User/Group Management” in ProSafe-RS Security Guide (IM 32P01C70-01EN)
For more information about user groups of CENTUM VP, refer to:
CENTUM VP Installation (IM 33J01C10-01EN)

n Database security management


The database has the following security functions.

l Access control of the SCS project database


It is possible to set a password for the database used in an SCS project; so that only users
who know the password are allowed to make changes to the database. It is also possible to
set whether or not to allow users who do not know the password to refer to the database.

l Security for AD projects


The following security functions are available for AD projects:
• Management of users who are permitted to access AD projects
• Access control of AD project data

l Modification management
This function manages the changes made to SCS projects. It has the following functions:
• Backup
SCS projects are registered and managed in AD Server.
• Version management
This function manages the history of changes made to SCS projects.
• Master database management
SENG always maintains the backup SCS project that keeps the same SCS database with
the one running on the SCS.
• Saving modification files
When you use the Access Control and Operation History Management Package, the
changes made to the project database downloaded to the SCS are saved.

n Security management of SCS


The SCS has the following security functions.
SEE
ALSO For more information about details on the security of SCS, refer to:
B3., “Security of SCS” on page B3-1

l Prevention of SCS operation mistakes made by users


When a user attempts to perform the following operations on the SCS, the user is prompted
to confirm the execution of the operation in order to prevent operational mistakes.
• Offline download
• Online change download
• Master database offline download
• IOM download

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B1. Overview of ProSafe-RS security> B1-4
• I/O lock
• SCS security level change

l Access control to SCS


• Access control based on the security level
Access from outside to SCS is controlled by SCS security levels. Password must be set
for changing the SCS security levels (to Level 1 or Level 0). The SCS security level can
only be operated using the SCS security level operation function, by users who know the
password.
• Access control for each user
When the Access Control and Operation History Management Package is applied, you
can control operations on SCS for each user.

n Security management of SCS Maintenance Support Tool


In SCS Maintenance Support Tool, write access to SCS is controlled by setting a password. If
the Access Control and Operation History Management Package is used, operations of the
SCS Maintenance Support Tool can be controlled for each user.

l SCS Status Overview window, Diagnostic Information window, Setup Tool


The SCS Status Overview window, Diagnostic Information window and Setup Tool are protec-
ted by passwords. Each of these functions is launched as read-only unless the correct pass-
word is specified.
In the case of the SCS Status Overview window, the password is checked when calling this
window from SCS Manager. The Diagnostic Information window and Setup Tool inherit the
password of the SCS Status Overview window when they are launched.
When the Access Control and Operation History Management Package is applied, enter the
name and password of the engineer.

l Message Cache Tool


Message Cache Tool is protected by a password. It is launched as read-only unless the cor-
rect password is specified.

l SOE Viewer
No password is set up for SOE Viewer because no writing operations to an SCS are per-
formed on SOE Viewer.

l Forced I/O Viewer and Forced I/O Viewer Setup Tool


Forced I/O Viewer and Forced I/O Viewer Setup Tool do not perform password authentication
at startup.

n Access control of AD server


You can control access to individual files and functions of an AD project for each user. You
can also set access rights to the files and folders in AD Server according to the role of the
user.

l System Structure Navigator


You can set the rights to register, unregister, back up, and restore RS projects, edit RS project
comments, and delete SCS.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B1. Overview of ProSafe-RS security> B1-5

l Safety I/O Editor


You can set the rights to create and delete safety I/O lists and assign safety I/O.

l Safety Communication I/O Editor


You can set the rights to create and delete safety communication I/O lists and assign safety
communication I/O.

l IOM Definition Editor


You can set the rights to create and delete nodes and I/O modules.

l RS generation
You can set the rights to run RS generation.

l History management
You can set the rights to set and delete labels.

l ModPack change management


You can set the rights to perform operations for each ModPack operation category.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B2. Security for project database> B2-1

B2. Security for project database


This section describes security for project databases.

n Setting a password for project databases


You can assign a password to a database to prevent unauthorized users from making
changes to the database in SCS projects. Users without entering the password can be given
permission for read only operation.
Passwords can be specified for the following.
• For each SCS Project
• For each POU
The reading and writing right for the whole project and the access right for each POU can be
controlled using the security function of the SCS project and the security function of each
POU.
Set a different password for each SCS Project.
If higher level of security is required, set a password for each important POUs.
You need to set different passwords for each SCS project. These passwords should be differ-
ent from the one for the SCS security level.
Database files in RS projects should not be changed from tools other than the ProSafe-RS
software.

n Setting a password for the SCS project


It is possible to set a password for the SCS project so that only authorized users can make
changes to the SCS project.
The following settings can be made.
• Password for the SCS Project
If you set a password for the SCS project, users are asked to enter the password when
they open the SCS project.
• Accessing without a password
If you do not know the password, the SCS project can be opened in read-only mode with-
out entering the password after checking [Read Only].
In this status, the users are not allowed to edit the application logic or generate databa-
ses.
Operations on the SCS, such as using the forcing function and downloading data, are
possible in the read-only status.
TIP Security for operations on SCSs and security for SCS project databases are not related.
The security against operations on SCSs is changed using the SCS security level operation function. By
changing the SCS security level, using the forcing function and downloading data can be allowed.

l How to set passwords


1. Select [Project Properties] from the [File] menu of SCS Manager;
The following dialog box appears.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B2. Security for project database> B2-2
Project Properties

Security

Password

Old: ***

New: ***

Confirm New: ***

Read Only

OK Cancel Apply

Figure B2-1 Project Properties dialog box

2. Enter the current password in the [Old:] field.


3. Enter a new password in the [New:] field, and once again in the [Confirm New:] field. The
password consists of up to eight case-sensitive, alphanumeric characters.
4. If you want to access the project but do not know the password, check [Read Only] op-
tion.
5. Click the [OK] button.

n Setting password for each POU


It is possible to set a password for each POU so that only the authorized users can reference
and change important POUs.
When users attempt to edit a POU for which a password is set, they are required to enter the
password. If you do not know the password, you are not allowed to reference or print the
POU.
Even when a project is opened in read-only mode, the POU is readable after entering the
password of the POU.

l How to set passwords


1. Select a POU for which you want to set a password.
2. Select [Properties] from the menu displayed by clicking the right mouse button.
The following dialog box appears.
Program - Properties

General Security Code Generation

Password

Use Resource Password

Old:

New:

Confirm New:

OK Cancel Apply

Figure B2-2 Dialog box for setting a password for a POU

3. Enter the current password in the [Old:] field.


4. Enter a new password in the [New:] field, and once again in the [Confirm New:] field. The
password consists of up to eight case-sensitive, alphanumeric characters.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B2. Security for project database> B2-3
5. Click the [OK] button.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B3. Security of SCS > B3-1

B3. Security of SCS


SCS security levels provide adequate security through specifying the passwords. Passwords
for different security levels can be set for each SCS.
• Setting and changing passwords
• Changing SCS security levels
Note that it is necessary to return the SCS security level to Level 2 before closing an SCS
project.
This section describes how to set passwords for changing SCS security levels and how to
change the levels.

IMPORTANT
No password has been set after executing offline download and master database offline
download. Make sure to set passwords again.

TIP The access to SCS is controlled by SCS itself according to its security level. Operations on the SENG is not
be prohibited according to the SCS security level, however.

SEE
ALSO For more information about security level of SCS, refer to:
A2.3.2, “Security level of SCS” on page A2-15

n How to set and change passwords


The password that is used to change the SCS security level is stored within the SCS. This
password can be set or changed from the Set SCS Security Level dialog box.

IMPORTANT
No password has been set after executing offline download and master database offline
download. Make sure to set a password at this stage.

1. Select [Maintenance] from the [Tools] menu of SCS Manager.


The Maintenance Launcher menu appears.
2. Select [Set SCS Security Level] from the Maintenance Launcher menu.
The Set SCS Security Level dialog box appears.

Set SCS Security Level

Current Level: 2

New Level: 1

Password: ****************

OK Cancel Change Password...

Figure B3-1 Set SCS Security Level dialog box

3. Click the [Change Password] button.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B3. Security of SCS > B3-2
The Change SCS Security Level Password dialog box appears.

Change SCS Security Level Password

Level: 1

Old Password: ****************

New Password: ****************

Confirm New Password: ****************

OK Cancel

Figure B3-2 Change SCS Security Level Password dialog box

4. Select the security level for which you set a password in [Level:].
It is necessary to set one password for changing to Level 1 and one for Level 0, respec-
tively.
5. Enter the current password in the [Old Password:] field.
6. Enter a new password in the [New Password:] field, and once again in the [Confirm New
Password:] field.
The passwords you have entered appear as a series of asterisks (*).
A password is a maximum 16 of single-byte alphanumeric characters and following sym-
bols including a space character. The password is case-sensitive.
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ¥ ] ^ _ ` { | } ˜
You do not need to enter [Old Password:] if you have not set any password before, or if
you have just executed an offline download or a master database offline download.
7. Click the [OK] button.
The confirmation dialog box appears.

SCS Manager

The password will be changed. OK?


Domain : 01
Station : 24

OK Cancel

Figure B3-3 Confirmation dialog box

8. Click the [OK] button.


Both new and old passwords will be sent to SCS. If the password is successfully
changed, the dialog box notifying the success appears. The new password becomes val-
id. If the password change fails, a dialog box will be displayed to notify the failure.

n How to change SCS security levels


The SCS security level can be changed in the Set SCS Security Level dialog box of SCS
Manager.
The table below shows the combinations of levels for which security level changes are al-
lowed via operations on the Set SCS Security Level dialog box.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B3. Security of SCS > B3-3
Table B3-1 Security levels that can be changed through operations in the Set SCS Security Level dia-
log box
Current SCS security New SCS security level (*1)
level Level 2 Level 1 Level 0
Level 2 - Yes (*2) Yes (*2)
Level 1 Yes (*2) - Yes (*2)
Level 0 Yes(*3) No -
*1: Yes: The security level can be changed.
No: The security level cannot be changed.
*2: The security level can be changed to the target SCS security level.
*3: Security level changes can be made only in SCS simulator.

To change the security level, you need to enter the password. However, you don’t need to en-
ter a password when changing the security level from Level 1 to Level 2.
You cannot raise the security level from Level 0 to Level 2 from the Set SCS Security Level
dialog box. In SCS Simulator of SCS Test Functions, however, you can raise from Level 0 to
Level 2 on the Set SCS Security Level dialog box. This operation does not require a pass-
word.

CAUTION
To set the SCS security level back to Level 2 after changing to Level 0, you must restart the
SCS, execute offline download, or execute master database offline download. In particular, be
sure to execute offline download if you used break points in debugging of the application log-
ic.
These operations require stopping of the system. When you change the security level to Level
0, do so very carefully considering the consequences of the system stop.

The SCS security level can be changed in the following procedure.


1. In SCS Manager, open an SCS project whose security level you want to change.
2. Select [Maintenance] from the [Tools] menu of SCS Manager.
The Maintenance Launcher menu appears.
3. Select [Set SCS Security Level] from the Maintenance Launcher menu.
The Set SCS Security Level dialog box appears. The current security level is displayed in
[Current Level:]; this item is display only and cannot be changed.

Set SCS Security Level

Current Level: 2

New Level: 1

Password: ****************

OK Cancel Change Password...

Figure B3-4 Set SCS Security Level dialog box

4. Select the security level you want in [New Level:] and enter the password for the level
you want in [Password:] text box.
All characters you enter are displayed as asterisks (*).
5. Click the [OK] button.
The confirmation dialog box appears.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B3. Security of SCS > B3-4
SCS Manager

Is it OK to set to Level 1 ?
Domain : 01
Station : 24

OK Cancel

Figure B3-5 Confirmation dialog box (when changing to Level 1 or Level 2)

SCS Manager
Is it OK to set to Level 0 ?
WARNING: [Restart SCS] or [Offline Download] is mandatory
to switch back to Level 2 (normal operation) later.
This will turn all output channels OFF.
Domain : 01
Station : 24
OK Cancel

Figure B3-6 Confirmation dialog box (when changing to Level 0)

6. Click the [OK] button.


When changing the security level to Level 0, the following dialog box appears to confirm
the change again. When you set the level back to Level 2 from Level 0, the system stops.
Confirm that this does not cause any problems. To proceed with the change, click [OK].

Set SCS Security Level


[Restart SCS] or [Offline Download] is mandatory for user to
set to Level 2 from 0.
WARNING: This will turn all output channels OFF when switching
back to normal operation.
Is it really OK?
OK Cancel

Figure B3-7 Dialog box confirming change to Level 0

If the security level of SCS is changed, the message showing the result of change is dis-
played.
The error message is displayed if the security level could not be changed.

n Confirming the SCS security level reset by SCS Manager


If the security level of SCS project currently opened in SCS Manager is not Level 2, the confir-
mation dialog box prompting to reset the security level to Level 2 appears when closing it.

IMPORTANT
This dialog box is for confirmation only. Open the corresponding SCS project again and
change the security level using the Set SCS Security Level dialog box.

The confirmation dialog box appears in the following timings.


• When closing an SCS project by exiting SCS Manager

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B3. Security of SCS > B3-5
SCS Manager

Security level remains at Level1.

OK

Figure B3-8 Example of Confirmation dialog box (when closing by exiting SCS Manager)

Clicking the [OK] button to exit SCS Manager leaves the security level unchanged.
• When closing an SCS project by opening another SCS project

SCS Manager

Security level remains at Level1.


Close SCS project?

OK Cancel

Figure B3-9 Example of Confirmation dialog box (when closing by opening another SCS project)

Click the [OK] button to close the currently opened SCS project without changing its se-
curity level, and then open another SCS project.
Click the [Cancel] button to keep the currently opened SCS project opened, and another
SCS project will not open.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B4. NIU status and security> B4-1

B4. NIU status and security


The N-ESB bus module (S2EN501) that is installed in the node interface unit (NIU) is equip-
ped with a maintenance port.
For the security reason, you should disable the maintenance port when operating the system.
The status of the NIU is determined by the status of the NIU maintenance port and operating
mode of the NIU. This section describes the status of the NIU maintenance port, NIU operat-
ing mode, and shifting of the NIU status.

n Overview of the NIU status and tools


The status of the NIU is determined by the status of the NIU maintenance port and operating
mode.
• Status of the NIU Maintenance Port
The status of the NIU maintenance port can be either enabled or disabled. The status of
the maintenance port can be switched between enabled and disabled by using the NIU
maintenance port settings tool that is called from the SCS State Management window in
the SCS Maintenance Support Tool.
• Operation mode of the NIU
The NIU operation mode can be either online mode or maintenance mode. The operation
mode can be switched between online mode and maintenance mode by using the N-IO
maintenance tool in the computer that is connected to the maintenance port.
The N-IO maintenance tool can be used if the NIU maintenance port is enabled.

IMPORTANT
The Node number setting tool and FieldMate Validator are included in the N-IO maintenance
tool.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B4.1 Status of the NIU maintenance port> B4-2

B4.1 Status of the NIU maintenance port


You can run the NIU maintenance port settings tool and enable or disable access from an ex-
ternal device such as a computer connected to the maintenance port of the N-ESB bus mod-
ule.

n Disabled status
The disabled status of the maintenance port prohibits access from the maintenance port.
N-ESB bus /
Optical ESB bus

Maintenance NIU
port

Disabled status

F-SB bus : Route of access

Figure B4.1-1 Disabled status of the maintenance port

n Enabled status
The enabled status of the maintenance port allows access from the maintenance port.
N-ESB bus /
Optical ESB bus

Maintenance NIU
port

Enabled status
(Changing to maintenance mode
enables access to N-IO I/O modules.)
F-SB bus : Route of access

Figure B4.1-2 Enabled status of the maintenance port

SEE
ALSO For more information about how to enable/disable the maintenance port, refer to:
I4.5, “NIU maintenance port setting tool” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B4.2 Operation mode of the NIU > B4-3

B4.2 Operation mode of the NIU


The NIU operation mode can be either online mode or maintenance mode.

n Online mode
In online mode, you can access the N-IO I/O modules from the N-ESB bus or the optical ESB
bus.
You cannot access the N-IO I/O modules from the maintenance port.
N-ESB bus /
Optical ESB bus

Maintenance NIU
port

Online mode

F-SB bus : Route of access

Figure B4.2-1 Online mode

n Maintenance mode
In maintenance mode, you can access the N-IO I/O modules from the maintenance port.
You cannot access the N-IO I/O modules from the N-ESB bus or the optical ESB bus.
N-ESB bus /
Optical ESB bus

Maintenance NIU
port

Maintenance mode

F-SB bus : Route of access

Figure B4.2-2 Maintenance mode

n Switching between operation modes


This section describes how to switch between the NIU operation modes.
• Switching from the online mode to the maintenance mode

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B4.2 Operation mode of the NIU > B4-4
When the maintenance port is enabled, perform the "maintenance instructions" operation
from the N-IO maintenance tool connected to the maintenance port to switch from the on-
line mode to the maintenance mode.
• Switching from the maintenance mode to the online mode.
Perform on of the following to switching from the maintenance mode to the online mode.
• Perform the "release maintenance instructions" operation from the N-IO maintenance
tool connected to the maintenance port.
• Disconnect the USB cable that is connected to the maintenance port
• Turn off the power of the NIU, then turn it on

IMPORTANT
When the node number setting tool is used as a N-IO maintenance tool, the unit will switch to
the maintenance mode when a node address is configured. After the node address is config-
ured, the unit will switch to the online mode.

TIP • Switching the maintenance mode of the dual-redundant N-ESB bus modules
Because the N-ESB bus modules are dual-redundant, when you change the operation mode on one
side, the operation mode of the other side will switch accordingly.

SEE
ALSO For more information about Node number Setting tool, refer to:
F2.1.1, “Using the Node Number Setting Tool” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about FieldMate Validator, refer to:
manual of FieldMate Validator

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B4.3 Shifting the Status of the NIU > B4-5

B4.3 Shifting the Status of the NIU


The following figure shows the status and the operation mode of the NIU maintenance port,
and the status shift with regards to external access.
Access to N-IO from the N-ESB Access to N-IO from the
Bus or the optical ESB Bus Maintenance Port
Power OFF / ON

Online / The access to NIU


Disabled cannot be accepted

Switching to the enabled status


by issuing the switching command By performing one of the following procedures.
from the NIU maintenance port • Switching to the disabled status by issuing
The access to N-IO via setting tool under the security the switching command from the NIU
NIU can be accepted level to 1 or less. maintenance port setting tool.
Power OFF / ON • The security level is returned to 2

Online /
Enabled
(Setting at the time of the
shipment of NIU)
By performing one of the following procedures.
• Issue the switching command from the
Switching to the maintenance mode N-IO maintenance tool connecting to the
by issuing the switching command maintenance port. The access to NIU
from the N-IO maintenance tool • Remove the USB cable connecting to can be accepted
the maintenance port.
• Set the power supply of NIU to ON from OFF.

The access to
The access to N-IO via Maintenance /
N-IO via NIU
NIU cannot be accepted Enabled can be accepted

Mode / Mode : Operation Mode of NIU


Port Status Port Status : The Status of the Maintenance Port

Figure B4.3-1 NIU status shift

The following table shows the factory settings of the N-ESB bus modules (S2EN501) that are
installed in the NIU.

Table B4.3-1 NIU factory settings


Target Setting Status
Operation mode Online mode The CPU module accesses the N-IO modules
from the N-ESB bus and optical ESB bus through
the NIU.
Status of the maintenance Enable You can access the NIU from the N-IO mainte-
port nance tool.
Node number Not set The NIU is not operating correctly. You need to
set the node number before connecting to the
SCU.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B4.4 Checking the status of the maintenance port of the NIU> B4-6

B4.4 Checking the status of the maintenance


port of the NIU
The status of the NIU maintenance port can be checked through the following tools and func-
tions.

n Status display
The status of the NIU maintenance ports can be checked by using the following tools:
• SCS Status Overview window of SENG
• SCS Status Display view of HIS
• SCS Node Status Display dialog box of HIS

n Message
The SCS generates the following messages for the status and status change of the NIU main-
tenance port, and the status change of the NIU operation mode:
• A diagnostic information message that notices the status of the NIU maintenance port
• A safety control station status change message that notices the status change of the NIU
maintenance port
• A safety control station status change message that notices the status change of the NIU
operation mode

n IOM report
The status of the NIU and NIU maintenance port is displayed in the IOM report.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B5. Security of SCS Maintenance Support tool > B5-1

B5. Security of SCS Maintenance


Support tool
SCS Maintenance Support Tool has a security by setting a password to be entered when
starting related windows. A password is set for each SENG.
This section describes how to set passwords for the SCS Maintenance Support Tool.
The password described in this section is not applicable if the Access Control and Operation
History Management Package is used. Instead, the user enters the password that is set for
each user in the Access Control and Operation History Management Package when starting
the SCS Maintenance Support Tool.

SENG
SCS engineering functions
SCS Maintenance Support Tool
Security functions
SCS Manager
Verification

Windows Password Windows related to


setting Setup Password SCS Maintenance
[Start] menu information
function Support Tool
Verification

Windows are opened in the


read/write status or the read-only
status based on the password
verification result

Figure B5-1 Security functions of Maintenance Support tool

TIP No security is set in order to use SOE Viewer as it only displays information.

n Setting a password for the SCS Maintenance Support Tool


The SCS Maintenance Support Tool requires a password entry every time you start a window
to ensure the security of the SCS access. Password needs to be set for each SENG.
Each tool in the SCS Maintenance Support Tool can be operated for security by entering a
password at the start of each tool. When the password entry is cancelled, the tools' opera-
tions are disabled for security and the window is in the read-only mode.
The following table shows whether tools can be operated or not when the password is en-
tered and when password entry is cancelled.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B5. Security of SCS Maintenance Support tool > B5-2
Table B5-1 Operation of SCS Maintenance Support tool
Operations provided se- Without inputting a
Tool Inputting a password
curity password
IOM Download Enabling operation Read Only
Output Enable Operation Enabling operation Read Only
SCS State Management
Window Output Module Start Op-
Enabling operation Read Only
eration
Setting Time Enabling operation Read Only
Confirmation and Dele-
Diagnostic Information
tion of Diagnostic infor- Enabling operation Read Only
Window
mation
Setting and change of
display font, color and
Setup Tool operating methods for Enabling operation Read Only
confirming or deleting
messages
Display of events of SCS
SOE Viewer Enabling operation Enabling operation
and generation of report
Setting of message col-
lection, initialization of
Message Cache Tool TRIP information in SCS Enabling operation Read Only
and storage and deletion
of cache data.

n How to set and change a password for SCS Maintenance Support


tool
The Change Maintenance Support Password dialog box is used to specify or change the
password that the user must enter when starting the SCS Maintenance Support Tool.
To use SCS Maintenance Support Tool, make sure to set the password first.
TIP No password is set automatically after installing SENG. Make sure to set a password at this stage.

1. Open the window related to SCS Maintenance Support Tool from SCS Manager or [Start]
menu of Windows.
When the window requiring a password is opened, the Input Maintenance Support Pass-
word dialog box appears.
Input Maintenance Support Password

Password: ********

OK Cancel Change Password…

Figure B5-2 Input Maintenance Support Password dialog box

2. Click the [Change Password] button.


The Change Maintenance Support Password dialog box appears.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B5. Security of SCS Maintenance Support tool > B5-3
Change Maintenance Support Password

Old Password: ********

New Password: ********

Confirm New Password: ********

OK Cancel

Figure B5-3 Change Maintenance Support Password dialog box

3. Enter the current password in the [Old Password:] field. Enter a new password in the
[New Password:] field, and once again in the [Confirm New Password:] field.
The passwords you have entered appear as a series of asterisks (*).
4. Click [OK].
The password is set.

l Specification for passwords


• A password is a maximum 16 of single-byte alphanumeric characters and following sym-
bols including a space character. The password is case-sensitive.
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ¥ ] ^ _ ` { | } ~
• Set a password for each SENG-installed PC.
• There is no password when SENG is installed for the first time.
• Set a password when starting the SCS Maintenance Support Tool for the first time.

n How to enter SCS Maintenance Support tool password


To start SCS Maintenance Support Tool, the correct password must be entered.
Once you enter the correct password, you are allowed to perform writing and customization
operations using SCS Maintenance Support Tool.

IMPORTANT
If you fail to enter the correct password, SCS Maintenance Support Tool is started in the read-
only status.

1. Open the window related to SCS Maintenance Support Tool from SCS Manager or [Start]
menu of Windows.
When the window requiring a password is opened, the Input Maintenance Support Pass-
word dialog box appears.
If the current window is called from another window of SCS Maintenance Support Tool,
the Input Maintenance Support Password dialog box does not appear, because the se-
curity is inherited.

Input Maintenance Support Password

Password: ********

OK Cancel Change Password…

Figure B5-4 Input Maintenance Support Password dialog box

2. Enter a password in [Password:] text box.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B5. Security of SCS Maintenance Support tool > B5-4
All characters you enter are displayed as asterisks (*).
3. Click the [OK] button.
If you enter the correct password, the window is opened in the read/write status.
Click the [Cancel] button to start the window related to SCS Maintenance Support Tool in
the read-only status.
Click the [Change Password] button to display the Change Maintenance Support Pass-
word dialog box.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<B6. Access control and history management> B6-1

B6. Access control and history


management
When using the Access Control and Operation History Management Package, the functions
that can be used by a user are restricted based on the access rights for that user.
SEE
ALSO For more information about Access control and operation history management package, refer to:
E., “Access Control/Operation History Management functions” in Engineer's Reference Manual (IM
32P04B10-01EN)

n User management
The package has a function that enables management of the users who work with SCS Man-
ager and the SCS Maintenance Support Tool. In AD Suite, you can set access rights to the
targets of operation for each user role. The user management function is used to register and
delete engineers and manage the passwords of engineers. It also keeps records of the opera-
tions that were performed by each user.

n Access control
The access control function enables you to check engineers who operate the SENG, restrict
login or operations on the SENG, and control authorization of engineering operations.
In AD Suite, you can define access rights to files and folders on the AD Server and various
functions for all users who perform engineering and maintenance of ProSafe-RS.

n Operation history management


This function enables to keep a log of the operations performed by an engineer on the SENG
and save the changed project information when a download to an SCS is performed.
In AD Suite, operation history management is available for the following editors and features:
• Safety I/O Editor, Safety Communication I/O Editor, and IOM Definition Editor of AD Or-
ganizer
• SCS Manager, builders, and tools including the SCS Maintenance Support Tool
• RS Generation Manager
The change history on all builders and editors is saved on the AD Server and can be viewed
in the history window of AD Organizer.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-1

Appendix 1. Glossary
The following terminologies are used in the User’s Manual of this product.

Table Appendix 1-1 Terminologies used in User’s Manual


Terminology Meaning
Access control A functionality to restrict user operations in each
SENG. A SENG terminal where access control is ap-
plied requires an engineer name and password entry
to perform particular operations. When an engineer
tries to make an engineering operation, the engineer
can not execute the desired action unless the engi-
neer has the permission to perform the operation.
Access Control and Operation History Management
Package is required.
ADL Inter-station data link block of CENTUM FCS
AIO module Generic term for analog input/output modules. Uni-
versal type I/O modules with defined AI and AO are
included.
AIO/DIO module Generic term for analog input/output modules and
discrete input/output modules. Universal type I/O
modules with defined AI, AO, DI, and DO are inclu-
ded. Communication modules are not included.
Alarm class Alarm information added to diagnostic information
messages. On SENG, diagnostic information mes-
sages are displayed in different colors with different
alarm marks according to the alarm class.
• Class 1 (serious alarm)
• Class 2 (moderate alarm)
• Class 3 (minor alarm)
• Class 4 (notification alarm)
Alarm priority Process alarm information that is needed when
ProSafe-RS is integrated with CENTUM. Alarm prior-
ities are in five levels: high-priority alarm, medium-
priority alarm, low-priority alarm, logging alarm, and
reference alarm.
Alarm Priority Builder The builder used to define process alarm priority lev-
els when ProSafe-RS is integrated with CENTUM.
For each alarm priority level, you can define the out-
put style and alarm action on occurrence/recovery of
process alarms generated in SCS.
Alarm processing table The table that defines the process alarms' display
color and alarm priority corresponding to the alarm
status on CENTUM HIS. On ProSafe-RS, you can
import the alarm processing table defined on
CENTUM to use it for reference.
Alarm Processing Table Builder The builder used to import the Alarm Processing Ta-
ble defined on CENTUM into SCS project.
All output shutdown To shut down all the output modules when the CPU
stops due to a fatal error. During all output shutdown,
the fail-safe values are output.
All Program Copy (APC) In dual-redundant CPU modules, to copy the memo-
ry contents of the control-side module to the stand-
by-side module.
Analog Input/Output modules with HART function An analog input/output module that supports HART
communication
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-2
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Application logic execution function The function that monitors the safety condition of the
plant and performs pre-determined safety operations
on detecting any hazards. Specifically, it denotes the
following features and is used as the generic term for
these features:
• Input processing of the process data from the field
• Execution of user-defined application logic
• Outputting process data to the field
• Communication data I/O (Subsystem communica-
tion, Safety Subsytem communication)
• Inter-SCS safety Communication
• SCS Link Transmission
• Self-diagnosis
Application run time The proportion of the time in a scan period of the
SCS during which the CPU is working for the appli-
cation execution functions. (Represented in percent-
age.)
Automatic IOM download For dual-redundant AIO/DIO modules of a running
SCS, if only the standby-side AIO/DIO module is re-
placed for maintenance, the configuration informa-
tion is automatically downloaded from the control-
side module to the standby-side module after re-
placement. This function is called automatic IOM
download.
Behavior at abnormal calculation The setting item of an SCS that specifies whether
the SCS is stopped when an abnormal calculation,
such as an overflow in floating-point data calculation,
has occurred due to a defect in the application logic.
It also refers to the behavior of the SCS specified
with this setting.
Binding List View The view on SCS Manager that is used to associate
the variables for inter-SCS safety communication be-
tween producer SCS and consumer SCS. See Work-
bench User's Guide for more information.
Binding variable Variables that link variables of producer SCS and
variables of consumer SCS performing inter-SCS
safety communication. The producer variables of a
producer SCS need to be grouped for each consum-
er SCS that receives them. The consumer variables
of a consumer SCS also need to be grouped for
each producer SCS that sends them. These groups
are called "binding groups."
Build The operation that is run on SCS Manager to gener-
ate the database to be downloaded to a target SCS.
Burnout One of input module action specifications when
Thermocouple or Resistance Temperature Detector
input has an open circuit. Selectable options at open
circuit are to clamp the input to an upper or a lower
limit or to disable burnout actions. Clamping to an
upper limit is called burnout upscale and clamping to
a lower limit is called burnout downscale.
CENTUM In the user's manuals of ProSafe-RS, the generic
term that refers to CENTUM VP and CENTUM CS
3000.
CENTUM project folder The folder storing the data of the CENTUM project to
be connected to SCS projects. When the system is
integrated with CENTUM, you need to specify this
folder in the SCS Project Properties dialog box.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-3
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Clean Project The command on SCS Manager that deletes the files
created in the previous run of the build command. Af-
ter Clean Project is run, only offline downloading is
possible.
Communication I/O Lock Window This SENG window is used to lock/unlock I/O data
for subsystem communication and safety subsystem
communication. You can set values to the I/O data
locked through this window. This window is used on
SENG for maintenance and testing purposes.
Communication module A module used to implement communications with
systems (such as PLCs) from other companies. It is
treated as one of the input/output modules.
Consumer SCS SCS which receives data in inter-SCS safety com-
munication.
Control bus driver A driver software on a PC necessary to perform con-
trol bus communications via V net or Vnet/IP net-
work.
Control bus interface card An interface card installed to a PC to allow it con-
necting to V net.
CPU module The main module that works to implement the control
performed by SCS.
Cross Reference Analyzer One of the Safety Analyzers. A Safety Analyzer
which shows the following information in the screen
or in an analysis report.
• Differences between the previously downloaded
application (which is currently running on the
SCS) and the application that is to be downloaded
• The scope that will be affected by downloading
the new application
This tool enables you to narrow the scope of re-test-
ing when the application logic has been modified.
Cycle Time Another name for the scan period of application logic
execution functions. It is defined by setting the [Cycle
Timing] in the Resource Properties dialog box of
SCS Manager.
Database Validity Check Tool The tool that checks the mutual validity of the work
database, the master database and the SCS data-
base within an SCS. In addition, database can be re-
paired.
Debug mode A mode of SCS Manager that is used in target tests.
See Workbench User's Guide for more information.
Defined word Definition of a constant expression, TRUE/FALSE
Boolean expression, or keyword. Defined words are
replaced by their corresponding expressions during
compiling.
Diagnostic information message SCS sends diagnostic information messages for de-
tected faults and for the operation on the safety func-
tions to notify user of events. In a system integrated
with CENTUM, diagnostic information messages of
ProSafe-RS are sent to HIS and treated as system
alarms.
Dictionary View The view on SCS Manager used to set parameters
and define variables of POUs. See Workbench Us-
er's Guide for more information.
Digital input/output module The name of the modules that handle discrete in-
puts/outputs.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-4
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
DIO module General term for discrete input/output (digital input/
output) modules. Universal type I/O modules with de-
fined DI and DO are included.
Discrete input Input of a discrete (ON/OFF) signal
Discrete output Output of a discrete (ON/OFF) signal
DO shutoff switch A switch that shuts off the output of all DO channels
when a critical failure that can prevent normal output
with the DO channel of the universal type I/O module
has occurred. This switch can be activated automati-
cally by setting the parameter for the DO channel.
ENG A computer installed with engineering function pack-
ages for system generation and maintenance of
CENTUM.
Engineers' account builder The builder used to register engineers that are man-
aged by the access control/operation history man-
agement function. It is also used to define access
rights of engineers. All the settings made on this
builder are saved in the Engineers' account file.
Error level The level of errors occurred in SCS. Errors are clas-
sified in three levels: fatal error, major error, and mi-
nor error. With a fatal error, the SCS cannot continue
operation. With a major error, the SCS can continue
operation but some of the safety functions are disa-
bled. Minor errors do not affect safety functions of
the SCS. The users are notified of the error level by
diagnostic information message.
ESB bus (Extended serial backboard bus) The bus for connecting the CPU node and I/O nodes
of SCS. ESB bus coupler modules are installed in
the CPU node while ESB bus interface modules are
installed in I/O nodes. These modules are connected
using ESB bus cables.
Ethernet communication module The name of a module that supports Modbus TCP
communication protocol. SCS uses this module to
perform Modbus slave communication.
Event log file The file containing SOE (Sequence Of Event) events
which is stored in SCS. You can save this file to
SENG.
Expanded test function The function to perform SCS simulation tests using
SCS simulators on multiple computers and running
them in coordination. This function is available with
the use of the Expanded Test package of CENTUM.
Extend scan period automatically The function that automatically extends the scan pe-
riod of application logic execution functions when the
load of SCS becomes heavy.
External communication function The function of SCS for exchanging data with exter-
nal systems. It is designed so as not to affect the ap-
plication logic execution functions and comprises the
following features:
• CENTUM Integration Function
• SOER Function
• Modbus Slave Communication Function
• Diagnostic information collection
• PRM-supported HART on-demand communica-
tion
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-5
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
External communication function block Function blocks used as the interface for data setting
to SCS from Modbus master in Modbus slave con-
nection or data setting to SCS from a CENTUM sta-
tion when ProSafe-RS is integrated with CENTUM.
External communication function blocks are interfer-
ence-free.
FAST/TOOLS: SCADA system developed by Yokogawa
FCS simulator A simulator program offered for CENTUM systems. It
simulates the behavior of FCS on a computer.
Field Control Station (FCS) A component of CENTUM system which performs
process control in plants.
Field network It denotes the network between ProSafe-RS and
YFGW410.
Field wireless backbone network A backbone network stipulated in ISA100.11a. It de-
notes the network between YFGW410 and
YFGW510.
Field wireless network A field wireless network for industries based on
ISA100.11a. It denotes the network between
YFGW510 and GS01.
Field wireless system It denotes the wireless system consisting of
YFGW410, YFGW510, GS01, field network, field
wireless backbone network and field wireless net-
work.
Fire and gas communication This function is used for safe communication with
GS01 wireless gas detector through management
stations for YFGW410 field wireless network and ac-
cess points for YFGW510 field wireless network, af-
ter implementing S2LP131 fire and gas communica-
tion module in SCS.
Forcing The function to lock and change the values of inputs/
outputs or variables of SCS. It is used on SENG for
maintenance of SCS or debugging of application log-
ic. This function is available while the security level of
the target SCS is set to 1 or 0.
Forced I/O Viewer function The function that displays a list of information such
as variables locked in the SENG lock window.
Function Block Diagram (FBD) A language defined in IEC 61131-3.
Function Block (FB) POU defined in IEC 61131-3. Constituents incorpora-
ted in FBD/LD/ST.
Function (FU) POU defined in IEC 61131-3. Constituents incorpora-
ted in FBD/LD/ST.
Generation time The time at which build was run for an SCS project to
generate SCS database. In the SCS State Manage-
ment window or a system report, a generation date is
shown for each type of database: POU DB, Variable
DB, System DB, and Integration DB.
Global switch An element of CENTUM FCS which can be set to the
same logical value in all the FCSs within a domain.
By using the SCS global switch communication fea-
ture of SCS link transmission, values of some global
switches can be sent or received between CENTUM
stations (FCS, APCS, or GSGW) and SCS.
Global variable A variable which can be accessed by any POU.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-6
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Grouping override function block A special type of override function block. Grouping
override function blocks belonging to the same group
can be controlled so that no more than one function
block within the group is overriding at the same time.
Hardware Architecture View A view on SCS Manager that graphically displays the
SCS and the network. See Workbench User's Guide
for more information.
High current output function A functionality that can use several DO channels to-
gether to put high current in analog digital I/O mod-
ule
Human Interface Station (HIS) A component of CENTUM system. It is a computer
installed with a set of operator interface package
software that enable operation and monitoring. Moni-
toring of SCS is also possible from HIS.
iDefine-config file An XML format file that is created by exporting the
ProSafe-RS engineering data edited with iDefine. It
contains information on POUs, internal variables, FB
instances, parameters, and tag names. The informa-
tion in this file can be reflected in the SCS project af-
ter imported to AD Organizer.
iDefine Test Manager A feature for using the test functions of ProSafe-RS
from iDefine. By running iDefine Test Manager, you
can test the application logic created with iDefine us-
ing the test functions of ProSafe-RS from iDefine.
You can perform the logic simulation test, SCS simu-
lation test, and target test of ProSafe-RS.
I/O Lock Window The window used to lock/unlock the input/output
channels of the AIO/DIO modules in SCS. You can
set values to the input/output variables connected to
the channels that have been locked through this win-
dow. This window is used on SENG for maintenance
and testing purposes.
I/O Parameter Builder The builder used to make settings of the parameters
(I/O parameters) for nodes, input/output modules,
and channels of SCS that specify the behavior of
them.
I/O shutoff switch A switch that shuts off the I/O of AI (2-wire), AO, and
DI when a critical failure that can prevent normal out-
put with the AO channel of the universal type I/O
module has occurred. When the I/O shutoff switch is
activated, the DO shutoff switch is activated at the
same time. This switch can be activated automatical-
ly by setting the parameter for the AO channel.
I/O Wiring View The view on SCS Manager used to create or delete
input/output modules in SCS, set node addresses,
define wiring between channels and variables. See
Workbench User's Guide for more information.
Input module General term for the analog input module, the digital
input module, and the universal type I/O module to
which input channels are defined.
Input valuable Variables connected to the channels of an input mod-
ule, which are used in POUs.
Input value at error occurrence A predefined value that is output when a value from
an input module becomes abnormal.
Input/Output module Generic term for AIO/DIO modules and communica-
tion modules.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-7
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Integration with CENTUM ProSafe-RS can be used by integrating with
CENTUM VP or CENTUM CS 3000. In the User's
Manuals of ProSafe-RS, the integration with
CENTUM VP or CENTUM CS 3000 is referred to as
"Integration with CENTUM."
Integrity Analyzer One of the Safety Analyzers. The tool used to ana-
lyze the safety of the created application logic. The
users are required to use this tool to detect the use
of FB/FU that are unacceptable as safety functions.
The results of analysis can be shown on the screen
or output in the analysis report.
Interference-free Does not interfere safety application.
Internal variable Variables not connected to an input/output module,
which are available for use in POUs.
Inter-SCS Communication Lock Window The window used to lock/unlock the input/output data
for inter-SCS safety communication on an SCS by
SCS basis. You can set values in the inter-SCS safe-
ty communication FB of the SCS locked through this
window. This window is used on SENG for mainte-
nance and testing purposes.
Inter-SCS safety communication Safety communication used to implement safety
loops among multiple SCS. Safety communication by
SCS link transmission is not included in this commu-
nication. Safety loops are implemented by defining
the function blocks dedicated for inter-SCS safety
communication (producer FB and consumer FB) and
binding variables.
IOM Control Right Switching Tool The tool used for switching the control right of
AIO/DIO modules placed in redundant configuration.
Redundantly configured communication modules
cannot be switched with this tool.
IOM download Processing which downloads the input/output config-
uration information such as I/O parameters to input/
output modules. This processing may occur during
online change download after changing I/O parame-
ters of input/output modules using I/O Parameter
Builder.
IOM download tool A tool that is needed when input/output modules
have been replaced due to a malfunction, etc. It is
run from the SCS State Management window and
downloads the input/output configuration information
stored in the master database of the SCS project to
the input/output modules.
IOM Report A dialog box which shows the status and error-rela-
ted diagnostic information about an individual input/
output module. IOM Report is called up from the
SCS Maintenance Support Tool.
IOM Reset Function A function that allows you to restore an I/O module
from SENG. Only in the cases when an I/O module
stops because of failures on the field side, you can
restore the module by manually executing IOM
download from SENG.
Ladder Diagram (LD) A language defined in IEC 61131-3.
Legacy model A model of information security settings set on
SENG. This model should be used when the stand-
ard model of security settings is too tight or when
compatibility with other system is required.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-8
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Library project A project database that can be used as a library in-
dependent of specific SCS. The functions and func-
tion blocks that are used in multiple SCSs can be
created as library projects and be copied to each
SCS project.
Link Architecture View A view on SCS Manager which graphically shows
the resources of SCS project and data links among
the resources. On this view, you can define POUs,
add variable groups, etc. See Workbench User's
Guide for more information.
Local variable Variables that can be used in only one POU.
Logic simulation test Tests performed by running a logic simulator from
SCS Manager. The logic simulator is a program that
simulates the behavior of POUs on a computer.
Logical data For input variables, the data passed from an input
variable to the application logic. For output variables,
the data passed from the application logic to an out-
put variable. For internal variables, the data to be
output from that internal variable. Normally, the val-
ues of physical data and logical data match. Howev-
er, while a variable is under forcing, the connection
between its physical data and logical data is discon-
nected, and therefore they may not match.
Manual operation function block Function blocks used to output values to the applica-
tion logic by manual operation from CENTUM HIS
when the system is integrated with CENTUM. These
function blocks output either BOOL-type data or ana-
log-type data and can be used for valve operation.
Mapping element/Mapping block In a system integrated with CENTUM, a mapping el-
ement or mapping block is created if you assign a
tag name to an internal variable, input/output varia-
ble, or a specific type of function block of the applica-
tion logic using the Tag Name Builder. This scheme
enables access to the data in SCS from CENTUM by
specifying a tag name.
Master database The database stored in SENG and is running on a
target SCS. It consists of source files containing defi-
nitions for the SCS and the SCS database generated
by running a build of the source files.
Master database offline download The function to download, to the CPU modules of an
SCS, the SCS database saved on SENG as the
master database, which was previously downloaded
to the SCS for actual run. You need to run this down-
load when you replace both CPU modules in the
SCS. You do not need to run this download when
you replace one of the dual-redundant CPU mod-
ules.
Master Database Restoring function This tool restores the SCS project being edited to the
state it was last downloaded to the target SCS. It is
used to discard the changes made to the work data-
base so far and revert it to the master database as
the new work database for engineering. This tool is
helpful when you have accidentally changed any set-
tings that require offline download.
Modbus Address Builder The builder that is used to define Modbus device ad-
dresses for Modbus slave connection.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-9
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Modbus slave connection Connection for communications where SCS acts as
a Modbus slave and the data in the SCS are read or
set by the Modbus master (external device) via Mod-
bus protocol. This communication is called Modbus
slave communication.
Modification files viewer A viewer to view modification files saved in an opera-
tion history database.
Multi-Language Editor The editor used to create and edit application logic
for SCS. With the Multi-Language Editor, application
logic can be created using the following three lan-
guages, which are defined in IEC 61131-3.
• Function block diagram (FBD)
• Ladder diagram (LD)
• Structured Text (ST)
See Workbench User's Guide for more information.
Narrowband system FAST/TOOLS integrated environment that sets the
network mode of Vnet/IP-Upstream as narrowband
mode.
Network mode The operating mode of Vnet/IP-Upstream. A mode
that supports the network characteristic can be se-
lected from the following modes by using the Domain
Property Setting Tool.
• Standard mode
• Wide-area mode
• Narrowband mode
N-IO node It is an SCSP3 component that consists of the N-IO
I/O unit for inserting N-IO and the node interface unit.
Offline download The function to download the system program of
SCS and the database generated using the engi-
neering functions of SENG to a target SCS while the
CPU of the SCS is stopped. The SCS is restarted af-
ter the offline download is completed.
Online change download The function to download only the changes made to
the application to a target SCS while the CPU of the
SCS is running. Online change download is not pos-
sible depending on which items of the application
have been changed.
Online monitoring function The function to monitor the application logic running
on SCS. You can monitor the values of variables and
function blocks of a running program and the status
of whether conditions are met or not. The online
monitoring function is available through the following
windows: FBD window, LD window, and ST window
of Multi-Language Editor, Dictionary View, and SPY
List Window.
Operating mode Operating mode of SCS. There are five operating
modes: Stop mode, Loading mode, Initial mode,
Waiting mode, and Running mode. SCS normally
runs in the Running mode.
Operation history database viewer A viewer to view operation log saved in an operation
history database.
Operation history management Functionality to record operations performed by each
SENG user into the operation log. When download-
ing to SCS, the information of the modified project
data (modification file) is saved. These operation log
or change information are saved into the operation
history database. CHS5170 Access Control and Op-
eration History Management Package is required.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-10
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Operation history management setup tool A tool to setup access control and operation history
management functionality.
Operation mark A frame-shaped mark attached to a faceplate dis-
played on CENTUM HIS.It is used to make certain
elements or function blocks easy to be distinguished.
You can save in SENG the operation marks set for
elements or function blocks of SCS and download
the saved operation marks to SCS.
Optical bus repeater The device used to extend the distance of V net by
using fiber-optic cable.
Optical ESB bus repeater module Generic term for the modules mounted in nodes in
SCS when nodes in the SCS are connected with fi-
ber-optic cables for the purpose of extending the dis-
tance of ESB bus. Optical ESB bus repeater master
modules can be mounted in CPU nodes or I/O no-
des, while Optical ESB bus repeater slave modules
can be mounted only in I/O nodes. A master module
and a slave module are connected on a one-to-one
basis using a fiber-optic cable.
Output disable status The status of output modules in SCS in which the
output values of the application logic are not output
from the modules. Channels of all the output mod-
ules are in this status immediately after the SCS is
started up. To enable outputs from the output mod-
ules in this status, it is necessary to perform the out-
put enable operation. The output disable/enable sta-
tus is controlled for each output channel.
Output enable operation The operation to connect outputs from the applica-
tion logic to the channels of output modules. You can
perform this operation from the I/O Channels Status
dialog box of SCS Maintenance Support Tool on
SENG. This operation places all the channels of all
the output modules on the SCS in the Output Enable
status, and output values of the application logic are
output from output channels. However, channels
generating errors remain in the Output Disable sta-
tus. Performing the output enable operation immedi-
ately after an SCS is started also initiates inter-SCS
safety communication, SCS Link Transmission, and
subsystem communication.
Output module General term for the analog output module, the digi-
tal output module, and the universal type I/O module
to which output channels are defined.
Output Shutoff Switch A switch that shuts off the output of a module when a
critical failure that can prevent normal output of sig-
nals has occurred with the analog output module and
the digital output module. This switch can be activa-
ted automatically by setting the parameter for the
output module.
Output value at fault The value that is output as the fail-safe value when
an output module detects an error.
Output variable Variables connected to the channels of an output
module, which are used in POUs.
Override The operation to forcibly fix the value of a variable of
SCS to a predefined value while the SCS is running
normally. In order to enable override operations from
CENTUM HIS, create application logic for performing
override operation by using override function blocks.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-11
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
%WB An element of subsystem communication I/O
%WW Communication I/O data area of subsystem commu-
nication
%XB An element of safety subsystem communication I/O
%XW Communication I/O data area of safety subsystem
communication
Partial Stroke Test (PST) Inspection of emergency shutdown valves, which do
not need to work in normal conditions. PST is per-
formed by slightly moving the valve to check if the
valve is not stuck at one position and that it can work
properly when required.
Physical data For input variables, the data read from an input mod-
ule. For output variables, the data to be set into an
output module. For internal variables, the data input
to the variable. Normally, the values of physical data
and logical data match. However, while a variable is
under forcing, the connection between its physical
data and logical data is disconnected, and therefore
they may not match.
Plant Resource Manager (PRM) A software product of Yokogawa that is used to man-
age field devices and other equipment used in a
plant online.
Primary channel A channel that can set high current output function
for several DO together in analog digital I/O module.
A channel with the smallest number among several
DO used together
Process data In ProSafe-RS, process data means analog input/
output data and discrete input/output data.
Producer SCS SCS which sends data in inter-SCS safety communi-
cation.
Program Organization Unit (POU) Generic term for program, function block, and func-
tion that are defined in IEC 61131-3.
Project Attribute Tool The tool that shows the attributes of SCS projects. It
is mainly used when using test functions.
Project comparing tool A tool to detect differences between two SCS proj-
ects, display and print them. This tool is able to com-
pare work database and the master database of any
SCS project.
ProSafe authentication mode A user authentication mode to provide separate user
management for ProSafe-RS users apart from Win-
dows users when using access control and operation
history management functionality.
ProSafe-RS I/O file An xslx format file that contains the safety I/O list,
safety communication I/O list and I/O module infor-
mation, which is stored in the ADMDB. You can cre-
ate this file for each SCS project. You import it to
iDefine.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-12
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
RAS function RAS means Reliability, Availability, and Serviceabili-
ty. This is an important standard when evaluating the
system performance. Reliability indicates robustness
against error occurrence, availability indicates short-
ness of downtime and serviceability indicates ease of
repair at failure. The RAS function diagnoses wheth-
er hardware and software of SCS are running nor-
mally and handles maintenance of them if any errors
are detected. It is one of the most essential SCS
functions which shuts down the system, changes the
status of SCS, and takes other actions according to
the situation.
Resource A set of application logic that is defined for a single
SCS.
RS Project A group of SCS projects that is defined in order to
manage engineering data of multiple SCS projects
together. The status of SCSs belonging to the same
RS project can be monitored collectively by using the
SCS Maintenance Support Tools.
Safety application Application which monitors the safety status of the
plant and, if any abnormality is detected, performs
the safety action that is programmed for the abnor-
mality.
Safety Control Station (SCS) A station which performs safety control in ProSafe-
RS systems. SCS consists of a CPU node and I/O
nodes.
Safety Control Unit The name of the hardware of a component of SCS
on which CPU modules are mounted. Abbreviated as
SCU. Also referred to as the CPU node.
Safety Node Unit The name of the hardware of a component of SCS
on which modules for the FIO other than the CPU
modules are mounted. Abbreviated as SNU. Also re-
ferred to as the I/O node.
Safety subsystem communication This function is used for safe communication be-
tween SCS of ProSafe-RS and its subsystems, with
the SCS acting as the master.
Scan period of the application logic execution func- Of the two types of scan periods of SCS, the scan
tion period at which the application logic execution func-
tions are executed. It is defined by setting the [Cycle
Timing] in the Resource Properties dialog box of
SCS Manager.
Scan period of the external communication function Of the two types of scan periods of SCS, the scan
period at which the external communication functions
are executed. This scan period is defined by setting
[Scan Period for External System] on the SCS Con-
stants Builder.
SCS Constants Builder The builder used to set the constants and the mode
of time synchronization of an SCS.
SCS database Database in a format executable on SCS, which
stores the results of engineering works done on
SENG. SCS database consists of POU DB, Variable
DB, System DB, and Integration DB.
SCS global switch communication An interference-free type of SCS link transmission
that is used to communicate with CENTUM FCS.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-13
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
SCS Information dialog The dialog box which shows the numbers of the
POUs and variables used in the SCS project or the
size of the area for storing them. It is a dialog box of
the SCS Maintenance Support Tool.
SCS link transmission The function of SCS that a local SCS broadcasts its
data periodically to other stations within the domain.
By using this function, a local SCS can also receive
the data broadcasted by other stations and the re-
ceived data can be referenced by the application log-
ic. SCS link transmission is available in two modes:
SCS link transmission safety communication and
SCS global switch communication.
SCS Link Transmission Builder The builder used to define SCS link transmission
safety communication and SCS global switch com-
munication.
SCS Link Transmission Lock Window The window used to lock/unlock the data for SCS
link transmission on an SCS by SCS basis. You can
set values to the SCS link transmission communica-
tion data of the SCS locked through this window.
This window is used on SENG for maintenance and
testing purposes.
SCS link transmission safety communication A type of SCS link transmission that can implement
safety loops.
SCS Maintenance Support Tool A set of tools to facilitate maintenance of SCS.
These tools are for supporting maintenance tasks
and analysis to find out the cause of errors, not pro-
vided for the monitoring of SCS by the operator.
SCS Manager The main window used to define SCS projects. It is
also called "Workbench."
SCS Project A project database corresponding to a single SCS. In
ProSafe-RS, engineering data are managed for each
SCS project. Within an SCS project, the database
consists of master database and work database,
which are managed separately.
SCS project attribute Attributes given to SCS projects for the testing of
SCS. You can specify one of three attributes: default
project, current project, and user-defined project.
The project attribute determines whether the project
can be downloaded to a target SCS, whether the
project can be tested by SCS simulation, etc.
SCS Project Properties This is the title of the dialog box on SCS Manager
that is used to define SCS properties such as the
model name, domain number, and station number.
When the system is integrated with CENTUM, the lo-
cation of CENTUM project folder is also defined in
this dialog box. See Workbench User's Guide for
more information.
SCS security level The numeric value which shows the degree of how
the data in the SCS is protected against data setting
access from external devices or by personnel. The
security levels are 0, 1, or 2, and SCS usually runs at
level 2, which is the highest level. Level 0 is called
the offline level, and levels 1 and 2 are called the on-
line level.
SCS simulation test Testing with SCS Simulators. SCS simulator is a pro-
gram to simulate SCS actions on a computer.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-14
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
SCS taglist generation The function to generate an SCS taglist, which is re-
quired for monitoring SCS from CENTUM HIS. SCS
taglist generation is run by selecting the [SCS Taglist
Import] command on System View of CENTUM. SCS
taglist is a database that is defined based on the tag
names assigned to function blocks and other ele-
ments of SCS.
SCS Test Function Window A window which manages starting and quitting of
SCS simulator. You can start this window from SCS
Manager or System View of CENTUM.
SCSP1-S (SCSP1) SCS which uses SSC50S/SSC50D as the CPU
node.
SCSP2-S (SCSP2) SCS which uses SSC60S/SSC60D as the CPU
node.
SCSP3-S (SCSP3) SCS that uses S2SC70S/S2SC70D as the CPU
node.
SCSV1-S (SCSV1) SCS which uses SSC10S/SSC10D as the CPU
node.
SCSU1-S (SCSU1) SCS which uses SSC57S/SSC57D as the CPU
node.
Self document A function of SENG which prints out the definitions of
SCS projects in certain formats.
Self-diagnosis The schema of SCS for detecting abnormality in
hardware and software by itself. It is run periodically
and if any abnormality is detected, a diagnostic infor-
mation message and status information are gener-
ated. The diagnostic information messages are sent
to SENG and CENTUM HIS. The status information
can be referenced by the application logic.
SENG A computer installed with the SCS engineering func-
tions, test functions, and maintenance functions. On
SENG, you can perform engineering works, such as
creation, downloading, and testing of the application
logic, and maintenance of SCS.
Sequence of Event Recorder (SOER) A function that records events detected by SCS so
that the user can analyze them. The collected and
saved event information can be shown on the SOE
viewer of SENG or CENTUM HIS.
Serial communication module The name of a module that supports Modbus com-
munication protocol (RTU mode). SCS uses this
module to perform subsystem communication or
Modbus slave communication.
Stand-alone ProSafe-RS system The ProSafe-RS system that is not integrated with
the CENTUM system nor FAST/TOOLS system. The
following cases apply to this system:
• Stand-alone SCS configuration
• When temporarily separated from the CENTUM
system or FAST/TOOLS system during engineer-
ing (including when the CENTUM system or
FAST/TOOLS system is finally integrated)
• Including when connected to PRM or STARDOM
Stand-alone SCS configuration A system configuration where an SCS which is con-
nectable to Vnet/IP network runs alone without being
connected on Vnet/IP network.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-15
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Standard model A model of IT security settings set on SENG. The
standard model is categorized into two types accord-
ing to the management of computers on the Win-
dows network: Windows domain type and stand-
alone type.
Start output module operation The operation to recover the outputs of a module
that were shut off by the activation of the output shut-
off switch. This operation is performed using the SCS
maintenance support tool. After recovery, all the
channels of the output module are in the output disa-
ble status, so the output enable operation is required
to deliver outputs.
Signal category Classification of AI/AO/DI/DO
Structured Text (ST) A language defined in IEC 61131-3.
Subsystem communication Communications performed between SCS and a
subsystem. In this communication, SCS acts as the
communication master and reads/writes data from/to
the subsystem. Modbus protocol is supported in sub-
system communication.
Subsystem communication module Another name of serial communication module. This
name is used when the serial communication module
is used for subsystem communication.
System function block Function blocks which indicate the status of SCS.
System function blocks have a name beginning with
"SYS_."
System View The main window of the system generating functions
of CENTUM. System View plays a central part in
CENTUM engineering works.
Tag Name Builder The builder used to define tag names for function
blocks and variables for use in a system integrated
with CENTUM. Annunciator messages are also de-
fined on this builder. By defining tag names using
this builder, their mapping blocks or elements are
created.
Target test Testing of created application on an actual SCS by
using the test functions.
Test Project Creating Tool The tool used to create projects for SCS simulation
test.
Time synchronization method Method of system time synchronization. For SCSV, V
net time synchronization or IRIG-B time synchroniza-
tion can be selected. For SCSP, only Vnet/IP time
synchronization is used.
• V net time synchronization:
The V net time is set to the CPU modules and in-
put modules of the SCS.
• IRIG-B time synchronization:
Time information is acquired via IRIG-B from the
standard clock installed outside the system and
set to the CPU modules and input modules of the
SCS.
• Vnet/IP time synchronization:
The network time on Vnet/IP is set to the CPU
modules and input modules of the SCS.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-16
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Trip signal file A file on SCS that stores the SOE data of the event
specified as the trip signal and the data of the events
before and after that event. This file can be saved in-
to SENG. The signals that can be specified as trip
events are the signals of DI/DO modules and the sig-
nals of function blocks dedicated to SOE.
Universal type I/O module General term for the modules that can switch signal
category of I/O module channels by software setting
Unit for optical ESB bus repeater module A unit which is connected to SCS and exclusively
used for mounting ESB bus optical repeater mod-
ules.
User-defined function Functions defined by the user. You can create user-
defined functions by using Multi Language Editor.
User-defined function block Function blocks defined by the user. You can create
user-defined function blocks by using Multi Lan-
guage Editor.
User-defined project A project created using Test Project Creating Tool.
This project is for SCS simulation tests and cannot
be downloaded to actual SCS.
Vnet/IP device The device that is connected with Vnet/IP. Vnet/IP in-
terface card (model: VI702) and processor module
(model: SCP451, SCP461 and S2CP471) are inclu-
ded.
V net bus repeater The device used to extend the distance of V net bus
coaxial cable.
V net router The device used to connect a V net domain and a
Vnet/IP domain. Engineering of V net router is done
on the CENTUM system.
Version Control Tool A function that manages the change history of SCS
projects and assists the user with system updating
tasks. By using the Version control tool, you can
save the SCS project data at a certain point with a
version number and restore the project data of a cer-
tain version.
Virtual domain link transmission Virtual domain link transmission provides virtual do-
main capability to V net domain and Vnet/IP domain
connected with V net router style S3 or above. SCS
global switch communications are allowed between
SCS and FCS in the virtual domain and these com-
munications are called virtual domain link transmis-
sion.
Vnet/IP interface card An interface card installed to a PC to allow it con-
necting to Vnet/IP network.
Vnet/IP open communication driver A driver software on a PC necessary to perform open
communications (Ethernet communications) on
Vnet/IP network.
Watch Dog Timer (WDT) A mechanism which allows a system to self-diagnose
to check if it is running normally at a constant period.
SCS also has a WDT.
Windows authentication mode A user authentication mode to manage a ProSafe-
RS user as a Windows user when using access con-
trol and operation history management functionality.
Continues on the next page

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 1. Glossary > App.1-17
Table Appendix 1-1 Terminologies used in User’s Manual (Table continued)
Terminology Meaning
Wiring check adapter An element used to detect faults in the wiring be-
tween discrete input modules and field devices. Two
types of wiring check adapters are available:
SCB100 for detecting disconnections and SCB110
for detecting short-circuits.
Work database The results of engineering are first saved in a work
database. A work database consists of source files
containing definitions for the SCS and the SCS data-
base generated by running a build of the source files.
Workbench Another name of SCS Manager. Workbench User's
Guide is the help file that explains the development
environment of SCS application. You can read Work-
bench User's Guide while you perform engineering
works in the development environment called up
from SCS Manager. (However, Workbench User's
Guide does not include explanations about the tools
started from the launchers selected in the [Tools]
menu of SCS Manager.)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 2. List of links> App.2-1

Appendix 2. List of links


This section provides information and links to the operation that are required in using the
ProSafe-RS software and hardware in each typical scene.
• To know the type of the SCS hardware
• To know the function of the SCS software
• To know what type of software can be used in SENG
• To know the functions and precautions when using SENG on the virtualization platform
• To know the function of the tool that are included in the SCS Maintenance Support Tool
• When wanting to know the operation in an emergency.
• To know the procedures and precautions of online change download
• To replace the ProSafe-RS equipment
• When wanting to know about connections with other systems.

n Information on the types of SCS hardware


Information on the types of SCS hardware is as follows.
SEE
ALSO For more information about types of the safety control unit, refer to:
“■ Safety control unit” in A5., “SCS hardware” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about types of input/output modules, refer to:
“● I/O module types” in “■ Restrictions on installation of hardware” in A5., “SCS hardware” in Engineer-
ing Guide Vol. 1 (IM 32P01C10-01EN)
For more information about configuration of the safety control unit, refer to:
B1., “Configuration of SCU” in Hardware User's Guide (IM 32P06C10-01EN)
For more information about configuration of the safety node unit, refer to:
B2., “Configuration of SNU” in Hardware User's Guide (IM 32P06C10-01EN)
For more information about configuration of the unit for mounting the optical ESB bus repeater module, refer
to:
B3., “Configuration of unit for optical bus repeater module” in Hardware User's Guide (IM
32P06C10-01EN)
For more information about equipment configuring the FIO node, refer to:
B4., “FIO node devices” in Hardware User's Guide (IM 32P06C10-01EN)
For more information about equipment configuring the N-IO node, refer to:
B5., “N-IO node devices” in Hardware User's Guide (IM 32P06C10-01EN)

n Information on the functions of SCS software


Information on the SCS software is as follows.
SEE
ALSO For more information about overview of SCS software configuration, refer to:
“n Overview of SCS software configuration” on page A2-1
For more information about RAS function of SCS, refer to:
A2.3, “RAS (Reliability, Availability, Serviceability) functions of SCS” on page A2-10

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 2. List of links> App.2-2
For more information about scan period of SCS, refer to:
A7., “Performance and scan period in the SCS” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about I/O of SCS, refer to:
A6., “Inputs and outputs of SCS” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about Forcing function, refer to:
F8., “Forcing function” in Engineer's Reference Manual (IM 32P04B10-01EN)
For more information about types of POU and the use thereof, refer to:
1., “Overview of POU” in POU Reference Manual (IM 32P03B20-01EN)
For more information about SCS link transmission, refer to:
A6.1, “Overview of the SCS link transmission” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about SCS global switch communication, refer to:
A6.5, “SCS global switch communication” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about Inter-SCS safety communication, refer to:
A7., “Inter-SCS safety communication” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about SOER, refer to:
A8., “SOER functions and how to use them” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about Subsystem communication, refer to:
D1., “Common items regarding subsystem communication functions” in Engineering Guide Vol. 2 (IM
32P01C20-01EN)
For more information about Safety subsystem communication, refer to:
E., “Safety subsystem communication” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about Modbus slave communication, refer to:
F1., “Common items regarding the Modbus slave communication function” in Engineering Guide Vol. 2
(IM 32P01C20-01EN)
For more information about DNP3 communication of SCSU1, refer to:
G., “DNP3 slave function” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about Gas flow rate calculation function of SCSU1, refer to:
B2., “Gas flow rate calculation function” in Integration with FAST/TOOLS (IM 32P56H20-01EN)

n Information on the functions and precautions when using SENG on


the virtualization platform
Information regarding functions and precautions when using SENG on the virtualization plat-
form is as follows.
SEE
ALSO For more information about functions and precautions when using SENG on the virtualization platform, refer
to:
A6., “Virtualization platform” on page A6-1

n Information on the software that can be used on SENG


Information on the software that can be used on SENG is as follows.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 2. List of links> App.2-3
SEE
ALSO For more information about AD Suite, refer to:
A., “Overview of Automation Design Suite” in Engineer's Reference Manual (IM 32P04B10-01EN)
For more information about SCS Manager, refer to:
A10.2, “SCS Manager” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about SCS Project Properties dialog box, refer to:
C1.2.5, “SCS Project Properties dialog box” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about SCS Constants Builder, refer to:
C1.2.6, “SCS Constants Builder” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about Link Architecture View, refer to:
“■ Link Architecture View” in A1.2, “Windows used to create application logic” in Engineering Guide Vol.
2 (IM 32P01C20-01EN)
For more information about Multi-Language Editor, refer to:
“■ Multi-Language Editor” in A1.2, “Windows used to create application logic” in Engineering Guide Vol.
2 (IM 32P01C20-01EN)
For more information about overview of Safety Analyzers, refer to:
C5., “Testing with the Safety Analyzers” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about the method for engineering iDefine, refer to:
D5., “Engineering by using iDefine” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about tools used for engineering of SCS, refer to:
F., “Tools and functions used with engineering of ProSafe-RS” in Engineer's Reference Manual (IM
32P04B10-01EN)

n Information on the functions of the SCS Maintenance Support Tool


Information on the functions of the SCS Maintenance Support Tool is as follows.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 2. List of links> App.2-4
SEE
ALSO For more information about overview, refer to:
A5.1, “Relationships among functions of SCS Maintenance Support Tool” on page A5-2
For more information about security for the SCS Maintenance Support Tool, refer to:
B5., “Security of SCS Maintenance Support tool” on page B5-1
For more information about SCS Status Overview window, refer to:
H1.1, “SCS status overview” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about SCS State Management window, refer to:
H1.2, “SCS State Management window” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about Diagnostic Information window, refer to:
H5.1, “Diagnostic Information window” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about SCS report, refer to:
“■ SCS Report” in H2., “System reports” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about IOM Report, refer to:
H3., “Checking diagnostic information by using IOM Report” in Engineering Guide Vol. 1 (IM
32P01C10-01EN)
For more information about SOE Viewer, refer to:
I4.3, “SOE Viewer” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about Forced I/O viewer function, refer to:
I4.1, “Forced I/O Viewer function” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about other tools used for operation and maintenance, refer to:
I4., “Tools for operations and maintenance” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)

n Information on the operation in an emergency.


Information on designing the operation in an emergency and the actual operation in an emer-
gency is as follows.
SEE
ALSO For more information about items to consider when planning operation in an emergency, refer to:
G., “Emergency procedures” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about behavior upon occurrence of an error with SCS and means for recovery, refer to:
G2., “Operations and recovery procedures during the SCS error occurrence” in Engineering Guide Vol. 1
(IM 32P01C10-01EN)

n Information on procedures and precautions of online change


download
Information on procedures and precautions of online change download is as follows.

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


<Appendix 2. List of links> App.2-5
SEE
ALSO For more information about how to run an online change download, refer to:
E1.1, “Online change download” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about procedures for online change of an application, refer to:
E1.2, “Entire procedure of online change of application” in Engineering Guide Vol. 1 (IM
32P01C10-01EN)
For more information about online change downloadable items, refer to:
E1.3, “List of applicable items for online change” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about precautions when performing an online change of an application, refer to:
E1.5, “Precautions for online change” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about precautions when performing an online change download with the N-IO node, re-
fer to:
E1.6, “Precautions for online change download of N-IO” in Engineering Guide Vol. 1 (IM
32P01C10-01EN)
For more information about online changes with subsystem communication, refer to:
E1.7, “Online change of subsystem communication modules” in Engineering Guide Vol. 1 (IM
32P01C10-01EN)

n Information on tasks for replacing ProSafe-RS equipment


Information on tasks for replacing ProSafe-RS equipment is as follows.
SEE
ALSO For more information about precautions when replacing ProSafe-RS equipment, refer to:
I1.2, “Maintenance for ProSafe-RS equipment” in Engineering Guide Vol. 1 (IM 32P01C10-01EN)
For more information about precautions and procedures for performing hardware maintenance, refer to:
E., “Maintaining the SCS” in Hardware User's Guide (IM 32P06C10-01EN)

n Information on connections with other systems


Information on connections with other systems is as follows.
SEE
ALSO For more information about integration with CENTUM, refer to:
B., “CENTUM integration” in Engineering Guide Vol. 2 (IM 32P01C20-01EN)
For more information about integration with FAST/TOOLS, refer to:
A., “Integration with FAST/TOOLS function” in Integration with FAST/TOOLS (IM 32P56H20-01EN)
For more information about connecting with other YOKOGAWA software, refer to:
D., “Connection with Other Products” in Installation Guide (IM 32P01C50-01EN)

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


Rev-1

Revision information
Title : ProSafe-RS User’s Guide
Manual No. : IM 32P01B10-01EN
Dec. 2019/6th Edition/R4.05 or later
Introduction Updated description of registered trademarks and trademarks
A1.1, A5, A5.1, Added description of Forced I/O Viewer function
A6.4.2, B1
A1.2 Updated software version descriptions in "● Software that can coexist with
ProSafe-RS," "■ CENTUM integration system," "■ FAST/TOOLS integration sys-
tem," “■ Use of iDefine,” “■ Use of PRM," "■ Use of Exaopc,” and "■ Use of
Exaquantum.”
Appendix 1 Added Forced I/O Viewer function, and stand-alone ProSafe-RS system in the
glossary.
Aug. 2018/5th Edition/R4.04
Introduction Updated description of registered trademarks of YOKOGAWA.
A1.1, A1.2 Added descriptions of Windows Server 2016.
A1.2 Updated descriptions of .NET Framework.
A1.2 Updated software version descriptions in "● Software that can coexist with
ProSafe-RS," "■ CENTUM integration system," "■ FAST/TOOLS integration sys-
tem," “■ Use of iDefine,” “■ Use of PRM," "■ Use of Exaopc,” and "■ Use of
Exaquantum.”
A6 Added new section on virtualization platform.
Oct. 2017/4th Edition/R4.03.10
A1.2 Changed version number and added version description in CENTUM integration
system, FAST/TOOLS integration system, use of iDefine, use of PRM, use of
Exaopc and use of Exaquantum.
A2, A2.3.1 Added Safety Subsystem communication related descriptions.
A2.3.1, A2.4.1 Added description about Fire and Gas communication module.
A3, A4, B1 Added Safety subsystem communication engineering related descriptions.
Appendix 1 Added Field network, Field wireless backbone network, Field wireless network,
Field wireless system, Fire and gas communication, %WB, %WW, %XB, %XW
and safety subsystem communication in the glossary.
May 2017/3rd Edition/R4.03
Introduction Deleted Windows Vista from "■ Trademark Acknowledgments."
A1.1, A1.2 Added descriptions of Windows 10 and deleted descriptions of Windows Vista and
Windows Server 2008.
A1.2 Changed software versions, descriptions of ProSafe-RS functions and CENTUM
release number, descriptions of coexistence of ProSafe-RS and CENTUM on the
same computer, descriptions of whether or not ProSafe and iDefine can coexist on
the same computer, and descriptions of versions.
Oct. 2016/2nd Edition/R4.02
Entire manual Changed the symbols that indicate warning and caution.
Introduction Updated descriptions in "■ Safety, Protection, and Modification of the Product," "■
Symbols," and "■ Trademark Acknowledgments." Added a new term in "■ Full
Names and Simplified Terms."

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00


Rev-2
A1.2 Updated software version numbers in "● Supported OS," "● Software that can co-
exist with ProSafe-RS," "■ CENTUM integration system," "■ FAST/TOOLS integra-
tion system," "■ Use of PRM," and "■ Use of Exaopc."
A1.2, A3, B1 Added iDefine related descriptions.
Appendix 1 Added iDefine-config file, iDefine Test Manager, and ProSafe-RS I/O file to the
glossary.
Dec. 2015/1st Edition/R4.01
Newly published

n For Questions and More Information Online Query: A query form is available on the fol-
lowing URL for online query. http://www.yokogawa.com/iss
n Written by Yokogawa Electric Corporation
n Published by Yokogawa Electric Corporation
2-9-32 Nakacho, Musashino-shi, Tokyo 180-8750, JAPAN

IM 32P01B10-01EN 6th Edition : Dec.20,2019-00

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy