Safety Manager R151.4
Software Change Notice
Version: 1.0
Disclaimer
This document contains Honeywell proprietary information. Information contained herein is to be used solely for the purpose submitted, and no part of this document or its contents shall be reproduced, published, or disclosed to a third party without the express permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied warranties of merchantability and fitness for a purpose and makes no express warranties except as may be stated in its written agreement with and for its customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential damages. The information and specifications in this document are subject to change without notice.
Table of Content
1
Introduction... 5
1.1 About Safety Manager ... 5
1.2 About this Document ... 5
1.3 Safety Manager Status ... 6
1.4 Conventions ... 7
2
Getting Started ... 8
2.1 Compatibility ... 8
2.2 Safety Manager functionality support ... 8
2.3 Supported Safety Manager Releases ... 12
2.4 Migrate Application ... 12
2.5 Safety Builder ... 19
2.6 Knowledge Builder ... 21
2.7 Experion Integration Support ... 22
3
Release Overview ... 23
3.1 Feature compare ... 23
3.2 Release Details ... 23
4
Anomalies Resolved ... 28
5
Known Restrictions ... 29
5.1 Changing Function Block gives an error during compilation (PAR1420, 1-12IVDA2) ... 29
5.2 Off-sheet transfer is not updated after renaming input (1-1VSN5T) ... 29
5.3 Communication time out protocol Modbus RTU (1-7SK0HR/1-ASG7E7) ... 29
5.4 Remove “Force enable” procedure (1-14UOTT/1-14UOWF) ... 30
5.5 On-line adding Universal Safety IO modules (4401/4850/4824) ... 30
5.6 Loading using the “Loading” privilege level (PAR4641) ... 30
5.7 Writing packaged coils using Modbus (1-6XH0HS) ... 31
5.8 Analog Output value on Universal Safety Logic solver is not transported via SafeNet (1-THYTLL)... 33
5.9 FDM operation failures in case of SM configuration with HIGH cycle time. (1-2KGC1TL) ... 33
6
Special Considerations ... 34
6.1 On-line modification (PAR3072/3262/3265/1-AKLE9C)... 34
6.2 Key switch QPP ... 34
6.3 Knowledge Builder Client (PAR1073) ... 34
6.4 User guides... 34
6.5 Data types within Experion releases ... 35
6.6 Safety Manager Controller Sequence of Event ... 35
6.7 Network Time Protocol (NTP) (PAR2035) ... 35
6.8 Writing a point via SafeNet from Safety Builder (PAR3104) ... 35
6.9 Multi site - Bulk Copy (1-B89IZT) ... 36
6.10 Using feedback loops on a sheet (1-AL1SR8) ... 36
6.11 Clock source configurations (PAR 1790) ... 37
6.12 Unable to set Safety Manager Controller to the loaded mode (PAR3466) ... 37
6.14 Spare Parts FC-QPP-0001 and FC-QPP-0002 ... 37
6.15 Certification EN/ISO 13849-1 (PAR3973) ... 38
6.16 Universal Safety I/O module status online view (1-T75FTL) ... 38
6.17 Adding an AO channel to a Universal Safety IO (PAR4644) ... 38
6.18 MODBUS PLC address ranges (PAR4342/7273) ... 38
6.19 CDA Integration with Experion Process Control system ... 39
6.20 Renamed CDA tag parameters names ... 40
6.21 RUSLS Remote Universal Safe Logic Solver ... 41
6.22 Multiple-Protocols ... 41
6.23 Universal Safety I/O ... 41
6.24 Universal Safety I/O HART enabled devices (1-RJUE1R) ... 41
6.25 Export to UNISIM ... 41
6.26 Sheet difference reported for FLDs containing Equation block ... 41
6.27 Un-expected points reported in OLM report (1-NBCUL6, 1-T5AGKA, 1-SJCNHR 1-POSKKA) ... 42
6.28 Universal Safety Logic Solver does not make use of power up values. (1-U0U6RX) ... 42
6.29 Process Values clamped at bottom scale (1-28YYZQ6) ... 42
6.30 Known anomalies ... 43
7
Annex A: Contents of Release... 44
7.1 Software Version Identification ... 44
7.2 Files in Package... 46
1
Introduction
1.1
About Safety Manager
Safety Manager is a highly reliable, high-integrity safety system for safety-critical control applications. As part of Honeywell’s Experion Process Knowledge System (PKS), integrated or in stand-alone applications, Safety Manager forms the basis for functional safety, providing protection of persons, plant equipment, and the environment, combined with optimum availability for continuous plant operation. Safety Manager offers safety, reliability and efficiency form its foundations.
Safety Manager is a user-programmable, modular, microprocessor-based safety system, which can perform a wide range of critical process control and safety instrumented functions, including:
• High-integrity process control,
• Burner/boiler management systems,
• Process safeguarding and emergency shutdown,
• Turbine and compressor control and safeguarding,
• Fire and gas detection systems, and
• Pipeline monitoring.
1.2
About this Document
This document describes the new features, resolved problems Compared to Safety Manager R151.2, known restrictions and special considerations for Safety Manager R151.4. Please read this document in its entirety prior to installation and use of this software.
The latest version of this SCN is always available on the Honeywell Process Solutions website. Safety Manager R151.4 is dated May 6, 2014.
1.2.1 Revision History
Version Month Description 1.0 May 2014 Initial version
1.3
Safety Manager Status
STATUS SOFTWARE RELEASES:SM R133.5 Safety Manager Software Release R133.5 remains a main release for Experion Safety Manager. This release is used for maintenance release for all running systems without remote IO. Also to be used for expansions in existing Plants.
SM R146.1 Safety Manager Software Release R146.1 is the golden release for Safety Manager with Chassis IO only.
Safety Manager Software Release R146.1 does not support Universal Safety IO, hence upgrades from previous releases to Safety Manager R146.1 is only possible if no Universal Safety IO is configured.
Safety Manager R140.x and R145.x configurations with Universal Safety IO shall be migrated to Safety Manager R151.4
SM R151.4 Safety Manager Software Release R151.4 is the main functional release for Experion Safety Manager.
FOR CURRENT USERS:
Maintenance Release Safety Manager R151.4 foremost rationale is to deliver field wiring cross-talk robustness improvements to Universal Safety IO and Universal Safety Logic Solver. Cross talk will drive the affected channels to the fault state (safe). It is advised to upgrade to Safety Manager R151.4 if USIO or USLS spuriously report loop faults or channel hardware faults EC91, EC110, EC117 and EC123 without evident root cause (PAR 1-28BZSF1).
A cross-talk enhancement is delivered for Safety Manager FC-SDOL-0424 and FC-SDOL-0448 cards. Cross-talk has been seen in rare occasions when multiple Safety Managers combine field wires from multiple SDOL cards in a multi-core cable without shielding per wire pair. Cross-talk will drive the affected channels to the fault state (safe). It is advised to upgrade to Safety Manager R151.4 if one or more SDOL cards spuriously report ‘current detected in output loop’ EC5 or EC29 without evident root cause (PAR 1-28BXJWS).
Please refer to section 4 Anomalies Resolved for a comprehensive list of all customer reported issues resolved with R151.4
Safety Manager R151.4 is an upgrade for:
• Safety Manager ART systems as this release solves the IO module faults which sometimes are reported immediately after an IO Extender module was removed from a running system. • Safety Manager systems causing an unknown journal alarm in EPKS causing an event overload. • Safety Manager systems with Universal Safety Logic Solvers as this release solves the spurious
communication link fault reported on Universal Safety IO modules and Universal Safety Logic Solvers after the links were removed from a Universal Safety Logic Solver in the same network.
1.4
Conventions
The following symbols are used in Safety Manager documentation:
Tip
This symbol is used for useful, but not essential, suggestions.
Attention
This symbol is used for information that emphasizes or supplements important points
Caution
2
Getting Started
2.1
Compatibility
This section describes the compatibility restrictions that need to be considered.
2.1.1 Safety Manager cycle time
The cycle time of an existing application, based on chassis I/O which is migrated from Safety
Manager Releases prior to Safety Manager R150.1 will increase depending on the I/O configuration. An average impact of 10% must be considered.
2.2
Safety Manager functionality support
The following table gives an overview the hardware needs and software support of Safety Manager main functionalities:
2.2.1 Knowledge Builder
The Safety Manager User Assistance Documentation R151.1.10 provided with this release is compatible with Knowledge Builder 4.8.0.5. If needed update the installed Knowledge Builder engines to R4.4 with the installation set included in this release package. Knowledge Builder will not install correctly if Microsoft .Net Framework 1.1 Hot fix or higher is installed. You are requested to uninstall versions of Microsoft .Net Framework 1.1 Hot fix or higher before installing Knowledge Builder. To uninstall Microsoft .Net Framework 1.1 Hot fix or higher select Start>Settings>Control Panel>Add or Remove Programs. Select Microsoft .Net Framework 1.1 Hot fix or higher from the list and press Change/Remove. When installing on a target computer that has Microsoft .Net Framework 2 installed you must update Knowledge Builder to meet Microsoft .Net Framework 2 requirements. For update instructions and update files see the updates folder on the Knowledge Builder 4.8.0.5 installation CD.
2.2.2 Experion compatibility
2.2.2.1 Experion releases
Table below shows compatibility and dependency between Experion/FDM/UNISIM/PMD and Safety Manager functionality:
2.2.2.2 Experion Station
Safety Builder can be installed on Experion Stations that comply with the requirements as defined in paragraph 2.2.3 Operating system
2.2.2.3 Knowledge Builder
If Knowledge Builder 4.8.0.5 is already installed, the Safety Manager User Assistance Documentation R151.1.10 can be added to the existing book sets.
2.2.3 Operating system
Safety Builder R151.4 was specifically developed and tested to run on, Windows 7 32/64 bit Ultimate/Professional/Enterprise and Windows Server 2008 R2.
Safety Builder R151.4 is only supported by these tested Windows versions.
Safety Builder is not affected by Microsoft Windows patches (1-1INPJK)
Using Safety Builder R151.4 on any Windows version other than mentioned above is considered improper use of the software. Honeywell Safety Management Systems cannot be held liable in any way for any damages that result from using Safety Builder on a Windows version other than Windows 7/ Windows Server 2008.
2.2.4
FSC compatibility
Safety Manager R151.4 is not compatible with any FSC releases.
2.3
Supported Safety Manager Releases
In case an Upgrade/Migrate is started from a not supported Safety Manager release it is
recommended to contact the local Honeywell National Response Center (NRC), Customer Response Center (CRC), Global TAC Center, or Solution Support Center (SSC).
2.4
Migrate Application
2.4.1
Backup your application
It is always strongly recommended that you create a backup of your application with the previous release of Safety Manager before starting the migration to Safety Manager R151.4
“Migrate Application” migrates a complete Plant (including all configured controllers).
In case the migration fails, the reason will be reported. Go back to the original application, make the required modification and migrate again.
Safety Manager R151.4 is able to use applications created using Safety Builder Releases R133.1, R133.2, R133.3, R133.4, R133.5, R140.2, R140.3, R145.1, R145.2, R146.1, R150.1, R151.1, R151.2 and R151.3.
Safety Builder R151.4 reports that you have to run “Migrate Application” if a plant from releases R133.x, R140.x, R145.x, R146.x, R150.x and R151.x is selected via Network Configurator.
Migrate Application
To migrate to Safety Manager R151.4 select the option ’Migrate Application’.
This function can be found as follows.
’Migrate Application’ will migrate the complete plant, including all Safety Manager Controllers configured in that plant.
The migrate feature is not protected by privilege level access.
2.4.2
Known restrictions
2.4.2.1 Follow the On-Line Modification procedure. The On-Line Modification procedure should be followed.
At the start of On-Line Modification: The system should run without IO faults otherwise the first Control Processor (CP) will not start-up after loading it.
During the actual Load: Do NOT apply a Fault Reset (Direct or Remote) else the SM Controller may abort software loading.
2.4.2.2 Password protection
Migrate Application is not password protected.
The privileges levels are temporary disabled during the Migrate Application. After the migration the privileges levels are active again.
2.4.2.3 Experion integration
Safety Manager R151.4 supports two integration methods with Experion, namely: • Via the Experion protocol using Dual LAN connectivity to the FTE network, and • Via the CDA protocol using full FTE connectivity to the FTE network.
Existing Experion / Safety Manager installations migrating to Safety Manager R151.4 will continue to use the Experion protocol and dual LAN method. For new controllers the customer can choose the desired integration method.
Experion integration via Experion protocol over Dual LAN
The Experion communication link can only be configured on channel A of the USI communication module. This means that Experion links configured on channel B cannot be migrated.
Experion integration via CDA Protocol and FTE
The FTE support provides maximum communication availability for Safety Manager being an FTE node within the Experion communication architecture. It provides detailed node diagnostics and transparent availability within the Experion architecture. Full FTE support is coupled with CDA integration in Experion.
Upgrading from dual LAN connectivity to full FTE requires specific hardware changes and changes to the Experion point database and custom graphics.
For migration to full FTE node:
• Requires Experion R410.1 or higher
• The impact to existing custom graphics and point database have to be evaluated as well as the impact to point licenses on Experion server
• Upgrade from USI-0001 to USI-0002, and
• Two communication channels (A and B) of the USI communication module have to be configured. Experion communication link can only be configured on channel A of the USI communication module. Channel B of the same USI will automatically be occupied. This means that Experion links configured on channel B cannot be migrated.
Before starting the migration, change the configuration of the Experion link to channel A. 2.4.2.4 Universal Safety I/O connection
Safety Manager R151.4 support Universal Safety I/O communication (SM RIO Link) only via dedicated channel of the USI communication module of the Control Processor.
2.4.2.5 I/O property “Safety Related”
The "Safety Related" property of points can be used to simplify SIL-assessments and consistency checks. It is strongly advised to set this property to the correct value.
When the property “Safety Related” of a point is left to “Undefined” this will be reported as a warning by Application Compiler. To avoid those warnings configure the property “Safety Related” of a point to “Yes” or “No”. This can be done after the project is migrated. The “Safety Related”
property of points is for documentation purposes only.
2.4.3
Considerations
2.4.3.1 Migration log file overwritten
When starting ‘Migrate Application’, the log file of the previous ‘Migrate Application’ will be overwritten.
2.4.4
Off-line modification
The Off-line modification procedure is defined in chapter 6 of the Installation and Upgrade Guide. 2.4.4.1 Off-line modification report
During Software loading and upgrading procedure the SM Controller will generate an OLM report. This report identifies the differences between both Control Processors. This OLM report can be viewed by activating Actual diagnostics and focusing on EC 151 and analyze the details. During the OLM procedure the OLM check details are presented twice.
CP1 CP2 OLM report
Running Running
Set to Idle Running
SB-Load new application Running CP1 reports with CP2 Set to Run – Startup Running
Running Halted CP2 reports with CP1
Running SB-Continue
Running Equalizing
Running Running
Unexpected report of deleted points by OLM report.
Scenario: Migrating from a previous release of Safety Manager, Compiling and Loading the application may result in unexpected report of deleted points by the OLM report.
This is the result of the application compiler cleaning up points that have been left in the SM Controller database by a previous release of Safety Manager.
To be able to verify the “unexpected” items in the OLM report the following actions have to be taken: 1. Before migrating to Safety Manager R151.4 you have to:
a. Export the IO points in the version the SM Controller is running.
b. Archive the audit trail from the SM Controller that is about to be migrated. This is to clean up the audit trail.
2. Migrate the SM Controller to Safety Manager R151.4. 3. Compile the application.
4. Print out the audit trail of the compiled SM Controller.
5. Note: Both documents mentioned in item 1a and 4 needs to be checked for “unexpected” items in the OLM report.
6. The unexpected items mentioned in the OLM report have an Application address which can be found also in the export file of the IO points. The export file of the IO points shows the related Tag numbers, which can verify against the audit trail that they have been cleaned up by the compiler.
Example: Verify if point mentioned in OLM report with Application address 178 is one of the points that the compiler has cleaned up.
2.4.5
On-line modification
2.4.5.1 Universal Safety I/O module Spare Channel option
In case spare channel detection is enabled adding and/or deleting a point will generate a ‘Device detected on spare channel’ during On-line Modification.
2.4.5.2 Safety Manager Peer to Peer (SafeNet)
2.4.5.3 On-line software upgrade from R133.4 or R133.5
When executing online software upgrade from Safety Manager R133.4 to Safety Manager R151.4 and system is configured with QPP-0001 an Error code 33 may be reported and “Load Controller” fails. This can be ignored. Restarting “Load Controller” will lead to successful upgrade.
2.4.5.4 On-line software upgrade Universal Safety I/O module
On-line Software upgrade of Universal Safety IO modules is not supported for Safety Manager R140.2 and R140.3 to Safety Manager R151.4. To enable On-line Software upgrade, first execute On-line software upgrade to Safety Manager R145.2.
2.4.5.5 On-line software upgrade from Safety Manager R150.1 (1-11FBXRN)
During On-line software upgrade from Safety Manager R150.1 to Safety Manager R151.4 Safety Builder may show a “red cross” and On-line software upgrade appears to be blocked. When on-line software upgrade was started the system is running fault free and if no other faults are reported as defined in the On-line Modification Guide the first CP should be cycled to Stop and back to Run. After restarting download the On-line software upgrade will continue and complete.
2.4.5.6 On-line software upgrade from Safety Manager R150.1 shows multiple EC 141 During On-line software upgrade executed from Safety Manager R150.1 to Safety Manager R151.4.following anomaly may be observed:
• Modification Guide multiple error codes 141 appear.
If this is observed, it is strongly advised to complete the following steps before commencing the on-line modification:
1. Turn the QPP key switch of the IDLE QPP to the STOP position. The R150.1 Control Processor remains RUNNING.
2. Toggle the Reset key switch once.
3. Turn the QPP key switch of the IDLE QPP to the RUN position. The R150.1 Control Processor remains RUNNING.
4. Wait for the QPP to show CPReady on the display, 5. Wait 10 seconds
6. Check Diagnostics,
7. If 0 to 3 error code 141 is reported Then all is OK and continue with next step Else repeat from step 1. 8. Resume the on-line modification procedure at step C2.i as defined in the On-line Modification Guide
2.4.5.7 On-line adding and removing Universal Safety IO /Universal Safety Logic Solver module When adding Universal Safety IO / Universal Safety Logic Solver module to the application (Topology change) the application must be changed first before Universal Safety IO /Universal Safety Logic Solver module are powered up.
Adding/deleting of Universal Safety IO / Universal Safety Logic solver must not be done as part of a firmware upgrade to Safety Manager R151.4. (1-UA45D9)
Removing Universal Safety IO / Universal Safety Logic Solver modules on-line is supported from the highest node number downwards. Add Universal Safety IO / Universal Safety Logic Solver modules on-line is supported from the highest node number upwards.
2.4.6
Safety Manager Software Migration Matrix
Safety Manager Software Migration Matrix visualizes information regarding On-line software upgrade.
2.4.7
Safety Manager Universal Safety IO Migration
Following table shows upgrade information w/r/t the Universal Safe IO modules
2.5
Safety Builder
Safety Builder is an all-in-one tool for configuring, loading and monitoring Safety Manager.
Note: Some tools may not be available, depending on your license and package.
2.5.1
License and software package
Safety Builder is supplied in three packages. The license number issued to the Customer determines the type of software package installation. The available Safety Builder software packages are:
• Demo. This package has limited functionality and serves primarily for demonstration purposes. You cannot print nor create/view a logical view.
• Contractor. This package has limited functionality and allows Safety Manager™ contractors to design a system. Contractors use Safety Builder in the pre-engineering phase only.
• Basic. This package offers all Safety Builder functions with the exception of some (future) Engineering options.
2.5.2
Quick installation
Note: These instructions are not suitable for upgrading from a previous release of Safety Builder. They apply to new installations only.
Note: You must have administrator rights to install this software. This section provides a brief overview of the installation instructions. It is recommended to:
• Close all Windows applications before installing a software package.
• Install Knowledge Builder and the user documentation before installing Safety Builder.
2.5.2.1 Installing Safety Builder
With Knowledge Builder installed, open chapter 2 of the Software Reference. This chapter contains detailed installation instructions for Safety Builder.
Installing Safety Builder allows the user to use the Safety Builder tools required to configure, load and communicate with Safety Manager.
Although not recommended, Safety Builder can be installed separate from Knowledge Builder. 2.5.2.2 Installation procedure
1. Insert the Safety Builder CD ROM in the CD drive.
2. If the installation does not start automatically, run setup.exe from the root of the CD ROM. 3. Click the option install from the appearing installation menu and click next.
4. Accept the license agreement after reading it and click next. (If you do not accept, the installation will abort).
5. Enter your user name, your company name and the serial number supplied with the Safety Builder CD ROM and click next.
6. Enter the license number that determines the type of installation and click next. (The license number is supplied with the Safety Builder CD ROM)
7. Click next until you get an overview screen.
8. Check if you agree with the default settings; if not, click back until you reach the setting you wish to modify.
9. Click next to start the actual installation
10. Click finish to exit the installation program after installation completed. 2.5.2.3 Post installation instructions
If after installing Safety Manager Safety Builder reports error "Class not registered, ClassID: 88d96a0c-f192-11d4-a65f-0040963251e5" it means that the MSXML6 is not installed. Safety Builder should be reinstalled.
2.6
Knowledge Builder
Use the Knowledge Builder application to display Experion™ platform and Safety Manager™ platform on-line documentation.
You can install the Knowledge Builder client and server applications on any computer running Windows Server 2008 R2 and Windows 7 (Professional, Ultimate and Enterprise).
2.6.1
Safety Manager User documentation
The Safety Manager User Assistance Documentation R151.1.10 is included as:
• Online user documentation and
• PDF user documentation.
2.6.2
Supported installation types
Knowledge Builder supports Full, Client, Server Only, and CD installations. Ensure you understand the different install options before installing Knowledge Builder on your computer.
Installation type descriptions:
• Full Install. The full option installs all of the required components on your computer. Your computer can then be used stand-alone or as a Knowledge Builder server.
• Client Install. The client option installs the browser application on your computer. Your computer can then be used to access the content located on a remote Knowledge Builder server.
• Server Only Install. The server only option installs a Knowledge Builder server (content files) on a designated network location, where a functional Knowledge Builder client is not required. A full or client install can browse to this server only location.
• CD Install. The CD option is similar to the client install, except that a Knowledge Builder CD must be in the CD-ROM drive to view the content. This option is typically used on laptop computers.
2.6.3
Installing Knowledge Builder
1. Exit any running applications.
2. If you plan to remove any existing book sets before installing this version of Knowledge Builder, Honeywell recommends that you run the Knowledge Builder Backup Restore Utility to export or back up book set content and Dynamic Help. For instructions, see Launching the Knowledge Builder Backup Restore Utility.
3. Insert the Knowledge Builder CD into the CD-ROM drive.
4. In Windows Explorer, browse to the Knowledge_Builder folder on the CD and double-click the setup.exe file.
5. Follow the on-screen instructions to install the software. The defaults can be used if a full install is required. If you need one of the other install types (as listed to the left) you will need to change the install type.
6. If prompted for an MNGR account, use a "strong password" on this computer and the same password for all clients accessing the server.
7. Remove the CD from the CD-ROM drive. 8. Restart the computer.
9. Knowledge Builder may not function properly if you do not restart the computer. 10. Repeat this procedure on any other computers requiring Knowledge Builder.
2.6.4
Launching Knowledge Builder applications
2.6.4.1 Launching Knowledge Builder
To launch Knowledge Builder do one of the following:
• Choose Start > Programs > Honeywell > Knowledge Builder Tools > Knowledge Builder.
• Double-click the Knowledge Builder icon located on you desktop.
2.6.4.2 Launching the Knowledge Builder Backup Restore Utility (KBBackupRestore .exe) Read the kbbup.pdf file located in the Utilities\KB BackupRestore Utility folder on the Knowledge Builder CD.
2.6.4.3 Launching the Password Utility (PWDUtil.exe)
Read the PwdUtil_Instructions.txt file located in the Utilities\Password Utility folder on the Knowledge Builder CD.
2.7
Experion Integration Support
2.7.1
Experion SCADA: Safety Manager diagnostic message files on Experion
To get a correct Safety Manager diagnostic representation on Experion SCADA the following files will need to be copied (replaced) to the Experion Server:
• fsc_module.txt
• fsc_fault.txt
Most likely the file location at the Experion server is: \Experion PKS\Server\Data.
2.7.2
CDA integration in Experion: Safety Manager Experion Components Installer
To be able to see the Safety Manager detail displays, system tree icons and CDA error messages on Experion the Safety Manager R151.4 Experion Components.msi has to be installed on the Experion Server and Experion stations when file replication is not used.
The Safety Manager R151.4 Experion Components.msi is a standalone installer. For CDA Experion integration, the detail displays must be installed using this installer, before starting Experion.
3
Release Overview
Safety Manager R151.4 is a scheduled maintenance release of the Safety Manager R15x series. Safety Manager R15x focuses on further reduction of the total cost of ownership by increasing engineering and maintenance efficiency and increased safety availability by allowing distribution of the safety application over multiple Universal Safety Logic Solvers. The latter fits perfect on
distributed applications like pipeline monitoring and well head control.
3.1
Feature compare
Following table shows feature set comparison of Safety Manager R151.4:
3.2
Release Details
Enhancements on customer request are identified by unique identification (1-xxxxxx)
3.2.1
Integration with Experion Process Control system
CDA integration in Experion provides operational integration comparable to C200/C300 process controller integration. Point data is instantly available in custom graphics and peer to peer relations. A unique point publishing mechanism to the Experion is used to allow application development in multiple locations or accommodate customer requirements for strict segregation between the process control and safety maintenance network. CDA integration provides a safe and cost effective integrated solution over the lifetime of the solution.
The CDA integration contains the following:
• Hardware points for all hardware modules in the Safety Manager
• Process points for FLDs containing inputs and or outputs.
• Standard parameter sets per input or output block
3.2.2
Safety Manager Advanced Redundancy Technique (A.R.T.).
Safety Manager (redundant):
• Is single fault tolerant on hardware modules per Safety Instrumented Function (SIF).
• Can tolerate a combination of different single hardware faults per SIF.
• Tolerates multiple hardware faults at the same time in the systems.
With all of the above the process remains safe guarded (SIL3) even in degraded systems mode.
Safety Manager R150 has optional Advanced Redundancy Technique. Safety Manager A.R.T.:
• has the same functionality as mentioned above, and
• provides multi fault tolerance on the IO buss, and
• supports replacement of all faulty chassis I/O modules without degrading the system for both
redundant and non-redundant chassis I/O.
3.2.3
Direct FDM to USI HART pass thru
For Universal Safety I/O modules Safety Manager R151.4 supports HART pass thru functionality. This allows users to monitor and maintain HART field devices connected to the Universal Safety I/O modules direct on Experion Field Device Manager (FDM).
3.2.4
Universal Safety Logic Solver
Safety Builder R151 introduces a new module as part of the Universal Safety I/O family, namely the Remote Universal Safe Logic Solver (FC-RUSLS-3224).
The FC-RUSLS-3224 module:
• Has 32 Universal Safe IO channels with configurable channel function; configuration is done in Safety Builder,
• Is depending on the Safety Manager for configuration, communication and on-line view,
• Support the execution of FLDs on the module, separate from the Safety Manager Controller.
• Specifications per FC-RUSLS-3224:
• Is approved for SIL 3 applications.
3.2.5 Multiple protocols in combination with Remote IO link on the same
communication module
Safety Builder R151 is able to operate the Remote IO protocol parallel to other protocols on the same communication module.
The maximum links supported are 10 SafeNet and 20 Universal Safety I/O modules OR 20 SafeNet links and 10 Universal Safety I/O modules.
3.2.6 Non-Redundant Universal Safety I/O
Safety Builder R151 supports non redundant Universal Safety I/O. On-line modifications are supported for:
• all redundant system components, and
• Non-redundant components that are not changing (configuration or firmware).
3.2.7
Low latency SOE for Universal Safety I/O modules
Safety Manager R151.4 Safety Builder R151 supports in addition to the normal SOE, Low latency SOE. These SOE events are time stamped on the Universal I/O module with a resolution of 1 msec.
3.2.8
FLD Intellectual Property Protection
Safety Builder R151 supports FLD intellectual Property protection through:
• Password validation when Opening, Deleting, and Printing of protected FLDs in the Application Editor.
• Enforce protection while Copy FLD and Import FLD function in Application Editor.
• Password validation when View FLD in Application Viewer. Max. properties per module #
Markers 512 Register bytes 256 Timers 10mSec 4 Timers 100mSec 32 Timers 1Sec 32 Timers 1min 16 Counters 16
3.2.9 Modbus Master
Safety Builder R151 supports Modbus Master
• Redundant communication only
• ModbusTCP. (ModbusRTU support via Gateway)
• Support ModbusTCP gateway exception 0xB
• Support Function code 1,2,3,4 5,6, 15 and 16
• Physical link supported Ethernet only (FTE not supported)
• 1 Modbus Master per USI
• Max 32 logical links per USI (this includes Safety Builder, Experion, Modbus slave links)
• Support packed DI/DO. (via ModbusTCP Function Code 3,4,6,16)
3.2.10 Automatic cold start (1-S4VSRB)
Safety Builder R151 supports automatic “Cold” startup of Safety Manager. This feature must be enabled via Controller properties.
3.2.11 Paper Machine Drive (PMD) Integration (1-PY02IR)
Safety Builder R151 supports integration with Experion PMD Process Controller via CDA. PMD Support from release 800.1.
3.2.12
Dual independent SOE Collectors. (1-OJ60AH)
Safety Builder R151 offers the possibility to configure both Experion SOE (via CDA) and Safety Historian (via SCADA) hence creating a dual independent SOE collector.
3.2.13 Safety Historian on Serial communication Channels (1-QLAX4H)
With Safety Builder R151 Channel C and D (Serial communication) on the USI can be configured as SOE Channel. To enable event retrieval via channel C or D an external Serial /TCP converter is necessary.
3.2.14 Universal Safety Logic Solver cycle time (1-PMBIAF)
Universal Safety Logic Solver is running at optimized application cycle time which can be lower or equal to the Safety Manager application cycle. The actual Universal Safety Logic Solver application cycle time is displayed via Safety Builder.
3.2.16 Improved USIO Line Monitored configuration change (1-2QVIUPO)
During On-line Modification process a LM configuration difference is detected between the CP’s.A Diagnostic WARNING will be generated in case continuing the On-line Modification process would end up in a loop fault. (WARNING: Continuing OLM, results in loops set to fault reaction)
3.2.17 Reduced spurious report of "Current detected in output loop"
(1-28BXJWS, 1-28BZSF1)
With Safety Builder R151 the line monitored output card (SDOL-0424/SDOL-0448) has now Reduced Signal noise injection and improved Signal noise immunity
3.2.18
Changed Communication overrun (EC66) Diagnostic into Statistic (1-2C5EJ4S)
Based on feedback received from customer the “Communication overrun” diagnostics has been changed into a communication statistic. To check the stability of the communication networks it is recommended to monitor the communication statistics.
4
Anomalies Resolved
This section provides an overview of the issues resolved related to previous Safety Manager Release. Following table indicates anomalies reported by customers and solved with Safety Manager R151.4
PAR # Function Abstract
1-1E3NS4E Controller
Management It is not always possible to successfully upgrade a non-redundant Safety Manager if the Safety Manager QPP was previously loaded with a redundant configuration.
1-1PA7CD3 Firmware No signal update when Safety Manager field DI or COM digital output is connected to DEVCTLA DI pin.
1-1N2FG9L Firmware When removing the IO Extender module from a running non-redundant SM A.R.T. IO chassis sometimes IO modules from another chassis are reported faulty.
1-1IY22OA Firmware An unknown journal alarm in EPKS is causing an event overload. RCVBGN repeating every 1 minute.
1-1ZPC8FZ Firmware RIO Two application cycles lag seen between Loop AND bit and Channel Diagnostic bit set to faulty with the AI signals connected to USIO. 1-107J1XF Firmware QPP A diagnostic error code 197 (secondary switch–off activated) is
reported when all SDOL-0448 modules are reported faulty with EC2 at the same moment.
1-2EFWTQD Firmware RIO FDM cannot communicate with Hart device connected to USIO; Safety Manager shows EC72 HART Device not Connected.
5
Known Restrictions
5.1
Changing Function Block gives an error during compilation
(PAR1420, 1-12IVDA2)
Safety Manager Release R100.1 and higher Configurations:
Changing Function Block (FB) Descriptions & Conditions:
When changing an FB which is used on one or more FLDs, these FLDs are not refreshed with the latest changes. Translate Application reports all FLDs with the changed Function Block.
Changes on a function block that require a refresh on the FLD’s that use these function blocks are • Interface signal types
• Timer set points • Counter
• Cycle-pulse Work around:
Use ‘Change’ option from the pop-up menu to update the FLD’s that use this changed Function Block.
5.2
Off-sheet transfer is not updated after renaming input (1-1VSN5T)
Configurations:Changing tag numbers Descriptions & Conditions:
When a tag number of an input is changed, and connected on that input there is an off-sheet marker (with the same name) the off-sheet marker will not change accordingly the input change.
Work around:
Go to off-sheet marker select change and press ok. The text will be updated. Work around:
None.
5.3
Communication time out protocol Modbus RTU (1-7SK0HR/1-ASG7E7)
Configurations:Applies for Modbus RTU protocol only Descriptions & Conditions:
The minimum time out of non redundant Modbus with redundant cp’s communication shall be set to ≥ 15 seconds.
Work around:
5.4
Remove “Force enable” procedure (1-14UOTT/1-14UOWF)
Configurations:All
Descriptions & Conditions:
If a point is forced in a running redundant Safety Manager Controller and during a modification this point is set to force enable ‘No’, after the On-line modification (OLM) the point is still forced. The force of this point can only be cleared via the Safety Builder “Clear all forces” option or by disabling the FORCE ENABLE key. When trying to start-up the “View all Forces”, while having this point forced the Safety Builder will terminate.
Work around:
Clear the force by using “Clear all Forces” before using “View All forces”.
5.5
On-line adding Universal Safety IO modules (4401/4850/4824)
Configurations:Safety Manager Controller with Universal Safety I/O modules running. Descriptions & Conditions:
The maximum number of Remote Universal Safe IO redundant modules that can be added during one On-line Modification (OLM) is 8 modules. If more than 8 modules have to be added this shall be done in phases.
Do not perform OLM when a communication cable is disconnected. Workaround:
When adding or removing in batches of 8 modules is not possible, an off-line modification is required.
5.6
Loading using the “Loading” privilege level (PAR4641)
Configurations:All.
Descriptions & Conditions:
When using the Loading privilege level it is not possible to complete a load. While busy with (or just after completing) loading of the redundant CP than error code appears that the Loaded flag cannot be set.
Workaround:
5.7
Writing packaged coils using Modbus (1-6XH0HS)
Configurations:Safety Manager Controller with Modbus RTU communication. Descriptions & Conditions:
Safety Manager supports the feature of reading and writing packaged coils for Modbus communication.
This feature allows that multiple coils can be packed and accessed with a single Modbus function code. This saves allocation space in Modbus masters that support packaged coils and also limits the communication load. To avoid additional logic inside Safety Manager for packing and unpacking bits into registers, this option is integrated in the Modbus communication stack of Safety manager. Most F&G (Fire and Gas) equipment use this method of transferring detector information.
If Safety Manager receives a read or write register command, it checks if these register addresses are existing in Safety Manager. If no BI (Binary Input) tag numbers are allocated to these addresses, it checks if the addresses exist as DI points. If so, the register value will be written to the digital input signals. For example, if the register address is "1", but this address is not used in Safety Manager, it checks if address 1 is a valid address as coil. If it is, the register value will be written to digital input address 1 thru 16 (a register is 16 bits)..
Workaround:
There are different actions depending on whether you have a running application or a new project: For running applications:
1. Check address ranges of Markers and Registers
Same address range: start address for marker
and register addresses are the same Different address range: start address for marker and register addresses are different and are not overlapping.
2. If different address ranges are configured for Markers and Registers, No further action needed
3. If same or overlapping address ranges are configured for Markers and Registers, a. Create a new Binary Input (BI);
Tag number: DO_NOT_DELETE
Description: Do not delete this tag number
Location: COM
Type: Word
Logical Connection: Modbus link
Address: Last available Binary Input Modbus address (No need to place created tag number on sheet)
b. Compile and Load application following the on-line Modification procedure. After the implementation this solution in the Safety Manager, the entire configured Modbus binary input address range will be recognized as register area. This means when writing an unused register from the Modbus master device, Safety Manager will respond with message “invalid address”.
For new projects:
Configure addresses for markers and registers which are not in the same range and have an overlap:
Example:
Markers are configured in address range: DI: 1 – 416
DO: 417 - 832
Registers are configured in address range: BI: 5001 - 5064
5.8
Analog Output value on Universal Safety Logic solver is not
transported via SafeNet (1-THYTLL)
Configurations:
Application having SafeNet and Universal Safety Logic Solver. Descriptions & Conditions:
When an Analog Output on the Universal Safety Logic Solver is allocated to a target Safety Manager controller via SafeNet, the target controller does not receive the value.
Workaround:
Use COM signals to transport an analog output signal from a Universal Safety Logic solver to Target Safety Manager
5.9
FDM operation failures in case of SM configuration with HIGH cycle
time. (1-2KGC1TL)
Configurations:
Application having higher cycle times and connected to FDM Descriptions & Conditions:
FDM bulk operations results to FDM-Bulk-Operation failures for applications with high cycle time Workaround:
6
Special Considerations
Users will need to take the following special considerations into account.
6.1
On-line modification (PAR3072/3262/3265/1-AKLE9C)
When doing an On-line Modifications always make use of the OLM procedure. During the actual Load:
Do NOT apply a Fault Reset (Direct or Remote).
The Safety Manager Controller will stop the software loading.
6.2
Key switch QPP
When the QPP key switch is placed between IDLE and STOP position the Safety Manager Controller will see this as that the key switch is set in the RUN position.
The display of the QPP will show “CPReady”. It is possible to start-up the Safety Manager Controller in this situation.
6.3
Knowledge Builder Client (PAR1073)
Knowledge Builder Client will be installed automatically on C:\Program Files. User can not select other drive
6.4
User guides
If a user looks for task specific instructions, the following considerations apply:
• Dedicated instructions for operators have not been identified; tool usage instructions for operators can be extracted from the on-line tools section in the Software Reference. • Dedicated instructions for engineers have not been identified; tool usage instructions for
6.5
Data types within Experion releases
When configuring Safety Manager Data types in Experion, AI and AO data types should be used as shown in Table 1.
Table 1
Point type AI / AO Experion R210 or lower Experion R300 and higher
0-20mA FSC020MA SM020MA
4-20mA FSC420MA SM420MA
0-5 V FSC05V SM05V
1-5 V FSC15V SM15V
0-10 V FSC010V SM010V
2-10 V FSC210V SM210V
6.6
Safety Manager Controller Sequence of Event
• System events
System events with SOE number 0, 1, 2, 3 and 5 do not exist.
Safety Manager Controller does not reserve these SOE numbers for system events anymore. The system events have to be configured the same way as normal points connected to the SOE Only controller.
• SOE-ID update
The application must be compiled in order to have all SOE IDs assigned correctly before these can be used by Experion/Safety Historian
6.7
Network Time Protocol (NTP) (PAR2035)
The property ‘Clock source timeout’ must be set to 1 Hour or more.
6.8
Writing a point via SafeNet from Safety Builder (PAR3104)
It is not possible to “write” a point of an indirect connected Safety Manager with Safety Builder. Precondition: Connected only via a SafeNet link.
(Safety Builder => Safety Manager Controller 1 => SafeNet => Safety Manager Controller 2)
6.9
Multi site - Bulk Copy (1-B89IZT)
Make sure that before copying multiple FLDs from another Safety Manager Controller the privilege level of this source Safety Manager Controller is disabled.
6.10 Using feedback loops on a sheet (1-AL1SR8)
Using feedback loops on one sheet can result in unexpected behavior. The user designs a function on a sheet using logic symbols.
The function the user designed on a sheet is executed in sequence.
The sequence of execution is determined by the Application Compiler function of the Safety Builder. The Application Compiler has NO knowledge on the sequence of the function that was designed by the user.
With logic as defined in the picture at the right the Application Compiler cannot determine what function (1, 2 or 3) is executed first.
In case the order of execution is 1, 3, 2 then there might be a difference of output
=> Personally analyzing the sheet you expect same results on 1 and 2.
This logic can appear in an unlimited number of variations:
e.g. using registers. Using lots of logic symbols going from 3 to 2
The essence of this issue is a multiple feedback of a signal on one sheet.
Note: The Application Compiler is consistent when generating the sequence of execution. If the sheet does NOT change the sequence does NOT change.
The Safety Builder helps to detect ambiguous marker feedback loops.
During compilation a Warning will be generated when it detects an ambiguous execution of the sheet. (in sheet example if execution is 1-3-2, 2-3-1) .
e.g.
6.11 Clock source configurations (PAR 1790)
It is possible to configure clock source priorities in SafeNet networks which are not supported by the Safety Controller.
The slave Safety Manager Controller will only respond to its direct master Safety Manager Controller, even if a higher master SM Controller is configured as time master.
Be sure that clock sources configurations are only with direct connected master Safety Manager Controllers.
6.12 Unable to set Safety Manager Controller to the loaded mode
(PAR3466)
In case an IO module is deleted from an application it is necessary to compile the application twice before it can be set to “loaded”. An attempt to set the controller to “loaded” after the first compile fails. Controller remains in the modified mode.
6.13 Adding new SafeNet points on-line (PAR3398)
When adding a new SafeNet inputs on-line, the signal will get the configured power-up value for the first cycle and not the value of the source output. SafeNet Inputs that could cause a process trip through de-activation need to be forced in the application, to avoid such an accidental process stop. It is advisable to first add the points and logic and bypass this with for example a or-gate and a '1'. In this situation the signal and logic can be tested before it will be implemented in the real logic. If all is tested, the OR-gate and 1 has to be deleted. This needs another OLM.
Another option is to set the power up value correctly. This will set the value correct during the first cycle but may result testing of the logic is not possible.
6.14 Spare Parts FC-QPP-0001 and FC-QPP-0002
In case the Safety Manager system needs replacement of one QPP the “Replacing a QPP module in a redundant Safety Manager Controller” in the Safety Manager’s Installation and Upgrade Guide should be followed.
The QPP will self learn and copy the software and application of the other running CP.
When the QPP-0002 which serves as the replacement needs to be downgraded to match the running CP it is possible that the “Self learning” is not completed and QPP cannot start up. In this case the “Load” option of Safety Builder should be activated. The Safety Manager system will indicate this by showing “$FFFFFFFF” or “$00000000” as the CRC of the embedded software of the QPP. See Safety builder - System Info.
6.15 Certification EN/ISO 13849-1 (PAR3973)
Configurations:SM Controller with Universal Safety I/O modules running. Descriptions & Conditions:
To comply with the EN/ISO 13849-1 standard :
• Digital input signals allocated to the Remote Universal Safe IO module must be configured as Line monitored Digital Input.
• Digital output signals allocated to Remote Universal Safe IO module must have shielded field wiring.
6.16 Universal Safety I/O module status online view (1-T75FTL)
Configurations:SM Controller with Universal Safety I/O modules running. Descriptions & Conditions:
During Load of Safety Manager also the Remote Universal Safe IO modules receive new software. During this time the detailed status of the Universal Safety I/O modules is not updated. This results in “swapping” online Universal Safety IO status.
6.17 Adding an AO channel to a Universal Safety IO (PAR4644)
Configurations:SM Controller with Universal Safety I/O modules running. Descriptions & Conditions:
Adding an AO point to Remote Universal Safe IO needs a load module requires a connected load (external device or resistor) on the channel to make OLM possible and successful. If there is no load on the channel the RUSIO module cannot perform the calibration and OLM will not continue or fail.
6.18 MODBUS PLC address ranges (PAR4342/7273)
Configurations:SM Controller with logical link protocol Modbus. Descriptions & Conditions:
With Safety Manager R140.3 and higher it is possible to configure the PLC addresses of Inputs & Outputs on same address.
When PLC addresses of inputs & outputs are overlapping then the communication between the Device & Safety Manager Controller will not operate correctly.
6.19 CDA Integration with Experion Process Control system
• Existing Applications should be compiled before publishing to Experion server.
• Publishing of IO points - Delete all before update.
This option is not recommended to be used for an on-line system. It will require a restart of the communication modules before Experion is able to receive any alarms and events. The restart can be achieved on-line by restarting the CPs sequentially. After each restart the CPs should be synchronized.
• Publishing to Experion the Safety builder must run on a PC that is in the same workgroup or domain as the Experion server and is using an account that has Experion privileges (1-OJ1CAZ)
• QPP does not acknowledge writes, hence peers would not get acknowledge when writes are not received by the Safety Manager. (PAR2018/1-O5M3U)
6.20 Renamed CDA tag parameters names
With Safety Manager R151.1 CDA tag parameter names have changed which might have effect on the faceplates designed using Safety Manager R150.1.
Following list contains the changed CDA tag parameter name changes compared to Safety Manager R150.1
Block Name Parameter Name
(R150.1) Parameter Name (R151.1)
SM_DOCOM OPFL PVFL
SM_DOCOM OP PV
SM_BOCOM OP PV
SM_AI EngUnits EUDESC
SM_AI BOTTOMSCALE PVEULO
SM_AI TOPSCALE PVEUHI
SM_AO EngUnits EUDESC
SAI_NR_CHAN PVPERC PV
SAI_R_CHAN PVPERC PV
To activate the Safety Manager R151.4 parameter names when migrating from Safety Manager R150 the “Force Update All” option in the publish dialog box must be selected. (Only first time with Safety Manager R151.4)
The Experion Custom displays (faceplates), trends, history, peer to peer configurations and all other Experion clients using Safety Manager parameters that have been changed has to be modified according to new parameters names in Safety Manager R151.4.
6.21 RUSLS Remote Universal Safe Logic Solver
Before changing Execution Environment of an FLD make sure to remove Sheet transfers first to properly de-allocate the sheet transfer allocation.
6.22 Multiple-Protocols
The current USI performance model includes only SafeNet and Remote IO link communication protocols. Other protocols will be added.
6.23 Universal Safety I/O
In Safety Manager R151.4 the Universal Safety I/O does not automatically accept communication infrastructure changes that affect Time synchronization. The Universal Safety I/O module must be power cycled after a change in delay is made for example when a switch level is added. Both Remote IO links require the same number of switches and only tolerate 10 km difference in fiber length.
6.24
Universal Safety I/O HART enabled devices (1-RJUE1R)
The HART enabled device connected to a Universal Safety IO/Universal Safety Logic Solver analog output channel can only be serviced if the analog output channel is forced.
6.25 Export to UNISIM
The UNISIM product is used to simulate the application of Safety Manager.
To transfer correct information from Safety Manager to UNISIM the option Export to Unisim must be used
Since Release SM R14x Safety Manager supports Smoke & Heat detectors. An extra property (‘Boolean Property Output” has been introduced. The Smoke & Heat detectors of Safety Manager R140 is fully supported by UNISIM R400 or Higher
UNISIM supports FLD Intellectual Property Protection.
Safety Manager R151.4 UNISIM export format is fully supported as of UNISIM R430
6.26 Sheet difference reported for FLDs containing Equation block
When performing an On-line software upgrade from a release older than R145.1 a sheet having an Equation block are reported on the sheet difference report, and can be ignored.
6.27 Un-expected points reported in OLM report
(1-NBCUL6, 1-T5AGKA, 1-SJCNHR 1-POSKKA)
With Safety Manager R151.1 the Float rounding routine is updated due to Implementation of Universal Safety Logic Solver.
This means when migrating from Safety Manager R150.1 (and older) to Safety Manager R151.4 and FLD containing constants of type Float e.g. Float Constants, Equation Blocks can get rounded differently. This result in FLD’s reported in OLM report.
When R150.1 application is migrated on-line to Safety Manager R151.4 more Functional Logic Diagrams (FLDs) may be reported as different as expected. This is caused by a minor execution time difference of these FLDs running on the different firmware versions. It is recommended to validate the reported FLDs. The differences do not exist for R140.x and R145.x applications migrated to Safety Manager R151.4.
6.28 Universal Safety Logic Solver does not make use of power up values.
(1-U0U6RX)
Configured power-up values of Register, counter and flip-flops are not applied in FLD’s running on the Universal Safety Logic Solver.
6.29 Process Values clamped at bottom scale (1-28YYZQ6)
With Safety Manager R151.2 the Process Value of analog input signals communicated with external devices (e.g. PCDI) is clamped at bottom scale.
Some customers based the design philosophy on the incorrect behavior for chassis IO AI and the peer could detect a BADPV without the use of loop diagnostic signals. With Safety Manager R151.2 this behavior is corrected. AI values are now clamping at Bottom scale.
6.30 Known anomalies
This section provides an overview of the not yet resolved problems with high priority reported by customers and confirmed to be an issue with Safety Manager R151.4
PAR# Abstract
1-PJOJWJ Migration of Safety Manager R145 database to Safety Manager R151 takes very long time.
1-TGE3XF Reported SM alarms remain active even after CP1/CP2 set to IDLE & RUN and ALM condition reset.
1-TY8121 Universal Safety IO fault reaction value not shown application viewer when the channel is forced (maintenance override active).
1-U9BLGJ Plant Copy from one to another project not possible if the Windows language set is different.
1-US08LI Duplicated block names can be configured in the Experion properties of the FLD. 1-11AX57Q If tags are built with the same name in two SM applications and you load and
publish the tags, the duplicate CDA tag of the first loaded SM application will be deleted without any warning while even when “delete all before update” was not chosen.
1-11L2JJ1 The point database cannot be exported due to markers allocated to a non existing sheet.
7
Annex A: Contents of Release
7.1
Software Version Identification
Honeywell components Component Version Safety Manager R151.4 V214 Safety Processor 151.4.0.214 COM boot 151.4.0.214 COM system 151.4.0.214 RIO 151.4.0.214 Component CRC
Safety Manager R151.4 embedded software 0x4917D415 Honeywell Experion components
Component Version
FSC_Fault.txt 151.4.0.214
FSC_Module.txt 151.4.0.214
Honeywell Safety Manager Tools
Component Version
SafeNet Timeout Estimator R151.1
Safety Manager to Experion Converter 2.72 Safety Manager to Safety Historian Converter
version 0.0063
Knowledge Builder
Honeywell components
Component Version
KB_Client 4.8.0.5
Third party components
Component Version
Acrobat Reader for Windows 10 En_US
Microsoft XML parser 6.0
Microsoft .Net Framework 3.5 ( integrated with
Windows 7)
Microsoft Windows Server 2008 R2
7 Ultimate 7 Professional 7 Enterprise
7.2
Files in Package
Safety Manager R151.4 deployment unit contains following items.
Name Folder
SM R151.4 SCN.pdf Root
0x0409.ini Root
ISSetup.dll Root
Safety Manager.msi Root
setup.exe
Root Setup.ini Root splash.bmp Root WindowsInstaller-KB893803-x86.exe Root CRC.INI embedded software.binFormat.xml, IntermediateStructure.xml, Metadata.xml, Types.xml pefu1.sym,
safetybuilder.chm, SafetyBuilder.exe SBExport_Schema.xsd
FSCad.bpl, FSCLib.bpl
Honeywell.Com.ECI.DataContracts.dll, ECIClient.dll, ECICommon.dll VCompile.bpl, VConfCA.bpl, VConfCC.bpl, VConfVar.bpl
VCore.bpl, VECI.bpl, VImEx.bpl, VIntf.bpl, VLib.bpl, VLibBP.bpl VLibD.bpl, VLibUI.bpl, VMigrate.bpl, VOnline.bpl, VShell.bpl VViewSts.bpl, VViewVar.bpl Program files CATemplate.mdb CCTemplate.mdb DiagnosticsTemplate.mdb Program files\Templates
Safety Manager Tools Tools
User Assistance Documentation (UAD) User_Assistance
Safety Manager R151.4 Experion components.msi Experion_Components
8
Notices and Trademarks
© Honeywell International Inc. 2014. All Rights Reserved.
While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied warranties of merchantability and fitness for a purpose and makes no express warranties except as may be stated in its written agreement with and for its customer.
In no event is Honeywell liable to anyone for any indirect, special or consequential damages. The information and specifications in this document are subject to change without notice.
Experion, TotalPlant, TDC 3000 and Universal Control Network are U.S. registered trademarks of Honeywell Inc.
PlantScape is a trademark of Honeywell International Inc.
FSC and QMR are trademarks of Honeywell Safety Management Systems. Other brand or product names are trademarks of their respective owners.
Honeywell International Process Solutions
1860 West Rose Garden Lane Phoenix, AZ, 85027, USA +1 800-822-7673
