The Cpus 41Xh For Fail-Safe And Fault-Tolerant Controllers (F/Fh Systems) - Siemens SIMATIC S7-400 Configuration And Use Manual

CPUs of the S7-400
2.9 The CPUs 41xH for Fail-safe and Fault-tolerant
Controllers (F/FH Systems)
Introduction
Fail-safe S7 F/FH systems are used in process engineering and instrumentation
and control systems in which a safe state can be attained by switching off the
fail-safe outputs.
S7-400F Automation System
An S7-400F system consists of a fail-safe capable CPU such as CPU 417-4 H that
can run a fail-safe user program
S7-400FH Automation System
An S7-400FH system consists of a fault-tolerant S7 400H system (master and
standby) running a fail-safe user program
An S7-400FH automation system is built with S7-400H CPUs. You increase the
availability by implementing a redundant power supply, CPU, communication and
I/O.
Safety Requirements
Fail-safe S7 F/FH Systems can satisfy the following safety requirements:
• Requirement class AK1 to AK6 in accordance with DIN V 19250/DIN V VDE
0801
• Safety class (Safety Integrity Level) SIL1 to SIL3 in accordance with IEC 61508
• Category 2 to Category 4 in accordance with EN 954--1
Principle of Safety Functions
Functional safety is implemented principally through safety functions in the
software. Safety functions are executed by the fail-safe S7 F/FH system to place
or maintain the system in a safe state in case of a dangerous occurrence.The
safety function for the process can be provided through a user safety function or a
fault reaction function. In the event of a fault, if the F-system can no longer execute
its actual user safety function, it executes the fault reaction function. For example,
the associated outputs are deactivated, and the safety program or parts of the
safety programm are disabled, if necessary.
2-20
Automation System S7-400 Configuration and Use
A5E00442711-02