Input Voltage: Typically accepts a wide-range AC or DC input, such as 85-264V AC or 88-300V DC, to accommodate various global plant power standards.
Output Voltage: Provides a stabilized and filtered 24V DC output to power the HIQuad backplane and all installed modules.
Output Power/Current: Rated for a specific power output (e.g., 240W, 480W) to support fully populated controller chassis with all modules under load.
Redundancy Support: The HIMA F7126 is designed to be used in redundant (1oo2) configurations. Two modules can be installed in a single chassis, with one actively powering the system and the other in hot standby. Automatic switchover occurs upon failure of the active unit.
Diagnostics & Monitoring: Features comprehensive monitoring of:
Input voltage presence and status.
Output voltage level and stability.
Module temperature.
Load sharing status (in redundant mode).
Failure of the active unit.
Status is communicated via relay contacts (e.g., “Power OK”, “Failure”) and/or over the system backplane to the CPU.
Protection Features: Includes standard protections such as overload protection, short-circuit protection, and overtemperature protection to safeguard both the supply and the downstream controller.
Efficiency & Cooling: High efficiency design to minimize heat generation. May include integrated fans or be convection cooled, depending on the power rating.
Certifications: Certified for use in safety-related systems and complies with relevant EMC and safety standards (e.g., ATEX/IECEx for certain versions).
Form Factor: A slot-in module designed for the HIQuad system chassis.
Number of Channels: Typically 4 or 8 channels per module.
Contact Rating: Typically 2A @ 230V AC or 24V DC, suitable for direct switching of solenoids and small contactors.
Diagnostic Coverage (SFF): High, suitable for Safety Integrity Level (SIL) 3 applications as per IEC 61508.
Key Safety Feature: Incorporates mechanically forced-guided (or “positively driven”) relays. The contacts are mechanically linked so that if a normally-open (NO) contact welds shut, the corresponding normally-closed (NC) diagnostic contact is guaranteed to remain open, allowing the module’s internal circuitry to detect the fault.
Diagnostics: Continuous monitoring for relay coil faults, contact welding (via the forced-guided principle), wire break on the output circuit, and internal module health.
Certifications: Compliant with IEC 61508, IEC 61131-2, and other relevant standards for functional safety.
Module Type: Communication / Interface Module for Safety Systems.
Compatible Systems: Designed for integration with HIMA safety controllers such as those in the HIMax or HIQuad series.
Primary Function: Acts as a protocol gateway and data concentrator. It reads data from the safety controller’s backplane and makes it available to external systems via standard industrial protocols.
Supported Communication Protocols: Commonly supports widely used protocols for integration, which may include:
Modbus TCP/IP (for Ethernet-based SCADA, DCS, and HMI connectivity).
Modbus RTU (for serial communication).
OPC (DA/UA) for connection to historians and advanced visualization systems.
HIMA’s proprietary protocols for peer-to-peer communication between safety systems.
Data Mapping: Allows configuration of data points (process values, diagnostics, system status) from the safety controller to be mapped to registers or tags in the external protocol.
Interface Ports: Typically features physical ports such as RJ45 Ethernet and/or serial ports (RS-232/485).
Safety Integrity: While not executing safety logic itself, the module is designed for use in safety systems. It operates in the non-safety domain but is built to high reliability standards to ensure communication availability without affecting the safe operation of the controller.
Diagnostics: Includes self-diagnostic capabilities and status indicators (LEDs) to monitor communication link health and module operation.
Configuration: Configured using HIMA’s engineering software suite (e.g., Safety-Editor or dedicated configurators).
System Compatibility: HIMA F3x Series I/O System, compatible with HIMA safety controllers like HIQuad X, HIMax, etc.
Function: Digital Input Module for Safety Applications.
Number of Channels: Typically 8 or 16 channels per module (varies by specific sub-variant).
Input Type: Configurable for NAMUR sensors (IEC 60947-5-6) or dry contact (volt-free) signals.
Diagnostic Coverage (SFF): High (>90%), supporting use in Safety Integrity Level (SIL) 3 applications as per IEC 61508.
Diagnostics: Includes continuous monitoring for wire breaks, short-circuits to ground/power, cross-channel faults, and internal module faults.
Safe State Definition: Configurable per channel for fault behavior (e.g., can be set to 0 or 1 in case of a detected fault).
Certifications: Compliant with major international standards including IEC 61508, IEC 61131-2, and ATEX for use in hazardous areas (with appropriate barriers).
Safety Standards: Certified according to IEC 61508:2010 and IEC 61511:2016 for use in SIL 3 and SIL 4 applications. Also certified by TÜV and other global agencies.
Architecture: Based on a single-channel architecture with extensive internal self-testing and diagnostics. The HIMax system achieves high safety through advanced diagnostics rather than hardware redundancy at the CPU level, though the system supports redundant CPU configurations for higher availability.
Processor & Performance: Features a powerful microprocessor optimized for deterministic execution of safety logic. It provides predictable scan times suitable for fast-acting safety functions.
Memory: Equipped with fault-secure memory (RAM and Flash) with error detection and correction (ECC). The memory stores the safety application, operating system, and configuration data.
Diagnostics (Key Feature): Incorporates Continuous Functional Monitoring (CFM). This includes extensive periodic and non-periodic self-tests of the CPU, memory, and internal buses during runtime to detect over 99% of dangerous failures.
Communication Interfaces:
System Bus: Connects to the HIMax backplane for communication with I/O and communication modules.
Ethernet Port(s): For engineering (programming/troubleshooting), connection to HMIs, and system networking (e.g., via HIMA’s SAFEmine or other protocols).
Programming: Programmed using HIMA’s Safety-oriented Programming Languages, which are constrained versions of IEC 61131-3 (like F-FBD, F-LD, F-ST) within the Safety-Editor engineering software to prevent unsafe coding practices.
Operating Temperature: Designed for industrial control panel environments, typically 0°C to 60°C.
Module Type:Triple Modular Redundant (TMR) Controller / Processor Module (one channel of a three-channel system).
Architecture: Functions as one node in a 3-channel fault-tolerant controller. Three T8442 modules (or equivalents) operate in parallel, synchronously executing the same application logic.
Processing Core: Incorporates a high-performance microprocessor, often with built-in floating-point capabilities, to execute complex safety logic and regulatory control algorithms with deterministic scan times.
Memory: Contains significant onboard RAM and Flash memory for the application program, operating system, and data. Memory is typically error-correcting code (ECC) protected.
Synchronization: Utilizes a high-speed, dedicated synchronization bus to maintain microsecond-level synchronization with the other two controller modules in the TMR set, ensuring all three channels process data identically.
Voting: Participates in continuous 2-out-of-3 (2oo3) hardware and software voting on inputs, intermediate data, and final outputs with the other two channels to detect and mask failures.
Communication: Integrates with the Trusted backplane to communicate with TMR I/O modules (like the T8314, T8293) and communication modules (like the T8151B). Supports peer-to-peer communication with other Trusted systems.
Diagnostics: Features comprehensive, continuous built-in self-test (BIST) routines that check the processor, memory, and internal buses. Faults are reported to the system’s diagnostic supervisor.
Safety Certification: Certified for use in Safety Integrity Level 3 (SIL 3) applications per IEC 61508/61511 standards.
Form Factor: A single-slot module designed for installation in the primary controller slots of a Trusted TMR chassis.
Input: Accepts digital command signals from the TMR processors (via backplane).
Output: Typically provides a high-current drive output (e.g., ±200 mA or similar) for direct connection to servo valve coils.
Feedback Monitoring: Includes dedicated channels for monitoring Linear Variable Differential Transformer (LVDT) or other position feedback signals from the actuator.
Diagnostics: Comprehensive continuous diagnostics for coil integrity (open/short circuit), feedback signal validity, and module hardware health.
Fault Tolerance: Full TMR architecture; operates in a 2-out-of-3 voting configuration to tolerate any single fault.
Response Time: Engineered for very high-speed, deterministic response suitable for fast control loops.
Certifications: Designed for use in safety systems meeting rigorous standards like IEC 61508, capable of supporting SIL 3 applications.
