Manual

HIQuad® X
System Manual
All of the HIMA products mentioned in this manual are trademark protected. This also applies for other
manufacturers and their products which are mentioned unless stated otherwise.
HIQuad®, HIQuad®X, HIMax®, HIMatrix®, SILworX®, XMR®, HICore® and FlexSILon® are registered
trademarks of HIMA Paul Hildebrandt GmbH.
All of the technical specifications and information in this manual were prepared with great care and effective
control measures were employed for their compilation. For questions, please contact HIMA directly. HIMA
appreciates any suggestion on which information should be included in the manual.
Equipment subject to change without notice. HIMA also reserves the right to modify the written material
without prior notice.
All the current manuals can be obtained upon request by sending an e-mail to: [email protected].

© Copyright 2018, HIMA Paul Hildebrandt GmbH

All rights reserved.

Contact
HIMA Paul Hildebrandt GmbH
P.O. Box 1261
68777 Brühl
Phone: +49 6202 709-0
Fax: +49 6202 709-107
E-mail: [email protected]

Document designation Description

HI 803 210 D, Rev. 1.01 (1844) German original document

HI 803 211 E, Rev. 1.01.00 (1847) English translation of the German original document

HI 803 211 E Rev. 1.01.00 (1847)

System Table of Contents

Table of Contents
1 Introduction 7
1.1 Structure and Use of the Document 7
1.2 Target Audience 7
1.3 Writing Conventions 8
1.3.1 Safety Notices 8
1.3.2 Operating Tips 9
1.4 Safety Lifecycle Services 10
2 Safety 11
2.1 Intended Use 11
2.1.1 Application in Accordance with the De-Energize to Trip Principle 11
2.1.2 Application in Accordance with the Energize to Trip Principle 11
2.1.3 Use in Fire Alarm Systems 11
2.1.4 Explosion Protection 11
2.2 ESD Protective Measures 12
2.3 Residual Risk 12
2.4 Safety Precautions 12
2.5 Emergency Information 12
3 Concept for HIQuad X 13
3.1 Safety and Availability 13
3.2 Concept for HIQuad H51X 14
3.2.1 The H51X Mono System 15
3.2.2 The H51X Redundancy System 17
3.3 Concept for HIQuad H41X 20
3.3.1 The H41X Mono System 21
3.3.2 The H41X Redundancy System 23
3.4 Extension Rack 25
3.5 Ventilation Concept 26
3.5.1 Measures for Reducing the Temperature 26
3.5.2 Engineering Support 26
3.5.2.1 Installing the HIQuad X System in the Control Cabinet 26
3.5.2.2 Heat Dissipation 28
3.5.2.3 Installation Type 28
3.5.2.4 Natural Convection 28
3.5.2.5 Note on the Standard 28
4 Product Description 29
4.1 Backplane 29
4.2 19-Inch Frame 29
4.2.1 H51X Backplane 31
4.2.1.1 Supply of the H51X Base Rack 31
4.2.1.2 Buffered Voltage for LS1+ and LS2+ in F-PWR 02 Buffer Modules 32
4.2.1.3 5 V Power Supply for Extension Racks 32
4.2.1.4 Signaling Relay for F-PWR 02 Buffer Module, XG6 32
4.2.2 H41X Backplane 33
4.2.2.1 Supply of the H41X Base Rack 33

HI 803 211 E Rev. 1.01.00 Page 3 of 110

Table of Contents System

4.2.2.2 5 V Power Supply for Extension Racks 34

4.2.2.3 24 V Auxiliary Voltages for I/O Modules and I/O Processing Module 35
4.2.3 Extension Rack Backplane 36
4.2.4 Temperature Monitoring 37
4.3 Power Supply 38
4.3.1 Mono H51X Base Rack (24 VDC) 41
4.3.2 Redundant H51X Base Rack (24 VDC) 42
4.3.3 Redundant H51X Base Rack and I/O Level (24 VDC) 43
4.3.4 H51X Base Rack (24 VDC) I/O Level via F-PWR 02 Buffer Modules (Optional) 44
4.3.5 Mono H41X Base Rack (24 VDC) 45
4.3.6 Redundant H41X Base Rack (24 VDC) 46
4.3.7 24 V Distribution for HIQuad X 47
4.3.7.1 5 V Distribution for HIQuad X 48
4.3.7.2 5 VDC Distribution for H51X 48
4.3.7.3 5 VDC Distribution for H41X 50
4.3.8 5 VDC Additional Power Supply (H51X) 51
4.4 System Bus 51
4.5 I/O Bus 52
4.6 I/O Watchdog (WD) 52
4.7 Modules 53
4.8 F-CPU 01 Processor Module 53
4.8.1 Operating System 53
4.8.1.1 General Cycle Sequence 53
4.8.1.2 Operating System States 53
4.8.2 Behavior in the Event of Faults 56
4.9 F-IOP 01 I/O Processing Module 57
4.10 F-COM 01 Communication Module 57
4.11 I/O Modules 58
4.11.1 Scope of Application of the I/O Modules 58
4.11.2 Mounting Position 58
4.12 Noise Blanking 59
4.12.1 Effects of Noise Blanking 59
4.12.2 Configuring Noise Blanking 59
4.12.3 Noise Blanking Sequence 60
4.12.4 Effective Direction of Noise Blanking 62
4.12.4.1 Effective Direction from the Input Module to the Processor Module (3) 62
4.12.4.2 Effective Direction from the Processor Module to the Output Module (4) 62
4.12.4.3 Effective Direction from the Processor Module to the Output Module (7) 62
4.13 Communication 63
4.13.1 Licensing 63
4.14 Connecting the PADT to the System 63
4.15 Licensing 64
5 Redundancy 65
5.1 Processor Module Redundancy 65
5.1.1 Reducing Redundancy 65
5.1.2 Increasing Redundancy 65

Page 4 of 110 HI 803 211 E Rev. 1.01.00

System Table of Contents

5.2 Redundancy of I/O Modules 65

5.2.1 Module Redundancy 66
5.2.2 Channel Redundancy 66
5.3 System Bus Redundancy 66
5.4 Communication Redundancy 66
5.4.1 safeethernet 66
5.4.2 Standard Protocols 66
6 Programming 67
6.1 Using Variables in a Project 67
6.1.1 Variable Types 68
6.1.2 Initial Value 68
6.1.3 System Variables and System Parameters 69
6.1.3.1 Resource System Parameters 70
6.1.3.2 Use of the Parameters Target Cycle Time and Target Cycle Time Mode 73
6.1.3.3 Maximum Communication Time Slice 74
6.1.3.4 Calculating the Maximum Duration of Configuration Connections [ms] 75
6.1.3.5 The Minimum Configuration Version Parameter 76
6.1.3.6 Rack System Variables 77
6.1.3.7 Locking and Unlocking the Resource 81
6.2 Forcing 82
6.2.1 Time Limits 83
6.2.2 Restricting the Use of Forcing 83
6.2.3 Force Editor 83
6.2.4 Automatic Forcing Reset 84
6.2.5 Forcing and Scalar Events 84
6.3 Cycle Sequence 84
6.4 User Management 85
6.4.1 PADT User Management 85
6.4.2 PES User Management 86
6.4.3 Default User 86
6.4.4 Setting up PES User Accounts 88
7 Diagnostics 89
7.1 Light Emitting Diodes 89
7.2 Diagnostic History 89
7.2.1 Diagnostic Messages 90
7.3 Online Diagnosis 91
8 Product Data, Dimensioning 93
8.1 Environmental Conditions 93
8.2 Dimensioning 93
9 Lifecycle 94
9.1 Installation 94
9.1.1 Mechanical Structure 94
9.1.2 Connecting the Field Level 94
9.1.3 Grounding 94
9.1.3.1 CE-Compliant Structure of the Control Cabinet 95
9.1.3.2 Surges on Digital Inputs 95

HI 803 211 E Rev. 1.01.00 Page 5 of 110

Table of Contents System

9.1.4 Grounding Connectors 96

9.1.5 Grounding and Shielding Concept of HIMA Control Cabinets 98
9.1.6 Grounding Several Control Cabinets 99
9.1.7 Ungrounded Operation 99
9.1.8 Grounded Operation 99
9.1.9 Shielding within the Input and Output Areas 100
9.1.10 Lightning Protection for Data Lines in HIMA Communication Systems 100
9.1.11 Cable Colors 100
9.1.12 Connecting the Supply Voltage 100
9.2 Start-Up 101
9.2.1 Starting up the Control Cabinet 101
9.2.1.1 Test of All Inputs and Outputs 101
9.2.1.2 Voltage Connection 101
9.2.2 Starting up the PES with Processor Modules (F-CPU 01) 101
9.2.2.1 Faults 102
9.3 Maintenance and Repairs 103
9.3.1 Connecting the Power Supply after a Service Interruption 103
9.3.2 Connecting the Redundant Power Supply 103
9.3.3 Loading Operating Systems 103
10 HIQuad X Documentation 104
Appendix 105
Glossary 105
Index of Figures 106
Index of Tables 107
Index 108

Page 6 of 110 HI 803 211 E Rev. 1.01.00

System Introduction

1 Introduction
This manual describes the configuration and mode of operation of the safety-related
programmable electronic system HIQuad X. The system is designed for safety-related
applications up to SIL 3 (IEC 61508), PL e (EN ISO 13849) and for high availability.
HIQuad X can be used for various control tasks within the process and factory automation
industry, in particular in process facilities.

1.1 Structure and Use of the Document

This system manual is composed of the following main chapters:
Introduction Introduction to this manual.
Safety Information on how to safely use the HIQuad X system.
Concept for HIQuad X Concept of the innovative high-performance HIQuad X
system.
Product description Structure of the HIQuad X system.
Redundancy Options for increasing availability.
Programming Important instructions on how to create a user program.
Diagnostics Summary of the diagnostic options.
Product Data, Specifications related to the entire system. Specifications for
Dimensioning the individual components are included in the corresponding
manual.
Lifecycle Phases of a HIQuad X system lifecycle:
 Installation
 Start-up
 Maintenance and repairs
HIQuad X Documentation Overview of the documentation:
Appendix  Glossary
 Index of tables and index of figures
 Index

1.2 Target Audience

This document is aimed at the planners, design engineers and programmers of automation
systems as well as the persons authorized to start up, operate and maintain the devices and
systems concerned. Specialized knowledge of safety-related automation systems is required.
All specialist staff (planning, installation, start-up) must be instructed concerning the risks and
the associated possible consequences which can arise as a result of modifications to a safety-
related automation system.
Planners and configuration engineers must have additional knowledge about the selection and
use of electrical and electronic safety systems in automated plants, e.g., to prevent improper
connections or faulty programming.
The operator is responsible for qualifying the operating and maintenance personnel and
providing them with appropriate safety instructions.
Only staff members with knowledge of industrial process measurement and control, electrical
engineering, electronics and the implementation of PES and ESD protective measures may
modify or extend the system wiring.

HI 803 211 E Rev. 1.01.00 Page 7 of 110

Introduction System

1.3 Writing Conventions

To ensure improved readability and comprehensibility, the following writing conventions are
used in this document:
Bold To highlight important parts.
Names of buttons, menu functions and tabs that can be clicked and used
in the programming tool.
Italics Parameters and system variables, references.
Courier Literal user inputs.
RUN Operating states are designated by capitals.
Chapter 1.2.3 Cross-references are hyperlinks even if they are not specially marked.
In the electronic document (PDF): When the cursor hovers over a
hyperlink, it changes its shape. Click the hyperlink to jump to the
corresponding position.

Safety notices and operating tips are specially marked.

1.3.1 Safety Notices

Safety notices must be strictly observed to ensure the lowest possible risk.
The safety notices are represented as described below.
 Signal word: warning, caution, notice.
 Type and source of risk.
 Consequences arising from non-observance.
 Risk prevention.

The signal words have the following meanings:

 Warning indicates hazardous situations which, if not avoided, could result in death or serious
injury.
 Caution indicates hazardous situation which, if not avoided, could result in minor or
moderate injury.
 Notice indicates a hazardous situation which, if not avoided, could result in property damage.

SIGNAL WORD
Type and source of risk!
Consequences arising from non-observance.
Risk prevention.

NOTICE
Type and source of damage!
Damage prevention.

Page 8 of 110 HI 803 211 E Rev. 1.01.00

System Introduction

1.3.2 Operating Tips

Additional information is structured as presented in the following example:

The text giving additional information is located here.

i
Useful tips and tricks appear as follows:

TIP The tip text is located here.

HI 803 211 E Rev. 1.01.00 Page 9 of 110

Introduction System

1.4 Safety Lifecycle Services

HIMA provides support throughout all the phases of the plant's safety lifecycle, from planning
and engineering through commissioning to maintenance of safety and security.
HIMA's technical support experts are available for providing information and answering
questions about our products, functional safety and automation security.
To achieve the qualification required by the safety standards, HIMA offers product or customer-
specific seminars at HIMA's training center or on site at the customer's premises. The current
seminar program for functional safety, automation security and HIMA products can be found on
HIMA's website.

Safety Lifecycle Services:

Onsite+ / On-Site In close cooperation with the customer, HIMA performs changes or
Engineering extensions on site.
Startup+ / Preventive HIMA is responsible for planning and executing preventive
Maintenance maintenance measures. Maintenance actions are carried out in
accordance with the manufacturer's specifications and are
documented for the customer.
Lifecycle+ / Lifecycle As part of its lifecycle management processes, HIMA analyzes the
Management current status of all installed systems and develops specific
recommendations for maintenance, upgrading and migration.
Hotline+ / 24 h HIMA's safety engineers are available by telephone around the clock
Hotline to help solve problems.
Standby+ / 24 h Call- Faults that cannot be resolved over the phone are processed by
Out Service HIMA's specialists within the time frame specified in the contract.
Logistics+/ 24 h HIMA maintains an inventory of necessary spare parts and
Spare Parts Service guarantees quick, long-term availability.

Contact details:
Safety Lifecycle https://www.hima.com/en/about-hima/contacts-worldwide/
Services
Technical Support https://www.hima.com/en/products-services/support/
Seminar Program https://www.hima.com/en/products-services/seminars//

Page 10 of 110 HI 803 211 E Rev. 1.01.00

System Safety

2 Safety
All safety information, notes and instructions specified in this manual must be strictly observed.
The product may only be used if all guidelines and safety instructions are adhered to.
For further information on safety, observe the instructions provided in the HIQuad X safety
manual (HI 803 209 E).

2.1 Intended Use

This chapter describes the intended use of the safety-related automation system HIQuad X.
The automation system is designed for controlling and regulating industrial process plants.
SILworX, HIMA's programming tool, is used for programming, configuring, monitoring, operating
and documenting the HIQuad X system.

2.1.1 Application in Accordance with the De-Energize to Trip Principle

The HIQuad X system is designed in accordance with the de-energize to trip principle.
If a fault occurs, a system operating in accordance with the de-energize to trip principle enters
the de-energized state to perform its safety function.

2.1.2 Application in Accordance with the Energize to Trip Principle

The HIQuad X system can also be used in applications that operate in accordance with the
energize to trip principle.
A system operating in accordance with the energize to trip principle switches on, for instance,
an actuator to perform its safety function.
When designing the automation system, the requirements specified in the application standards
must be taken into account. For instance, line monitoring (SC/OC) for inputs and outputs or
message reporting a triggered safety function may be required.
If the components are defective, the de-energized state is entered irrespective of whether the
system is operating in accordance with the energized to trip or with the de-energized to trip
principle.

2.1.3 Use in Fire Alarm Systems

The HIQuad X systems with analog inputs are tested and certified for use in fire alarm systems
in accordance with DIN EN 54-2 and NFPA 72.
The conditions of use provided in this manual must be observed, see also the HIQuad X safety
manual (HI 803 209 E).

2.1.4 Explosion Protection

The HIQuad X automation system is suitable for mounting in zone 2.

The conditions of use provided in the HIQuad X safety manual (HI 803 209 E) must be
observed.

HI 803 211 E Rev. 1.01.00 Page 11 of 110

Safety System

2.2 ESD Protective Measures

Only personnel with knowledge of ESD protective measures may work on the HIQuad X
system.

NOTICE
Damage to the HIQuad X system due to electrostatic discharge!
 When performing the work, make sure that the workspace is free of static, and wear a
grounding strap.
 If not used, ensure that the modules are protected from electrostatic discharge, e.g.,
by storing them in their packaging.

2.3 Residual Risk

No imminent risk results from a HIMA system itself.
Residual risk may result from:
 Faults related to engineering.
 Faults in the user program.
 Faults related to the wiring.

2.4 Safety Precautions

Observe all local safety requirements and use the protective equipment required on site.

2.5 Emergency Information

A HIMA system is a part of the safety equipment of a plant. If the controller fails, the system
enters the safe state.
In case of emergency, no action that may prevent the HIMA system from operating safely is
permitted.

Page 12 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

3 Concept for HIQuad X

HIQuad X is an innovative, high-performance automation system that is based on the existing
HIQuad system. SILworX, HIMA's tried and tested programming tool, is used for programming,
configuring, monitoring, operating and documenting HIQuad X. All HIMA programmable
systems are thus future-proof and operated with just one programming tool. Additionally,
HIQuad X supports already existing HIQuad I/O modules.
H51X and H41X, the HIQuad X system families, can be equipped with identical modules and
have the following differences:
HIQuad H51X HIQuad H41X
Structure Modular Modular
Base rack 1 (without I/O modules) 1 (with a maximum of 12 I/O
modules)
Extension rack Max. 16 Max. 1
Processor module (F-CPU 01) 1 or 2 1 or 2
I/O processing module 1 in each extension rack 1 in the base rack
(F-IOP 01) 1 in the extension rack
Communication module A maximum of 10 in the A maximum of 2 in the base rack
(F-COM 01) base rack
I/O modules in each extension 16 16
rack
Total number of I/O modules Max. 256 Max. 28
Table 1: Differences of HIQuad H51X Compared to H41X

The H51X and H41X system families can be equipped with digital and analog I/O modules. For
details, refer to Chapter 4.9.
The I/O processing module (F-IOP 01) uses the I/O bus to interconnect the I/O modules within
one rack. The F-IOP 01 module safely communicates with the processor modules via one or
two system buses, see Figure 2 and Figure 4.

3.1 Safety and Availability

The HIQuad X systems are designed for safety-related applications operating in accordance
with the energize to trip and de-energize to trip principles up to SIL 3 in accordance with
IEC 61508. Additionally, the HIQuad X system complies with the standards specified in the
certificates.
Refer to the HIQuad X safety manual (HI 803 209 E) and certificates for the standards used to
test the HIQuad X system.
For safety-related application up to SIL 3, the base racks must be equipped with the safety-
related processor modules (F-CPU 01). The safety-related processor module (F-CPU 01)
features a 1oo2 processor system. The 1oo2 processor system includes two microprocessors
that continuously align their data.
Safety-related HIQuad I/O modules can be used to connect to the field level, see Chapter 4.9.
I/O modules and processor modules exchange data via safety-related I/O processing modules
(F-IOP 01) with integrated 1oo2 processor system.
Additional non-safety-related I/O modules can be used for non-safety-related applications.
Depending on the required safety and availability, the H51X and H41X system families can be
structured as mono or redundancy systems, see the following chapters.

HI 803 211 E Rev. 1.01.00 Page 13 of 110

Concept for HIQuad X System

3.2 Concept for HIQuad H51X

The H51X system family has a modular structure which includes an H51X base rack and up to
16 extension racks. The H51X base rack (F-BASE RACK 01) can be equipped as shown in
Figure 1.
The communication modules are connected to the processor modules via two system buses (A
and B) in a point-to-point connection. The processor module in slot 8 controls and monitors
system bus A whereas the processor module in slot 10 controls and monitors system bus B.
During redundant operation, the two processor modules align their data.
The RJ-45 interfaces on the rear side of the base rack are used to connect the extension racks
to the processor modules. An I/O processing module (F-IOP 01) must be used in the extension
rack to connect the system buses to the I/O bus, see Figure 2 and Figure 4.

System bus interfaces on the rear side of the base rack

Figure 1: H51X Base Rack Completely Assembled

Page 14 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

3.2.1 The H51X Mono System

Thanks to the use of safety-related modules (I/O modules, the I/O processing module and a
processor module), the HIQuad H51X system can ensure safety-related signal processing in
accordance with SIL 3 already when operating in a mono structure, see Figure 2.

Figure 2: Example of Safe H51X Mono Operation (1oo2)

The input modules of the HIQuad H51X system safely record the values measured by sensors.
Data is exchanged with the processor module via the I/O processing module. The measured
values are cyclically queried by the processor module and processed by the user program. The
user program's results are sent to the I/O processing module, which writes them to the output
modules. The output modules thus control the field level, e.g., the actuators.
During mono operation, the signal is forwarded by the processor module in slot 8 via system
bus A.
Figure 3 shows the example of an H51X mono system with system bus A. Up to 16 extension
racks can be connected to the system bus in any UP loop, DOWN loop, or UP and DOWN loop.
The extension racks are interconnected with system bus A via the I/O processing module, see
the F-IOP 01 manual (HI 803 219 E).
If the system bus connection is interrupted in a mono system, all I/O modules located after the
interruption point are no longer available. After the interruption point, all output modules enter
the safety-related, de-energized state. As for the input modules, the failsafe initial values are
processed in the respective processor module.

HI 803 211 E Rev. 1.01.00 Page 15 of 110

Concept for HIQuad X System

System bus interfaces on the rear side of the base rack

Figure 3: Example of H51X Mono System

The rack IDs do not necessarily have to be arranged as described above, but they must be
unique.
To ensure a clearer overview, HIMA recommends the following:
 Arrange the rack IDs in accordance with Figure 3.
 Use red patch cables for system bus A if only system bus A is used.

Page 16 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

3.2.2 The H51X Redundancy System

During redundant operation with two processor modules, both system buses are used to
process the signals. This variant with redundant processor modules and system buses
increases the system's availability, see Figure 4. If a processor module fails, it automatically
enters the safe state and the redundant processor module maintains safe operation. The faulty
processor module must be replaced to ensure continued availability. The processor module can
be replaced while the system is operating.

Figure 4: Example of Safe H51X Redundant Operation (1oo2)

In contrast to mono operation, the entire design of a redundant system is intended to ensure
availability. Redundant input modules safely record the values measured by redundant sensors.
They exchange data with the processor modules via the safety-related I/O processing modules.
The measured values are cyclically queried and compared by the redundant processor
modules, and then processed by the user program. The user program's results are sent to the
I/O processing module, which writes them to the redundant output modules. The output
modules thus control the field level, e.g., the actuators. The example in Figure 4 shows a
redundant structure of field level and extension racks.

HI 803 211 E Rev. 1.01.00 Page 17 of 110

Concept for HIQuad X System

During redundant operation, the signal is processed via both system buses A and B. The
system buses A and B between the I/O processing modules are implemented in a patch cable.
Figure 5 shows the example of an H51X redundancy system with system buses A and B. Up to
16 extension racks can be connected to the system buses in a UP loop, DOWN loop, or UP and
DOWN loop. The extension racks are interconnected with system buses A and B via the I/O
processing module, see F-IOP 01 manual (HI 803 219 E).
The advantage of a redundancy system is that, if one system bus is disconnected, the system
can continue to operate via the redundant system bus. If an I/O processing module fails, all
output modules in the affected rack enter the safety-related, de-energized state. The failsafe
default values are transmitted for the input modules.

Page 18 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

System bus interfaces on the rear side of the base rack

Figure 5: Example of H51X Redundancy System

The rack IDs do not necessarily have to be arranged as described above, but they must be
unique.
To ensure a clearer overview, HIMA recommends the following:
 Arrange the rack IDs in accordance with Figure 5.
 Between the base rack and the first F-IOP module, use red patch cables for system bus A.
 Between the base rack and the first F-IOP module, use green patch cables for system bus B.

HI 803 211 E Rev. 1.01.00 Page 19 of 110

Concept for HIQuad X System

3.3 Concept for HIQuad H41X

The H41X system family has a modular structure which includes an H41X base rack and can be
additionally equipped with an extension rack. The additional extension rack can be used to
create a redundant I/O structure. The H41X base rack (F-BASE RACK 02) can be equipped as
shown in Figure 6.
The communication modules are connected to the processor modules via two system buses (A
and B) in a point-to-point connection. The processor module in slot 16 controls and monitors
system bus A whereas the processor module in slot 18 controls and monitors system bus B.
During redundant operation, the two processor modules align their data.
The RJ-45 system bus interfaces on the rear side of the base rack are used to connect the I/O
modules in the H41X base rack to the processor modules. An I/O processing module (F-IOP 01)
must be used in the H41X base rack to connect the I/O bus to the system buses. An I/O level
redundant to that in the base rack can be set up by integrating an additional extension rack in
the system bus connection of the H41X base rack.

System bus connection on the rear side I/O bus

of the base rack

Figure 6: H41X Base Rack Completely Assembled

The rack IDs for the HIQuad H41X system are fixed.
To ensure a clearer overview, HIMA recommends the following:
 Between the base rack and the first F-IOP module, use red patch cables for system bus A.
 Between the base rack and the first F-IOP module, use green patch cables for system bus B.

Page 20 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

3.3.1 The H41X Mono System

Thanks to the use of safety-related modules (I/O modules, the I/O processing module and a
processor module), the HIQuad H41X system can ensure safety-related signal processing in
accordance with SIL 3 already when operating in a mono structure, see Figure 7.

Figure 7: Example of Safe H41X Mono Operation (1oo2)

The input modules of the HIQuad H41X system safely record the values measured by sensors.
Data is exchanged with the processor module via the I/O processing module. The measured
values are cyclically queried by the processor module and processed by the user program. The
user program's results are sent to the I/O processing module, which writes them to the output
modules. The output modules thus control the field level, e.g., the actuators.
During mono operation, the signal is forwarded by the processor module in slot 16 via system
bus A.
Figure 8 shows the example of an H41X mono system with system bus A. An additional
extension rack can be connected to the system bus A. The extension rack is connected to the
H41X base rack via the I/O processing module and the system bus A, see F-IOP 01 manual
(HI 803 219 E).
If the system bus connection is interrupted in a mono system, all I/O modules located after the
interruption point are no longer available. After the interruption point, all output modules enter
the safety-related, de-energized state. As for the input modules, the failsafe initial values are
processed in the respective processor module.

HI 803 211 E Rev. 1.01.00 Page 21 of 110

Concept for HIQuad X System

System bus interfaces on the rear side of the base rack

Figure 8: Example of H41X Mono System

The rack IDs for the HIQuad H41X system are fixed.
To ensure a clearer overview, HIMA recommends the following:
 Use red patch cables for system bus A if only system bus A is used.

Page 22 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

3.3.2 The H41X Redundancy System

During redundant operation with two processor modules, both system buses are used to
process the signals. This variant with redundant processor modules and system buses
increases the system's availability, see Figure 9. If a processor module fails, it automatically
enters the safe state and the redundant processor module maintains safe operation. The faulty
processor module must be replaced to ensure continued availability. The processor module can
be replaced while the system is operating.

Figure 9: Example of Safe H41X Redundant Operation (1oo2)

In contrast to mono operation, the entire design of a redundant system is intended to ensure
availability. Redundant input modules safely record the values measured by redundant sensors.
They exchange data with the processor modules via the safety-related I/O processing modules.
The measured values are cyclically queried and compared by the redundant processor
modules, and then processed by the user program. The user program's results are sent to the
I/O processing module, which writes them to the redundant output modules. The output
modules thus control the field level, e.g., the actuators. The example in Figure 9 shows a
redundant structure of field level and extension rack.
During redundant operation, the signal is processed via both system buses A and B. The
system buses A and B between the I/O processing modules are implemented in a patch cable.

HI 803 211 E Rev. 1.01.00 Page 23 of 110

Concept for HIQuad X System

Figure 10 shows the example of an H41X redundancy system with system buses A and B. An
additional extension rack can be connected to the system buses. The extension rack is
connected to the H41X base rack via the I/O processing module and the system buses A and B,
see F-IOP 01 manual (HI 803 219 E).
The advantage of a redundancy system is that, if one system bus is disconnected, the system
can continue to operate via the redundant system bus. If one I/O processing module fails, the
I/O modules in the affected rack enter the safe state while the other rack is not impaired by this
failure.

System bus interfaces on the rear side of the base rack

Figure 10: Example of H41X Redundancy System

The rack IDs for the HIQuad H41X system are fixed.
To ensure a clearer overview, HIMA recommends the following:
 Between Sys A UP and the F-IOP module, use red patch cables for system bus A.
 Between Sys B UP and the F-IOP module, use green patch cables for system bus B.

Page 24 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

3.4 Extension Rack

The extension racks (F-BASE RACK 11) allow the HIQuad X system to be equipped with up to
265 I/O modules. The extension racks can be equipped with a maximum of 16 I/O modules to
be inserted in slots 1...16. The I/O processing module is used to connect the system buses to
the I/O bus.
The power distribution modules (F 7133) are used to fuse and distribute L+ and L- for the I/O
modules. The power distribution modules are interference-free. They are provided with fuse
monitoring and signal a failed fuse via contact and LED.
Figure 11 shows a fully equipped extension rack.

I/O bus

Figure 11: Extension Rack

HI 803 211 E Rev. 1.01.00 Page 25 of 110

Concept for HIQuad X System

3.5 Ventilation Concept

The high integration level of electronic components causes heat loss, which also depends on
the external load of the HIQuad X system. For this reason, ensure proper ventilation within the
control cabinet. Low ambient temperature increases the product life and the reliability of the
electronic components within the system.

3.5.1 Measures for Reducing the Temperature

Low ambient temperature increases the product life and the reliability of the electronic
components within the system. To reduce the temperature within the control cabinets, HIMA's
standard control cabinets are equipped with the following components:
 SK 3162 S air intake filters ensuring air supply within the control cabinet through the door.
The air intake filter should be used to prevent contaminants from entering the control
cabinets.
 Air exhaust through the cut-outs on top of the control cabinet.
 HIMA K 9202B cabinet fan for mounting on the top internal section of the control cabinet.
 M 7200/M 7202 ventilation tray for the air duct between the individual racks.
 K 9203A rack fan for forced cooling of the air from the racks.

3.5.2 Engineering Support

The power dissipation of the equipment within the cabinet is decisive for determining the fan
components. Uniform distribution of the heat load is assumed; the maximum temperature
increase is 25 °C.
The average heat dissipation of a HIMA standard cabinet achieved by convection, i.e., without
additional aids, is 300 W. This assumes installation of several cabinets next to each other and
with their rear side to the wall so that the heat can only be dissipated via the top of the cabinet.
Using a K 9202B cabinet fan, an air flow rate of 200 m³ per hour can be achieved by means of
forced cooling. The following total power dissipation has thus to be purged:
Type of standard control cabinet Power dissipation
M 1511 1000 W
M 1512 1000 W
M 1513 1000 W
M 1514 800 W
Table 2: Power Dissipation of Standard Control Cabinets

The air enters the control cabinet through the air intake filter located in the control cabinet door.
For optimal air discharge, ensure 2 RU free space at the bottom of the pivoting frame. If a
K 9203A fan rack is the lowest element being installed, only 1 RU free space is needed at the
bottom.

3.5.2.1 Installing the HIQuad X System in the Control Cabinet

When installing a HIQuad X system in the control cabinet (pivoting frame), note the following
points for the fan concept:
 A K 9203A rack fan must be used above a base rack.
 A maximum of 2 extension racks may be directly positioned one below the other. To install a
K 9203A rack fan, 1 RU clearance must be free between 2 successive extension rack
blocks.
 From 300 W power dissipation, a roof-mounted fan must be used in the control cabinet.
The following figure shows the side view of a control cabinet with built-in components. The
figure shows the air flow course within the control cabinet and the relationship between
maximum power dissipation and fan components to be used.

Page 26 of 110 HI 803 211 E Rev. 1.01.00

System Concept for HIQuad X

Air intake filter mounted in the control cabinet door

Air flow
Fuse and power distribution modules K 7205, K 7206, K 7212, K 7213 or K 7214
Air exhaust through the HIMA K 9202B cabinet fan for mounting on the top internal section
of the control cabinet
Required clearance for air intake and air exhaust

Figure 12: Fan Concept within the Control Cabinet

Total power dissipation Maximum power dissipation per Fan components

extension rack
< 300 W < 50 W 3 x K 9203A
300…500 W < 50 W 3 x K 9203A + K 9202B
500…1000 W < 100 W 3 x K 9203A + K 9202B
Table 3: Fan Components as a Function of Power Loss

When installing I/O modules, always observe the special instructions specified in the
i corresponding data sheets, e.g., additional fans may be required depending on the module
type.
If processor modules, I/O processing modules or communication modules report that the
temperature limits have been exceeded for a longer period of time, the existing ventilation
concept must be reviewed.

HI 803 211 E Rev. 1.01.00 Page 27 of 110

Concept for HIQuad X System

3.5.2.2 Heat Dissipation

The following consideration can also be used to determine the power dissipation. Uniform
distribution of the heat load and unhindered natural convection are assumed.
Magnitude Description Unit
PV Power dissipation (heat capacity) of the electronic W
components within the device
A Effective enclosure surface (see below) m²
B Enclosure width m
H Enclosure height m
T Enclosure depth m
Coefficient of heat transfer of the enclosure W/m² K
K Example: Steel plate Approx. 5.5 W/m²
K
Table 4: Definitions for Calculating the Power Dissipation

3.5.2.3 Installation Type

The effective enclosure surface area A as a function of the mounting or installation type is
determined as follows:
Enclosure installation type in accordance with VDE 0660, Part 5 Calculation of the enclosure surface A
Individual enclosure, free-standing on all A = 1.8 x H x (W + D) + 1.4 x W x D
sides
Individual enclosure for wall mounting A = 1.4 x W x (H + D) + 1.8 x H x D

Final enclosure, free-standing A = 1.4 x D x (W + H) + 1.8 x W x H

Final enclosure for wall mounting A = 1.4 x H x (W + D) + 1.4 x W x D

Central enclosure, free-standing A = 1.8 x W + H + 1.4 x W x D + H + D

Central enclosure, for wall mounting A = 1.4 x W x (H + D) +HxD

Central enclosure, for wall mounting, A = 1.4 x W + H + 0.7 x W x D + H + D

with covered roof area
Table 5: Installation Types for Control Cabinets

3.5.2.4 Natural Convection

When natural convection is applied, the lost heat is dissipated through the enclosure walls.
Requirement: The ambient temperature must be lower than the temperature within the
enclosure.
The maximum temperature increase ΔTmax of all electronic devices within the enclosure is
calculated as follows:
ΔTmax = Pv / k x A
The power dissipation PV can be calculated based on the specifications for the electric power
rating of the controller and its inputs and outputs.

3.5.2.5 Note on the Standard

The temperature within an enclosure can also be calculated in accordance with VDE 0660, Part
507 (HD 528 S2).

Considerations about heat must take every component within a cabinet or enclosure into
i account, including components that are not directly part of the HIQuad X system!

Page 28 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4 Product Description
HIQuad X is a 19-inch system which includes a base rack and one or multiple extension racks.

4.1 Backplane
The different backplanes are firmly screwed to the 19-inch frame, creating the following racks:
H51X base rack H41X base rack Extension rack
H51X Backplane H41X Backplane Extension rack backplane
Table 6: Rack Backplanes

4.2 19-Inch Frame

The 19-inch frame is the basic mechanical structure of the HIQuad X system. The following
figure shows the structure of the 19-inch frame:

19-inch frame with integrated cable tray Folding labeling profile

Threaded inserts General M4 ground terminal on the rear side
Numbering of slots Grounding bar (functional ground), 1 Faston flat
Insertion guide for modules connector (6.3 x 0.8 mm) each for slot 1…slot 16

Figure 13: 19-Inch Frame

HI 803 211 E Rev. 1.01.00 Page 29 of 110

Product Description System

The following figure shows the dimensions of the 19-inch frame:

a External dimensions = 482.6 mm c Mounting hole distance = 101.6 mm

b Mounting space (84 HP) = 84 x 5.08 mm f ---
c Mounting hole distance = 465 mm g ---
d Mounting depth = 263 mm h Rack unit (4 RU) = 4 x 44.45 mm

Figure 14: Dimensions of the 19-Inch Frame

Page 30 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.2.1 H51X Backplane

The following figure shows the rear side of the H51X backplane:

System bus connections Clamp terminal block for redundant 24 V power

Sys. A DOWN (XD1) supply, XG10
Sys. B DOWN (XD2) Control cabinet diagnostics for future
Sys. A UP (XD3) applications, XG8 (loop) Not applicable (for
Sys. B UP (XD4) future use)
XG1 (DATA) Not applicable (for future use)! 24 V power supply (LS1, LS2) for the F-IOP 01
5 V power supplies for extension racks, XG2 modules in the extension racks, XG7 (buffer
and XG3 module in slot 6 supplies LS1 and buffer module
Reference potential (GND) for extension racks, in slot 7 supplies LS2)
XG4 and XG5 Signaling relay contacts for F-PWR 02, XG6
Connection to L- reference potential (24 V
supply), XG9

Figure 15: Rear View of H51X Backplane

4.2.1.1 Supply of the H51X Base Rack

For supply and power distribution, HIMA recommends using the following components:
 K 7205: Redundant supply up to a maximum of 63 A total current with fuse protection of up
to 18 individual circuits with circuit breakers.
 K 7212: Redundant supply up to a maximum of 35 A total current with 2 decoupling diodes
and 2 mains filters, with fuse protection of up to 12 individual circuits with circuit breakers.
 K 7213: Redundant supply up to a maximum of 35 A total current with fuse protection of up
to 12 individual circuits with circuit breakers.
 K 7214: Redundant supply up to a maximum of 150 A total current with fuse protection of up
to 18 individual circuits with circuit breakers.
The 24 V power supply is connected to the following terminals:
Spring terminal Cross-section and color Fuse
XG10.1/.2 (L1+, L2+) 2.5 mm² RD Maximum 16 A gL
XG9.1/.2 (L-) 2.5 mm² BK
Table 7: Connection to the 24 V Power Supply

HI 803 211 E Rev. 1.01.00 Page 31 of 110

Product Description System

4.2.1.2 Buffered Voltage for LS1+ and LS2+ in F-PWR 02 Buffer Modules
The buffered voltage (LS1+ or LS2+) for extension racks is connected to the following terminals:
Spring terminal Cross-section and color
XG7.1 (LS2-) 2.5 mm² BK
XG7.2 (LS2+) 2.5 mm² RD
XG7.3 (LS1-) 2.5 mm² BK
XG7.4 (LS1+) 2.5 mm² RD
Table 8: Spring Terminals for Buffered Voltage

4.2.1.3 5 V Power Supply for Extension Racks

The 5 V power supply for extension racks is connected to the following terminals:
Spring terminal Cross-section and color
XG2.1…XG2.13 (Vcc) 2.5 mm² YE
XG3.1…XG3.13 (Vcc) 2.5 mm² YE
XG4.1…XG4.13 (GND) 2.5 mm² GN
XG5.1…XG5.13 (GND) 2.5 mm² GN
Table 9: Spring Terminals for 5 V Power Supply

4.2.1.4 Signaling Relay for F-PWR 02 Buffer Module, XG6

The signaling relay in the buffer modules is connected to the following terminals:
Spring terminal Cross-section and color
XG6.1…XG6.3 (REL2) 2.5 mm² GR
XG6.4…XG6.6 (REL1) 2.5 mm² GR
Table 10: Spring Terminals in 5 Signaling Relays for Buffer Module

Page 32 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.2.2 H41X Backplane

The following figure shows the rear side of the H41X backplane:

24 V power supply for slots 14…18, XG11. Not System bus connections, Sys. A (XD1) and
applicable (for future use) Sys. B (XD2)
Connection to L- reference potential (24 V XG1 (DATA) Not applicable (for future use)
supply), XG10 Watchdog signal supply, XG2 Not applicable (for
Connection to redundant 24 V power supply for future use)
F-PWR 01, XG9 Connection of 24 VDC auxiliary voltage for
Reference potential GND for extension racks, slot 1…slot 3, XG5
XG7 Cable plug supply
5 V power supply for extension racks, XG6 LS1+…LS12+, slot 1…slot 12; XG3
LS-, slot 1…slot 12; XG4
LS- reference potential for auxiliary voltage
(24 VDC), XG8

Figure 16: Rear View of H41X Backplane

4.2.2.1 Supply of the H41X Base Rack

For supply and power distribution, HIMA recommends using the following components:
 K 7205: Redundant supply up to a maximum of 63 A total current with fuse protection of up
to 18 individual circuits with circuit breakers.
 K 7212: Redundant supply up to a maximum of 35 A total current with 2 decoupling diodes
and 2 mains filters, with fuse protection of up to 12 individual circuits with circuit breakers.
 K 7213: Redundant supply up to a maximum of 35 A total current with fuse protection of up
to 12 individual circuits with circuit breakers.
 K 7214: Redundant supply up to a maximum of 150 A total current with fuse protection of up
to 18 individual circuits with circuit breakers.

HI 803 211 E Rev. 1.01.00 Page 33 of 110

Product Description System

The 24 V power supply is connected to the following terminals:

Spring terminal Cross-section and color Fuse
XG9.1/.2 (L1+, L2+) 2.5 mm² RD Maximum 16 A gL
XG.10.1/.2 (L-) 2.5 mm² BK
Table 11: Connection to the 24 V Power Supply

4.2.2.2 5 V Power Supply for Extension Racks

The 5 V power supply for the extension rack is connected to the following terminals:
Spring terminal Cross-section and color
XG6.1/.2 (5 V) 2.5 mm² YE
XG7.1/.2 (GND) 2.5 mm² GN
Table 12: Spring Terminals for 5 V Power Supply

Page 34 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.2.2.3 24 V Auxiliary Voltages for I/O Modules and I/O Processing Module
The 24 V auxiliary voltage for the cable plugs of the I/O modules and the I/O processing module
is connected at the following terminals.
Spring terminal Cross-section and color
XG5.1…XG5.13 2.5 mm² RD
XG8.1…XG8.13 (L-) 2.5 mm² BK
Table 13: Spring Terminals for 24 V Auxiliary Voltages in I/O Modules

The connection to the 24 V power supply of the cable plugs is performed as shown in Figure 17.
The Faston flat connectors XG3 and XG4 are supplied via field terminals XG5 and XG8 in
accordance with the corresponding slot number.

XG5: Connection to 24 V auxiliary voltage for slot 1…slot 13; assignment based on slot
number
XG3: Faston flat connectors for supplying the I/O cable plugs
XG4: Faston flat connectors for GND of I/O cable plugs
XG8: LS- reference potential for auxiliary voltage (24 VDC)

Figure 17: Connection to the 24 V Power Supply of the Cable Plugs (H41X)

HI 803 211 E Rev. 1.01.00 Page 35 of 110

Product Description System

4.2.3 Extension Rack Backplane

The following figure shows the rear side of the extension rack backplane:

24 VDC supply (L+) for power distribution Potential distributor, for free use, XG5
modules in slots 18…21, XG.7…XG.10 Potential distributor, for free use, XG6
Fuse monitoring for power distribution modules, Do not use it for HIQuad X
XG.1
L- (24 VDC) XG.11
Jumpers X1…X4 (fuse monitoring)
Do not use it for HIQuad X
Fuse monitoring for power distribution modules,
GND (+ 5 VDC), XG.12
XG.2
Potential distributor, for free use, XG13
24 VDC supply for I/O processing module, XG.3
Potential distributor, for free use, XG14
Do not use it for HIQuad X!
PE connection
5 VDC voltage, XG.4

Figure 18: Rear View of Extension Rack Backplane

WARNING
In HIQuad X, connectors in pos. 11 XG15, pos. 6 XD1 and pos. 13 XD2 must not be
connected. The connectors must be provided with blind covers (within the scope of
delivery of the F-IOP module).
Failure to comply with this measure may lead to critical system states.

A HIQuad X controller tailored to the concrete application can be created by selecting

appropriate modules.
The controller can be easily adapted to future extensions of the process to be controlled, e.g.,
by adding modules or extension racks with modules for H51X.

Page 36 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.2.4 Temperature Monitoring

The HIQuad X system is intended for operation up to a maximum ambient temperature of 60 °C.
Sensors located at specific temperature-relevant positions on the modules record the
temperature state of processor modules, I/O processing modules and communication modules.
The temperature state of these modules is centrally monitored and evaluated by the processor
modules (F-CPU 01).
System parameters Temperature State [1] and Temperature State [2] in the user program can
be used to evaluate the temperature state, see Chapter 6.1.3.
The system parameters Temperature State [1] and Temperature State [2] signal the measured
temperatures as follows:
Temperature Temperature state Temperature State [X] [BYTE]
threshold
≤ 40 °C Normal 0x00
> 40 °C Warning: Threshold 1 exceeded. 0x01
> 60 °C Error: Threshold 2 exceeded. 0x03
Table 14: Thresholds of the Temperature States

If a value exceeds or falls below one of the temperature thresholds, the temperature state
changes.
The transition to the state Threshold 1 exceeded or Threshold 2 exceeded does not indicate an
impairment of the system safety.
The user must implement suitable measures to ensure that the ambient temperature limits
specified for the system are met.

The temperature can be used in the user program, e.g., as additional shutdown condition;
i however, the temperature is not recorded in a safety-related manner.
Temperature State may be used as an additional shutdown condition.

In the SILworX Hardware Editor, the Temperature State system parameter can be used to
define if exceeding the temperature threshold should cause a message to be issued.

HI 803 211 E Rev. 1.01.00 Page 37 of 110

Product Description System

4.3 Power Supply

HIQuad X requires a 24 V power supply that can be connected as follows:
 Mono connection to one or redundant power supply units, see Figure 19
 Redundant with redundant power supply units, see Figure 20.

HIMA uses red cables for positive potentials (L+) and black cables for negative potentials (L-).

Decoupled SELV/PELV power supply H 7034 mains filter

unit Fuse and power distribution module, see
Decoupled redundant SELV/PELV Chapter 10
power supply unit
Alternative: 24 VDC power nets

Figure 19: Mono 24 V Power Supply

Page 38 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

SELV/PELV power supply unit Fuse and power distribution module, see
Redundant SELV/PELV power supply Chapter 10
unit Alternatively: Connection for mono
Alternative: 24 VDC power net components, observe decoupling!
H 7034 mains filter Decoupling diodes if not included in the
power supply units

Figure 20: Redundant 24 V Power Supply

The power supply units must meet the requirements in accordance with SELV or PELV. The
power supply units must bridge voltage dropouts of up to 20 ms. HIMA power supply units of the
PS 1000 series are designed and suitable for a mean time to failure (MTTF) of 30 years. Power
supply units from other manufacturers must be checked to ensure that they meet the mentioned
requirements. The requirements for a 24 VDC power net are the same as those applying to
power supply units.
HIMA recommends using a H 7034 mains filter to protect the 24 V power supplies transient
interference. The filter must be installed close to the 24 V supply to suppress interferences
directly at the supply point.
The base racks are equipped with redundant L1+ and L2+ terminals to connect to redundant
power supply units, see Figure 15 and Figure 16. In doing so, protective separation of the power
supply units must be ensured.

HI 803 211 E Rev. 1.01.00 Page 39 of 110

Product Description System

To ensure high availability, operate the HIQuad X systems as follows:

 Use redundant power supplies.
 The power supply units or the 24 VDC power nets must ensure the output voltage never
exceeds 31 V.
 Use suitable fuses in the fuse and power distribution module to limit the maximum current
input in each base rack to 16 A.
 Users must implement external measures to ensure that the power supply does not fall
below 0.8 x UN (= 19.2 VDC). If no redundant power supply is available, the system
responds with failure of individual components or the entire system.
The power distribution modules, K 7205, K 7212, K 7213 and K 7214, include all components
required to secure up to 18 individual circuits with circuit breakers. The K 7212 set is additionally
equipped with decoupling diodes and mains filters with monitoring relays.

Page 40 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.3.1 Mono H51X Base Rack (24 VDC)

The 24 V mono power supply is performed for the H51X base rack and the I/O processing
modules by connecting to one or redundant power supply units, see Figure 19.

Connection to one or redundant power supply units, see Figure 19

Connection to 24 VDC for the I/O processing modules from the same source as the H51X base rack
Redundant supply of the F 7133 power distribution modules, insert jumpers in accordance with the
application
Reference potential L-

Figure 21: Mono Connection to H51X Base Rack (24 VDC)

For redundant power supply, HIMA recommends using the K 7212 power distribution
i module with decoupling diodes.

HI 803 211 E Rev. 1.01.00 Page 41 of 110

Product Description System

4.3.2 Redundant H51X Base Rack (24 VDC)

The redundant 24 V power supply is performed for the H51X base rack by using redundant
power supply units and for the I/O level at the connection for mono components, see Figure 20.

Connection to redundant power supply units, see Figure 20

Attach to the connector for mono components, see Figure 20
Redundant supply of the F 7133 power distribution modules, insert jumpers in accordance with the
application
Reference potential L-

Figure 22: Redundant Connection to H51X Base Rack (24 VDC)

Page 42 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.3.3 Redundant H51X Base Rack and I/O Level (24 VDC)
To ensure increased availability, the user can individually structure the redundancy of the I/O
processing modules, and thus of the I/O level. The 24 V power supply is performed for the H51X
base rack by using redundant power supply units, see Figure 20. The I/O level is supplied
redundantly depending on the application, such as shown in Figure 22.
In the example below, one power supply unit (L1+) powers the extension racks with odd rack
IDs while a redundant power supply unit (L2+) powers the racks with even IDs. In this example,
the redundancy of the I/O level is portioned based on the rack IDs so that operation is ensured
even if a power supply unit fails.

Connection to redundant power supply units, see Figure 20

XG.3 terminal (L+) for connecting to 24 VDC in accordance with redundant application
Redundant supply of the F 7133 power distribution modules, insert jumpers in accordance with the
application
Reference potential L-

Figure 23: Redundant Connection to H51X Base Rack (24 VDC) and Redundant I/O Level

For redundant power supply, HIMA recommends using the K 7212 power distribution
i module with decoupling diodes.

HI 803 211 E Rev. 1.01.00 Page 43 of 110

Product Description System

4.3.4 H51X Base Rack (24 VDC) I/O Level via F-PWR 02 Buffer Modules (Optional)
If the power supply units do not meet the requirements for protective separation and for
compensating voltage failures of up to 20 ms such as specified in Chapter 4.3, or the
requirements are > 20 ms, the buffer modules (F-PWR 02) can be used as an option to supply
the I/O processing modules with 24 VDC.
In the following example, the buffer module in slot 6 compensates for voltage dropouts of I/O
processing modules in the expansion racks with odd rack IDs. The buffer module in slot 7
compensates for voltage dropouts of the expansion racks with even rack IDs. In doing so,
redundant I/O levels can be assembled based on the rack IDs. If one buffer module fails,
operation of redundant racks is ensured via the remaining module. The failed buffer module
must be replaced immediately to restore the original availability. This structure corresponds to
that of the HIQuad HRS system.

Connection to redundant power supply units, see Figure 20

Connection to the LS1+/LS2+ power supply of the F-PWR 02 buffer modules in accordance with the
desired redundant structure of the I/O level
Redundant supply of the F 7133 power distribution modules, insert jumpers in accordance with the
application
Reference potential L-

Figure 24: Mono Connection to H51X Base Rack (24 VDC)

Page 44 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.3.5 Mono H41X Base Rack (24 VDC)

The 24 V mono power supply is performed for the H41X base rack and the I/O processing
modules by connecting to one or redundant power supply units, see Figure 19.

Inline terminals XG5.1…XG5.13 to 24 V power supply, XG5.13 for connecting to the I/O processing
modules.
Connection to one or redundant power supply units, see Figure 19
Connection to 24 VDC for the I/O processing module from the same source as the H41X base rack
Redundant supply of the F 7133 power distribution modules, insert jumpers in accordance with the
application
Reference potential L-

Figure 25: Mono Connection to H41X Base Rack

HI 803 211 E Rev. 1.01.00 Page 45 of 110

Product Description System

4.3.6 Redundant H41X Base Rack (24 VDC)

The I/O processing module in the H41X base rack and that in the extension rack must be
powered from different power supply units to implement redundant I/O levels in the
HIQuad H41X system. To this end, e.g., the I/O processing module in the H41X base rack can
be connected to L1+ (terminal XG5.13) and the I/O processing module in the extension rack
(terminals XG.3, L+), see Figure 20. The power supply units must be able to bridge voltage
dropouts of up to 20 ms.

Inline terminals XG5.1…XG5.13 to 24 V power supply, XG5.13 for connecting to the I/O processing
module in the H41X base rack
Connection to redundant power supply units, see Figure 20
Terminal XG.3 (L+) for connecting to 24 VDC for the I/O processing module in extension rack 1
Redundant power supply of the F 7133 power distribution modules, insert jumpers in accordance with
the application
Reference potential L-

Figure 26: Redundant Connection to H41X Base Rack and Extension Rack 1

Page 46 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.3.7 24 V Distribution for HIQuad X

The 24 V power supply is distributed via a fuse and current distribution module connected to the
base racks and extension racks.
Each extension rack may be equipped with a maximum of 4 F 7133 power distribution modules.
For each F 7133, a back-up fuse (16 A) must be used in the fuse and power distribution module.
Each I/O module in the extension rack is secured by one fuse of the F 7133 power distribution
module. Each F 7133 protects 4 slots with 4 A per slot. The assignment of the power distribution
modules to the slots of the I/O modules is as follows:
F 7133 power distribution module Supplies the I/O modules in
Slot 18 Slot 1…4
Slot 19 Slot 5…8
Slot 20 Slot 9…12
Slot 21 Slot 13…16
Table 15: Assignment of F 7133 Power Distribution Modules to I/O Module Slots

Fuse and power distribution module, see Output signals

Chapter 10. Input signals
Extension rack (F-BASE RACK 11) Output module in slot 1 (example)
F 7133 power distribution module, slot 18 Input module in slot 15 (example)
F 7133 power distribution module, slot 21 Transmitter 1…3

Figure 27: 24 VDC Distribution for HIQuad X

The I/O modules are either supplied via the front cable plug or via the backplane PCB. The
XG.11 potential distributor is connected to the L- of the fuse and power distribution module. All
F 7133 power distribution modules are internally connected to the L- of the potential distributor.

HI 803 211 E Rev. 1.01.00 Page 47 of 110

Product Description System

The L- is connected to the I/O modules through the front panel of the power distribution module
via the cable plugs.
In Figure 27, the power supply of the transmitter circuits is tapped at the front of the F 7133
power distribution module. The transmitters are protected by the same fuse as the input module
.

4.3.7.1 5 V Distribution for HIQuad X

To generate 5 V power supply, a base rack can be equipped with up to 5 (H41X: 2) F-PWR 01
power supply units that are connected in parallel. The 5 V power supply is distributed to each
slot via the backplane PCB. The 5 V power supply is monitored by the power supply units and
its status is transmitted to the processor modules. In the user program, system variables can be
used to evaluate the status of the power supply units.

4.3.7.2 5 VDC Distribution for H51X

26 connection points can be used to distribute the 5 V power supply through terminal blocks
XG2 and XG3 for 5 V, or XG4 and XG5 for GND. The supply voltage is distributed in a star
configuration, see Figure 25. The resistance of a 5 V supply line with a maximum length
between H51X base rack and extension rack of 12 m must be ≤ 40 mΩ. If cables longer than
3 m are used, HIMA recommends shielding the cables to protect them against transient
interference (LIY-CY), and applying the shield at both sides as flat as possible.
To connect cables with a cross-section larger than 2.5 mm², pin terminals with a pin diameter
< 2 mm or other suitable transfer terminals can be used.
The I/O processing modules (F-IOP 01) monitor the 5 V power supply of the racks on which
they are installed. If the minimum voltage is underrun, I/O processing modules switch off the I/O
level of their rack.
HIMA uses yellow wires for 5 V and green wires for GND. If the H51X system is distributed
among several control cabinets, separate power supply units may be necessary to supply 5 V to
the control cabinets without base rack, see Chapter 4.3.8 for details.
The wires on the extension racks are connected to the flat connectors XG.4 (5 V) and XG.12
(GND), and the shield to the PE connector. The voltage is distributed to the I/O modules via the
backplane PCB.

Page 48 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

GND connectors (XG4 and XG5) on the rack rear side

5 VDC connectors (XG2 and XG3) on the rack rear side

Figure 28: Extension Rack Connected to a 5 VDC (H51X)

HI 803 211 E Rev. 1.01.00 Page 49 of 110

Product Description System

4.3.7.3 5 VDC Distribution for H41X

The 5 V power supply is distributed to the extension rack through terminal blocks XG6 for 5 V
and XG7 for GND. The extension rack must be connected to 2 parallel wires (2.5 mm²) for 5 V
and GND in a star configuration so that the 5 V power supply is applied to the I/O processing
modules at sufficiently high voltage. HIMA uses yellow wires for 5 V and green wires for GND.
The wire length within the control cabinet is limited to 3 m. If the H41X system is distributed
among two control cabinets, the 5 V power supply must be provided in the control cabinet
without base rack by a separate power supply unit, see Chapter 4.3.8 for details.
The wires on the extension rack are connected to the flat connectors XG.4 (5 V) and XG.12
(GND). The voltage is distributed to the I/O modules via the backplane PCB.

5 VDC connector XG6.1.2 (base rack), XG.4 (extension rack).

GND connector XG7.1.2 (base rack), XG.12 (extension rack).

Figure 29: Extension Rack Connected to a 5 VDC (H41X)

When designing the 5 V voltage supply, the current consumption of all I/O modules and the
modules in the base rack must be taken into account. For details on the power consumption of
the individual modules, refer to the module-specific manuals.

Page 50 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

For HIQuad H51X:

Number of F-PWR 01 power Maximum permissible Availability design (with a failed
supply units current consumption power supply unit tolerated!)
1 10 A ---
2 20 A 10 A
3 30 A 20 A
4 40 A 30 A
5 40 A 40 A
Table 16: Allowed Power Consumption in Relation to the Number of Power Supply Units

For HIQuad H41X:

Number of F-PWR 01 power Maximum permissible Availability design (with a failed
supply units current consumption power supply unit tolerated!)
1 10 A ---
2 10 A 10 A
Table 17: Allowed Power Consumption in Relation to the Number of Power Supply Units

4.3.8 5 VDC Additional Power Supply (H51X)

The 5 VDC power supply can be extended by a H51X additional power supply consisting of the
B 9361 set and at least an F 7126 power supply unit.

4.4 System Bus

The HIQuad X system is based on the redundant system buses A and B. Each system bus is
controlled and monitored by one processor module located in the base rack. For redundant
operation, the system must be operated with two processor modules. In redundant operation,
communication runs on both system buses simultaneously. If only one processor module is
inserted in the base rack, the system runs in mono operation with only one system bus.
Redundant operation ensures that, if one processor module fails, communication is maintained
by the redundant processor module via one system bus. To ensure redundant operation again,
the defective processor module must be replaced immediately.
It is not allowed to interconnect the system buses of several HIQuad X systems!
No active elements such as switches may be connected to the system bus.

NOTICE
System malfunction possible!
Using system bus connectors XD1...XD4 on the back of the backplane PCB as normal
Ethernet connections may cause the system to malfunction.
 Only use the system bus connectors XD1...XD4 to connect to the I/O processing
modules (F-IOP 01).
 Do not interconnect or cross system bus A and system bus B.

The system buses connect the I/O level to the processor modules via the I/O processing
modules (F-IOP 01). To do so, the RJ-45 interfaces on the rear side of the base racks must be
connected to the I/O processing modules, see Chapter 3.2. The maximum length of the patch
cable between two system bus subscribers is 50 m. The cable diameter must be selected in
relation to the cable length.

HI 803 211 E Rev. 1.01.00 Page 51 of 110

Product Description System

To perform the connection, use patch cables with the following characteristics:
 At least Cat. 5e (in accordance with IEEE 802.3) for 1 Gbit/s, for industrial applications.
 Industrial RJ-45 connectors on both sides.
 The cable shielding must comply with at least Class D in accordance with ISO/IEC 11801.
 Autocrossover allows the use of both crossover and straight through cables.
Suitable patch cables (Cat. 5e) with industrial connector are available from HIMA in standard
lengths.

NOTICE
Communication interference possible!
Use patch cables compliant with industrial standard Cat. 5e or better!
In harsh environments (e.g., subject to temperature changes, electromagnetic
interference), low-quality patch cables may cause communication to fail.

The maximum system bus latency can be set to System Defaults or 100 µs using the Maximum
System Bus Latency [µs] system parameter located in the resource properties. When the
Maximum System Bus Latency [µs] is set to System Defaults, the maximum system bus latency
is determined by the system. For the 100 μs setting, the maximum system bus latency is set to
this value!
For system bus connections running within a control cabinet, the minimum cross-section of
patch cables must be 0.2 mm².
For system bus connections running outside a control cabinet, the minimum cross-section of
patch cables must be 0.5 mm². If necessary, installation cables with rigid cores must be used
instead of patch cables with flexible cores.

4.5 I/O Bus

All I/O modules are connected to the I/O processing module via the I/O bus. The I/O processing
module in the H41X base rack (slot 13) and in the extension rack (slot 17) connect the I/O bus
to the system buses.

4.6 I/O Watchdog (WD)

A second independent shutdown option is required in safety-related systems. This is ensured by
an I/O watchdog signal (24 V). The I/O watchdog is controlled, monitored, and applied to the
output modules by the I/O processing modules. The output modules only operate when the
watchdog signal is present (high level). If the I/O watchdog signal is switched off, the output
modules safely enter the de-energized state.

Page 52 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.7 Modules
The HIQuad X system is a modular system that can be equipped with various modules. The
following modules are available for the system:
 F-CPU 01 processor module
 F-IOP 01 I/O processing module
 F-COM 01 communication module
 I/O modules, see Chapter 4.11
 F-PWR 01 power supply unit (24/5 V)
 F-PWR 02 buffer module

4.8 F-CPU 01 Processor Module

The CPU operating system controls the user programs running in a processor module.

4.8.1 Operating System

Tasks:
 Controlling the cyclic run of the user programs.
 Performing the self-tests of the module.
 Controlling safety-related communication via safeethernet.
 Managing the processor modules' redundancy (synchronization).

4.8.1.1 General Cycle Sequence

Phases:
1. Reading of the input data.
2. Processing of the user program.
3. Writing of the output data.
4. Other activities, e.g., reload processing.

4.8.1.2 Operating System States

States that can be recognized by the user:
 LOCKED
 STOP/VALID CONFIGURATION
 STOP/INVALID CONFIGURATION
 STOP/LOADING OS
 RUN
 RUN/UP STOP
Use the LEDs on the module to recognize the operating state. All LEDs must be taken into
account, see the module-specific manuals.
SILworX displays the operating states in the online view.

HI 803 211 E Rev. 1.01.00 Page 53 of 110

Product Description System

State Description The state is entered:

LOCKED The processor module is reset to Connecting the supply voltage to the processor
the factory settings (SRS, module while the mode switch is set to Init.
network settings, etc.).
STOP/VALID Processor module stopped: A Stopping the processor module using SILworX.
CONFIGURATION valid configuration is available in
Applying the supply voltage
the memory.
 Autostart is disabled in the project
configuration or
 Mode switch is set to Stop and the
processor module starts by itself.
A fault occurred.
STOP/INVALID Processor module stopped: No Loading with error.
CONFIGURATION valid configuration is available in
the memory.

STOP/LOADING OS Processor module stopped: The Loading the operating system using SILworX.
operating system is loaded in the
non-volatile memory.
RUN The user program is running. From the STOP/VALID CONFIGURATION
state: SILworX command.
Applying the supply voltage, the following
conditions must be met:
 A valid project configuration is loaded.
 Autostart is enabled in the project
configuration.
 The mode switch is not set to Init.
 The mode switch is set to Run if the
processor module starts by itself.
RUN/UP STOP The user program is not running. From the STOP/VALID CONFIGURATION
This state is used for testing the state: SILworX command SILworX.
inputs/outputs and
communication.
Table 18 provides an overview of the operating system states and indicates the conditions for
entering them.

Page 54 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

State Description The state is entered:

LOCKED The processor module is reset to Connecting the supply voltage to the processor
the factory settings (SRS, module while the mode switch is set to Init.
network settings, etc.).
STOP/VALID Processor module stopped: A Stopping the processor module using SILworX.
CONFIGURATION valid configuration is available in
Applying the supply voltage
the memory.
 Autostart is disabled in the project
configuration or
 Mode switch is set to Stop and the
processor module starts by itself.
A fault occurred.
STOP/INVALID Processor module stopped: No Loading with error.
CONFIGURATION valid configuration is available in
the memory.

STOP/LOADING OS Processor module stopped: The Loading the operating system using SILworX.
operating system is loaded in the
non-volatile memory.
RUN The user program is running. From the STOP/VALID CONFIGURATION
state: SILworX command.
Applying the supply voltage, the following
conditions must be met:
 A valid project configuration is loaded.
 Autostart is enabled in the project
configuration.
 The mode switch is not set to Init.
 The mode switch is set to Run if the
processor module starts by itself.
RUN/UP STOP The user program is not running. From the STOP/VALID CONFIGURATION
This state is used for testing the state: SILworX command SILworX.
inputs/outputs and
communication.
Table 18: Operating System States, States Entered

HI 803 211 E Rev. 1.01.00 Page 55 of 110

Product Description System

Table 19 specifies how the user may intervene during the corresponding states.
State Possible user interventions
LOCKED  Changing the factory settings.
 Using a PADT command to stop (STOP state).
 Using a PADT command to start (RUN state).
STOP/VALID  Loading the user program.
CONFIGURATION  Starting the user program.
 Loading the operating system.
 Taking preliminary actions for forcing variables.
STOP/INVALID  Loading the user program.
CONFIGURATION  Loading the operating system.
STOP/LOADING OS None. Once the loading process is completed, the processor module
stops (STOP state).
RUN  Stopping the user program.
 Forcing variables.
 Performing the test.
RUN/UP STOP  Using a PADT command to stop (STOP state).
Table 19: Operating System States, User Interventions

The cycle time increases by the number of modules used in the system. This applies
i irrespective of whether or not the modules are included in the configuration.
 Connecting additional extension racks with several modules during operation can
cause the watchdog time to be exceeded!

4.8.2 Behavior in the Event of Faults

If faults occur, the processor module enters the error stop state and tries to restart. It performs a
complete self-test which can also cause another error stop.
If a fault is still present, the module restarts with reduced functionality to prevent a reboot loop.
Once the processor module has properly run for one minute, the next error stop to occur is
considered the first error stop attempting a restart.

Use the PADT for troubleshooting and removing the cause of the fault, e.g., by loading a new
i application.

Page 56 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.9 F-IOP 01 I/O Processing Module

The I/O processing module manages the I/O bus of the H41X base rack and that of the
extension racks. The I/O bus is used to exchange process data between I/O modules and the
I/O processing module. The module's tasks include exchanging data with the processor
modules and providing the watchdog signal to the output modules via system bus A and system
bus B.

4.10 F-COM 01 Communication Module

The communication module is equipped with 2 Ethernet interfaces and 1 fieldbus interface
allowing the HIQuad X system to communicate with external systems. The module is approved
for use in the safety-related HIQuad X system and can be employed to transport safety-related
protocols.

HI 803 211 E Rev. 1.01.00 Page 57 of 110

Product Description System

4.11 I/O Modules

The following table shows the I/O modules that can be used for HIQuad X:
Module Cable plug Channels SIL Type Data sheet
HI number
F 3221 Z 7116 / 3221 16 --- DI HI 803 174 E
F 3224A Z 7114 / 3224 4 --- DI; (Ex)i HI 803 175 E
F 3236 Z 7116 / 3236 16 3 DI HI 803 176 E
F 3237 Z 7108 / 3237 8 3 DI HI 803 177 E
F 3238 Z 7008 / 3238 8 3 DI; (Ex)i HI 803 178 E
F 3240 Z 7130 / 3240 16 3 DI 110 VDC HI 803 179 E
F 3248 Z 7130 / 3248 16 3 DI 48 VDC HI 803 180 E
F 3322 Z 7136 / 3322 16 --- DO 0.5 A HI 803 181 E
F 3325 Z 7025 / 3325 6 --- Supply module HI 803 182 E
F 3330 Z 7138 / 3330 8 3 DO 0,5 A HI 803 183 E
F 3331 Z 7138 / 3331 8 3 DO 0.5 A HI 803 184 E
F 3333 Z 7134 / 3333 4 3 DO 2 A HI 803 185 E
F 3334 Z 7134 / 3334 4 3 DO 2 A HI 803 186 E
F 3335 Z 7035 / 3335 4 3 DO; (Ex)i HI 803 187 E
F 3349 Z 7150 / 3349 8 3 DO 0.5 A HI 803 188 E
F 3422 Z 7139 / 3422 8 --- Relay 60 VDC HI 803 189 E
F 3430 Z 7149 / 3430 4 3 Relay 110 VDC HI 803 190 E
F 5220 Z 7152 / 5220 2 3 Counter HI 803 191 E
F 6215 Z 7127 / 6215 8 --- AI HI 803 192 E
F 6217 Z 7127 / 6217 8 3 AI HI 803 193 E
F 6220 Z 7062 / 6220 8 3 Thermocouple; (Ex)i HI 803 194 E
F 6221 Z 7063 / 6221 8 3 AI; (Ex)i HI 803 195 E
F 6705 Z 7126 / 6705 2 3 AO HI 803 196 E
F 6707 Z 7126 / 6706 2 --- AO HI 803 197 E
Table 20: Possible I/O Modules to Be Used in HIQuad X

4.11.1 Scope of Application of the I/O Modules

Refer to the safety manual (HI 803 209 E) for more information on the standards used to certify
the I/O modules.

For the scope of application of the I/O modules, observe the revisions, see the modernization
i manual (HI 803 235 E).

4.11.2 Mounting Position

The I/O modules must be mounted vertically. The vertical mounting position automatically
results from the horizontal position of the rack within a control cabinet.

Page 58 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.12 Noise Blanking

This chapter describes how noise blanking of I/O modules operates in the HIQuad X system.

4.12.1 Effects of Noise Blanking

Noise blanking suppresses transient interference to increase the system availability. It ensures
that the system triggers a safety-related response to existing interferences within the configured
time.
Noise blanking can be activated for I/O modules. For details, refer to the SILworX Hardware
Editor and the module-specific manuals.
If an interference is blanked out, the system automatically processes the last valid input and
output values instead of the currently disturbed values. The time in which noise can be blanked
out is limited by the safety time, watchdog time and the cycle time.
The maximum noise blanking time can be calculated using the following equation:
Maximum noise blanking time = safety time - (2 x watchdog time)
The greater the noise blanking time value, the longer the interference can be blanked out. Since
an interference can be present for up to one cycle before it is detected while reading in the
values, the minimum noise blanking time can be determined by subtracting a cycle from the
maximum noise blanking time value.
Minimum noise blanking time = maximum noise blanking time - cycle time
Noise blanking is effective if the cycle time value is less than the noise blanking time.

4.12.2 Configuring Noise Blanking

To blank out as many cycles as possible, the safety time must be set as large as possible taking
the process safety time into account. At the same time, the value set for the watchdog time
should be as low as possible, but sufficiently large to allow reload and synchronization of an
additional processor module. Refer to the safety manual (HI 803 209 E) for further details on the
various time parameters and their application.
Configure noise blanking in accordance with the following examples:
Example 1 2 3
Safety Time [ms] 600 2000 1000
Watchdog Time [ms] 200 500 500
Target Cycle Time [ms] 100 200 200
Max. Noise Blanking Time [ms] 200 1000 0
Min. Noise Blanking Time [ms] 100 800 0
1)
Default setting in SILworX.
2)
No noise blanking is possible in example 3 since the noise blanking time is less than the
cycle time.
Table 21: Example for Calculating the Minimum and Maximum Noise Blanking Time

HI 803 211 E Rev. 1.01.00 Page 59 of 110

Product Description System

4.12.3 Noise Blanking Sequence

The following examples illustrate the sequence of noise blanking:
 A transient interference is blanked out.
 An interference present for longer than the maximum noise blanking time triggers the safe
response.

Example 1: Transient interference is successfully blanked out

Cycle, duration = watchdog time Processing (in all cycles)

Reading in cycle 1 Output process in cycle 1 and 2
Reading in cycle 2 Output process in cycle 3
Reading in cycle 3 Output process in cycle 4
Reading in cycle 4 Duration of safety time

Figure 30: Transient Interference

In example 1, valid input values are read within one cycle. For this cycle, the system
processes the valid input values, even though an interference occurred directly upon completion
of the read-in process. If the interference is still present in the following cycle during the read-in
process , the module detects the interference and the system decides if noise blanking can
be performed at this point in time based on the following rule:
Safety time - elapsed time - (2 x watchdog time) > 0
Elapsed time = Time interval between the moment, in which the last valid values were read in,
and the moment, in which the interference was detected.
In this example, noise blanking is possible since the interference is present for less than a cycle
( = elapsed time) and two additional cycles (2 x watchdog time) are available for triggering a
safe response. For this cycle, the system processes the last valid input values of and no
fault response is triggered. The transient interference was successfully blanked out.
If the interference is no longer present in , new valid values are read in and processed. If
noise blanking is not active, the system immediately triggers the defined fault response during
the read-in process .

Page 60 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

Example 2: Triggering a safety-related response when interference occurs

Cycle, duration = watchdog time Processing (in all cycles)

Reading in cycle 1 Output process in cycle 1 and 2
Reading in cycle 2 Output process in cycle 3
Reading in cycle 3 Output process in cycle 4
Reading in cycle 4 Output process in cycle 5
Reading in cycle 5 Duration of safety time

Figure 31: Interference Triggers a Safe Response

In example 2, valid input values are read within one cycle. For this cycle, the system
processes the valid input values, even though an interference occurred directly upon completion
of the read-in process. If the interference is still present in the following cycle during the read-in
process , the module detects the interference and the system decides if noise blanking can
be performed at this point in time based on the following rule:
Safety time - elapsed time - (2 x watchdog time) > 0
Noise blanking is possible in the 1st and 2nd cycle since the interference is present for less than
a cycle ( = elapsed time) and two additional cycles (2 x watchdog time) are available for
triggering a safe response. For this cycle, the system processes the last valid input values of
and no defined fault response is triggered. The transient interference was successfully blanked
out.
In case of a ratio of safety time/watchdog time = 3/1, as in example 2, two cycles are still
available for the safe response
If the interference is still present in the next read-in process , the fault response must be
triggered in that cycle. The fault response must be triggered no later than when the outputs are
written to . At the next output moment , the safety time has already expired.
If noise blanking is not active, the system immediately triggers the defined fault response during
the read-in process .

HI 803 211 E Rev. 1.01.00 Page 61 of 110

Product Description System

4.12.4 Effective Direction of Noise Blanking

The effective direction must be observed when considering noise blanking and output noise
blanking, see Figure 32 and the following chapters.

4
1 6
2 3 F-CPU 5

Sensor Output module

Input module Actuator
Effective direction from the input module to the Effective direction from the output module to the
processor module processor module
Effective direction from the processor module to
the output module

Figure 32: Effective Direction Associated with Noise Blanking and Output Noise Blanking

4.12.4.1 Effective Direction from the Input Module to the Processor Module (3)
Noise blanking with effective direction from the input module to the processor module is
performed by the processor module. Noise blanking suppresses the transient interference on
the input module and on the buses (system bus and I/O bus). Noise blanking on the input
module can be deactivated in the properties (SILworX) (default = Activated), see the input
module manuals. Noise blanking on the buses is always active and cannot be deactivated in
SILworX.

4.12.4.2 Effective Direction from the Processor Module to the Output Module (4)
Noise blanking with effective direction from the processor module to the output module is
performed by the output module and is always active. Noise blanking suppresses the transient
interference on the bus.

4.12.4.3 Effective Direction from the Processor Module to the Output Module (7)
Noise blanking with effective direction from the output module to the processor module on the
system bus is performed by the processor module. Noise blanking suppresses status
acknowledgments of the output module such as SC/OC detection. Noise blanking on the output
module can be deactivated in the properties (SILworX) (default = Activated), see the output
module manuals.

Page 62 of 110 HI 803 211 E Rev. 1.01.00

System Product Description

4.13 Communication
Communication with other HIMA systems or third-party systems occurs via communication
modules. HIQuad X supports the following communication protocols:
 safeethernet (safety-related).
 Standard protocols.
For details on communications and supported standard protocols, refer to the communication
manual (HI 801 101 E).

4.13.1 Licensing
Standard protocols can only be run in the long term with a valid license. For some protocols, a
software activation code is required. For activation, see Chapter 4.15.

Order a software activation code on time!

i After 5000 operating hours, communication continues until the controller is stopped.
Afterwards, the user program cannot be started without a valid software activation code for the
protocols used in the project (invalid configuration).

4.14 Connecting the PADT to the System

The physical connection between the PADT and a HIQuad X system is established by
connecting the Ethernet interface of a PC to an RJ-45 socket (X1, X2) of a processor module. A
PADT (programming and debugging tool) is a personal computer (PC) that is running the
SILworX programming tool.
The connection requires a patch cable that complies with Cat. 5e or better and is connected to a
free PC network card.
A HIQuad X system can simultaneously communicate with up to 5 PADTs. If this is the case,
only one programming tool can access the controller with write permission. The remaining
PADTs can only read information. If they try to establish a writing connection, the controller only
allows them a read-only access.

HI 803 211 E Rev. 1.01.00 Page 63 of 110

Product Description System

4.15 Licensing
A license is required for using some communication protocols of the HIQuad X system, refer to
the communication manual (HI 801 101 E).
The licenses can be provided by HIMA upon request. To activate the function, HIMA provides
an activation code which can be entered with the PADT in the configuration. The activation code
is bound to the system ID of the PES.
The activation code is generated on the HIMA website at: www.hima.com/en under Products
& Services -> Product Registration. Refer to the corresponding page for more details.

To activate a function with an activation code

1. Generate the software activation code on the HIMA website www.hima.com/en using the
system ID of the controller (e.g., 10 000) and the license numbers received from HIMA. To
do so, follow the instructions provided on the HIMA website:

The software activation code is intrinsically bound to this system ID. A license can only be used
i once for a specific system ID. For this reason, only activate the code when the system ID has
been uniquely defined.

2. In SILworX, create a license management for the resource, if not existing.

3. Create a license key in the license management and enter the activation code.
4. Compile the project and load it into the controller.
► The function is activated.

Page 64 of 110 HI 803 211 E Rev. 1.01.00

System Redundancy

5 Redundancy
The conceptual design of the HIQuad X system is characterized by high availability. To this end,
all system components can be operated redundantly. The following chapter describes
redundancy aspects for the various system components.

A redundancy system only increases the system availability, but not its safety integrity level
i (SIL)!

5.1 Processor Module Redundancy

A HIQuad X system can be configured as a mono system with only 1 processor module, or as a
high-availability redundancy system with 2 redundant processor modules.
Processor modules only operate redundantly, if there is a digital depiction of the processor
modules in the Hardware Editor (SILworX) and the configuration is compiled with these settings.

5.1.1 Reducing Redundancy

A HIQuad X system with redundant processor modules continues its safety-related operation
even if one of the processor modules is no longer available, e.g., because a module failed or
was removed. Safety-related operation is still ensured even if one of the two redundant
processor modules fails.

5.1.2 Increasing Redundancy

If a new processor module is added to a running HIQuad X system, it automatically
synchronizes with the configuration of the existing processor module. Safety-related operation is
ensured. Requirements:
 The user program run by the processor module is redundantly configured (default setting).
 The redundant slot for the processor module is not in use.
 At least one system bus is operating.
 The position of the mode switch on the added processor module is Stop or Run.
 The operating system of the added processor module has either the same version as the
existing processor module or a higher one.

5.2 Redundancy of I/O Modules

In terms of redundancy, two cases can be distinguished for input and output modules:
 Module redundancy.
 Channel redundancy.
HIMA recommends defining module redundancy before channel redundancy. HIQuad X
supports dual redundancy of input and output modules. Higher redundancy levels are possible
using the corresponding programming logic. For redundant connection of a sensor or actuator to
several I/O modules, observe the input and output values permitted for I/O modules.

HI 803 211 E Rev. 1.01.00 Page 65 of 110

Redundancy System

5.2.1 Module Redundancy

Two I/O modules of the same type can be combined in the SILworX Hardware Editor to form a
redundancy group. To ensure that availability of HIQuad X is increased as required, the I/O
modules of the redundancy group must be inserted in different racks:

To increase availability of HIQuad X, redundant I/O modules must be inserted in different racks:
i

5.2.2 Channel Redundancy

Channel redundancy is only possible within a redundancy group. Only channels with the same
channel number can be defined as redundant. In such cases, the programming tool
automatically allocates a global variable, which is assigned to a channel (channel number), to
both channels of the redundant modules. Refer to the Hardware Editor section of the SILworX
online help for more details.

5.3 System Bus Redundancy

The HIQuad X system can be operated with redundant system bus A and system bus B, see
Chapter 3.
Requirements for redundant operation:
 Use of 2 processor modules per base rack.
 Suitable configuration in the programming tool.
 Connection of the racks in a controller, see Chapter 3.

5.4 Communication Redundancy

For more information, refer to the SILworX online help and communication manual
(HI 801 101 E).

5.4.1 safeethernet
Redundancy is configured in the SILworX safeethernet Editor. A communication connection is
redundant if two identical physical transmission paths exist.

5.4.2 Standard Protocols

If standard protocols are used, the user program must manage redundancy, except for Modbus
slaves.

Page 66 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6 Programming
SILworX is installed on a personal computer (PC) and activated through a license. To create the
user program and configure a resource, SILworX does not have to be connected to the HIQuad
system. To perform loading, testing and monitoring tasks, the PC is connected to the HIQuad X
system via an Ethernet interface.

6.1 Using Variables in a Project

A variable is a placeholder for a value within the program logic. The variable name is used to
symbolically address the storage space containing the stored value.
Two essential advantages result from using symbolic names instead of physical addresses:
 The names of inputs and outputs used in the process can also be used in the user program.
 The modification of how the variables are assigned to the input and output channels does
not affect the user program.
Local and global variables exist. Local variables are valid in a delimited project area, in a user
program or function block. Global variables can be used in several function blocks or user
programs and can exchange data between the function blocks.
Global variables can be created at different project tree levels. Global variables are valid for all
sub-branches.
Example: If a project contains several resources, the global variables created under a resource
are only valid for the branches subordinated to that resource.
Hierarchy of the levels at which global variables can be defined.
1. Project.
2. Configuration.
3. Resource.

Values may only be written to global data in one program location! The possible sources are:
 Logic in a user program.
 (Safety-related) inputs.
 System variables.
 (Safety-related) communication protocols.
Writing to global variables at multiple positions within the program can result in unintended
effects!
In the Global Variable Editor, check the usage of global data with the Cross-Reference in
Column function.

HI 803 211 E Rev. 1.01.00 Page 67 of 110

Programming System

6.1.1 Variable Types

SILworX supports the following variable types:
 VAR, a variable within a logic (read and write).
 VAR with the CONST attribute, a variable that was defined as constant and cannot be
modified.
 VAR with the RETAIN attribute, a variable that retains its value after a power outage.
 VAR_EXTERNAL, reference to global variables (read and write).
 VAR_GLOBAL, global variable (read and write) to exchange values between programs and
subordinated functions and function blocks.
 VAR_INPUT, input variable (read) of a POU. It is also displayed in the interface viewer.
 VAR_OUTPUT, output variable (write) of a POU. It is also displayed in the interface viewer.
 VAR_TEMP, temporary variable (read and write).
 VAR_ACTION, action declaration (read and write).
Which type can be assigned to a variable depends on the hierarchy of the variables in the
structure tree. The following table shows the permissible variable types in connection with the
structure tree nodes.

Type Project Configuration Resource Program Function Function

type block type
type
VAR X
VAR_EXTERNAL X
VAR_GLOBAL X X X (1)
VAR_INPUT (1) X X
VAR_OUTPUT (1) X X
VAR_TEMP (2) X
VAR_ACTION (2) X
(1) Contrary to the standard, this function is not supported.
(2) Contrary to the standard, VAR_ACTION is supported.

Table 22: Supported Variable Types

6.1.2 Initial Value

An initial value can be allocated to any variable. The variable adopts this value if no other value
was assigned by the program:
 While starting the program
 If a fault occurs in one of the following sources from which the variable derived its value.
Examples:
- Physical input.
- Communication interface.
- User program in the STOP state.
The value that the connected variables should adopt can be set for safeethernet and
communication protocols.

HIMA recommends assigning a safe value as initial value to all the variables that receive their
i value from a physical input or from communication!

Variables that have not been assigned an initial value have an initial value of 0 or FALSE if the
variables are of type BOOL.

Page 68 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.1.3 System Variables and System Parameters

System variables are pre-defined variables for processing properties or states of the HIQuad X
system in the user program. To define them, they are assigned global variables used in the user
program.
The system parameters are used to configure properties of the controller (only possible in
SILworX). System parameters that can only have the values TRUE and FALSE are also
referred to as switches.
System variables and system parameters are defined at different project levels. The system
variables and parameters are configured in SILworX, either in the Properties dialog box of the
corresponding structure tree node or in the detail view of the Hardware Editor.
Project level Description of the system variables and parameters
Resource See Table 24.
Hardware, in general  System variables for configuring the controller, see Table 24.
 System variables providing information, see Table 26 and
Table 27.
Hardware: Modules Refer to the manual of the corresponding module type.
The system variables and system parameters are configured in
the module's detail view of the Hardware Editor.
User Program See Table 25.
Table 23: System Variables at Different Project Levels

HI 803 211 E Rev. 1.01.00 Page 69 of 110

Programming System

6.1.3.1 Resource System Parameters

The system parameters of the resource determine how the controller will behave during
operation. The system parameters can be set in SILworX, in the Properties dialog box of the
resource.
System parameters S 1) Description Setting for safe
operation
Name N Name of the resource. Any
System ID [SRS] Y System ID of the resource Unique value
Range of values: 1…65 535 within the
Default value: 60 000 controller
The value assigned to the system ID must differ from the network. This
default value, otherwise the project is not able to run! network
includes all
controllers that
can potentially
be
interconnected.
Safety Time [ms] Y For details on the safety time of the resource (in Application-
milliseconds). specific
Range of values: 20…22 500 ms
Default value: 600 ms (can be changed online)
Watchdog Time Y Watchdog time in milliseconds. Application-
[ms] Range of values: 6…7500 ms specific
Default value: 200 ms (can be changed online)
Target Cycle Time N Target or maximum cycle time, see Target Cycle Time Mode. Application-
[ms] CPU-Periode Range of values: 0…7500 ms specific
Default value: 0 ms (can be changed online)
The maximum target cycle time value may not exceed the
configured Watchdog Time [ms] minus the minimum value
that can be set for Watchdog Time [ms] (6 ms, see above);
otherwise the entry is rejected.
If the default value is set to 0 ms, the target cycle time is not
taken into account. For more details, refer to Chapter 6.1.3.2.
Target Cycle Time N Use of Target Cycle Time [ms], see Chapter 6.1.3.2. Application-
Mode The default setting is Fixed-tolerant (can only be changed specific
online).
Multitasking Mode N Mode 1: The duration of a CPU cycle is based on the Application-
required execution time for all user programs. specific
Mode 2: The processor provides the execution time
portion not needed by lower priority user
programs to higher priority user programs.
Operation mode for high availability.
Mode 3: The processor waits until the execution time not
needed by the user programs has expired, thus
increasing the cycle.
The default setting is Mode 1.
Max. Com.Time N Highest value in ms for the time slice used for -
Slice [ms] communication during a resource cycle, see the
communication manual (HI 801 101 E).
Range of values: 2…5000 ms
Default value: 60 ms

Page 70 of 110 HI 803 211 E Rev. 1.01.00

System Programming

System parameters S 1) Description Setting for safe

operation
Optimized Use of N The system parameter reduces the response times for -
Com. Time Slice communications via processor module(s).
i This can affect the temporal utilization of Max.Com.
Time Slice ASYNC [ms] and the system parameter
Max. Duration of Configuration Connections [ms]
such that these two times can be subject to more
demands (e.g., during reload).

Max. Duration of N This defines how much time within a CPU cycle is available Application-
Configuration for configuration connections. specific
Connections [ms] Range of values: 2…3500 ms
Default value: 12 ms
For more details, refer to Chapter 6.1.3.4.
Maximum System N Maximum delay of a message between an I/O processing Application-
Bus Latency [µs] module and the processor module. specific
Setting: Line structure or 100 µs
The default setting is line structure.
i A license is required for setting the maximum system
bus latency to a value ≠ System Defaults.

Allow Online Y TRUE: All the switches/parameters listed under FALSE HIMA
Settings can be changed online using the PADT. This is recommends
only valid if the system variable Read-only in using the
RUN has the value FALSE. FALSE setting.
The default setting is TRUE.
FALSE: The following parameters cannot be changed
online:
 System ID
 Autostart
 Global Forcing Allowed
 Global Force Timeout Reaction
 Load Allowed
 Reload Allowed
 Start Allowed
The following parameters can be changed online
if Reload Allowed is TRUE.
 Watchdog Time (for the resource)
 Safety Time
 Target Cycle Time
 Target Cycle Time Mode

Allow Online Settings can only be TRUE when the controller

is stopped or by performing a reload.

Autostart Y TRUE: If the processor module is connected to the Application-

supply voltage, the user programs start specific
automatically.
The default setting is TRUE.
FALSE: The user program does not start automatically
after connecting the supply voltage.
Observe the settings in the resource program properties!

HI 803 211 E Rev. 1.01.00 Page 71 of 110

Programming System

System parameters S 1) Description Setting for safe

operation
Start Allowed Y TRUE: Cold start or warm start permitted with the PADT Application-
in RUN or STOP. specific
The default setting is TRUE.
FALSE: Start not allowed.
Load Allowed Y TRUE: Configuration download is allowed. Application-
The default setting is TRUE. specific
FALSE: Configuration download is not allowed.
Reload Allowed Y TRUE: Configuration reload is allowed. Application-
The default setting is TRUE. specific
FALSE. Configuration reload is not allowed.
A running reload process is not aborted when
switching to FALSE.
Global Forcing Y TRUE: Global forcing is permitted for this resource. Application-
Allowed The default setting is TRUE. specific
FALSE: Global forcing is not permitted for this resource.
Global Force N Specifies how the resource should behave when the global Application-
Timeout Reaction force timeout has expired: specific
 Stop Forcing Only.
 Stop Forcing and Stop Resource.
Default value: Stop Forcing Only.
Minimum N The default setting is based on the current SILworX version. Application-
Configuration It ensures compatibility with future SILworX versions. specific
Version Code is generated in accordance with SILworX V10
conventions, since HIQuad X is supported as of SILworX
V10.
Any setting to a SILworX version prior to V10 is rejected for
HIQuad X. An error message is displayed in the logbook!
For more details, refer to Chapter 6.1.3.5.
Fast Start-Up N Not applicable to HIQuad X. -
1) The operating system handles the system parameter in a safety-related manner, yes (Y) or no (N)
Table 24: Resource System Parameters

Page 72 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.1.3.2 Use of the Parameters Target Cycle Time and Target Cycle Time Mode
Using the settings for the Target Cycle Time Mode system parameter, the cycle time can be
maintained as constant as possible at the value of Target Cycle Time [ms]. To do this, the
system parameter must be set to a value > 0.
In doing so, HIQuad X limits reload and synchronization on the redundant modules to ensure
that the target cycle time is maintained.
The following table describes the settings for the Target Cycle Time Mode system parameter.
Setting Description
Fixed If a CPU cycle is shorter than the defined Target Cycle Time, the CPU cycle is
extended to the target cycle time.
If the CPU cycle takes longer than the target cycle time, the CPU resumes the cycle
without delay.

A reload or synchronization process is rejected if the reserve time is not

i sufficient (target cycle time minus actual cycle time).

Fixed-tolerant Similar to Fixed, but with the following differences:

1. To ensure that the synchronization process can be performed
successfully, the target cycle time may be violated for one CPU cycle.
2. To ensure that the reload can be performed successfully, the target
cycle time may be violated for 1 to n CPU cycles (where n is the
number of changed user programs).

The default setting is Fixed-tolerant!

After the first reload activation cycle, the values of watchdog time, target
i cycle time and target cycle time mode apply in accordance with the new
configuration.
A maximum of every fifth cycle can be extended during the reload.
One single cycle may be extended during synchronization.

Dynamic The CPU processes each CPU cycle as fast as possible. This corresponds
to a target cycle time of 0 ms.
A reload or synchronization process is rejected if the reserve time is not
i sufficient (target cycle time minus actual cycle time).
A maximum of every fifth cycle can be extended during the reload.
One single cycle may be extended during synchronization.

Dynamic-tolerant Similar to Dynamic, but with the following differences:

1. If necessary, the target cycle time is automatically increased for one CPU
cycle to ensure that the synchronization process can be performed
successfully.
2. To ensure that the reload can be performed successfully, the target cycle
time may be automatically increased for 1 to n CPU cycles (where n is the
number of changed user programs).

After the first reload activation cycle, the values of watchdog time, target
i cycle time and target cycle time mode apply in accordance with the new
configuration.
A reload or synchronization process is rejected if the reserve time is not
sufficient (target cycle time minus actual cycle time).

Table 25: Settings for Target Cycle Time Mode

HI 803 211 E Rev. 1.01.00 Page 73 of 110

Programming System

6.1.3.3 Maximum Communication Time Slice

The maximum communication time slice is the time period in milliseconds (ms) per CPU cycle
assigned to the processor module for processing the communication tasks. Even if the protocol
processing could not be completed within one communication time slice, the CPU still executes
the safety-relevant monitoring for all protocols within one CPU cycle.

If not all upcoming communication tasks can be processed within one CPU cycle, the whole
i communication data is transferred over multiple CPU cycles. The number of communication
time slices is then greater than 1.
For calculating the maximum response time, the number of communication time slices must be
equal to 1.

Determining the Maximum Duration of the Communication Time Slice

For a first estimate of the maximum duration of the communication time slice for the HIQuad X
system, the sum of the following times must be entered in the Max. Com. Time Slice [ms]
system parameter located in the properties of the resource:
 For each F-COM module: 3 ms.
 For each redundant safeethernet connection: 1 ms.
 For each non-redundant safeethernet connection: 0.5 ms.
 For each kilobyte user data of non-safety-related protocols, e.g., Modbus: 1 ms.
HIMA recommends comparing the value estimated for Max. Com. Time Slice [ms] with the value
displayed in the Control Panel and, if necessary, correcting it in the properties of the resource.
This can be done during an FAT (factory acceptance test) or SAT (site acceptance test).

To determine the actual duration of the maximum communication time slice

1. Operate the HIQuad X system under full load (FAT, SAT):
All communication protocols are in operation (safeethernet and standard protocols).
2. Open the Control Panel and select the Com. Time Slice structure tree folder.
3. Read the vale displayed for Maximum Com. Time Slice Duration per Cycle [ms].
4. Read the value displayed for Maximum Number of Required Com. Time Slice Cycles.
The duration of the communication time slice must be set so that, when using the
communication time slice, the CPU cycle cannot exceed the watchdog time specified by the
process.

Page 74 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.1.3.4 Calculating the Maximum Duration of Configuration Connections [ms]

If communication is not completely processed within a CPU cycle, it is resumed in the next
following CPU cycle at the interruption point. This slows down communication, but it also
ensures that all connections to external partners are processed equally and completely.
The value of Max. Duration of Configuration Connections [ms] is included in the watchdog time
and must be selected so that the cyclic processor module tasks can be executed in the
remaining time.
The volume of the configuration data to be communicated must be observed. This depends on
the number of configured remote I/Os, the existing connections to PADTs and the system
modules with an Ethernet interface.
A temporary setting for the F-CPU 01 module can be calculated as follows:
tConfig = nCom + nPADT + nRIO * 0.25 ms + 4 ms + 4*(tLatency * 2 + 0.8)

tConfig System parameter Max. Duration of Configuration Connections [ms]

nCOM Number of modules with Ethernet interfaces (CPU, COM)
nRIO Number of configured remote I/Os
nPADT Maximum number of PADT connections = 5
tLatency To obtain the value in ms, divide the Maximum System Bus Latency [µs] by
1000.

If tConfig is less than 6 ms, the value must be set to 6 ms.

The calculated value tConfig must be compared with the real value derived from the online
statistics of the Control Panel. The real value depends on the system structure.
If the value calculated for tConfig is greater than the real value, the remaining time will not be used
for other cyclic tasks, such as the adoption of an additional CPU for redundancy operation. The
remaining time is not included in the cyclic reserve time.

If the real value is greater than the value calculated for tConfig, the parameter located in the
i resource properties must be corrected (observe the watchdog time) and loaded into the
controller by performing a download or reload. Alternatively, a direct online change is also
possible. Not correcting the value causes the system handling via PADT to slow down.

HI 803 211 E Rev. 1.01.00 Page 75 of 110

Programming System

6.1.3.5 The Minimum Configuration Version Parameter

 The highest Minimum Configuration Version is always selected for new projects. Verify that
this setting is in accordance with the operating system version in use.
 In a previous project converted to the current SILworX version, the value for Minimum
Configuration Version remains the value set in the previous version. This ensures that the
configuration CRC resulting from the code generation is the same as in the previous version
and the configuration is still compatible with the operating systems of the modules.
The value of Minimum Code Generation only needs to be increased for converted projects if
additional functions of a controller should be used.
 If features requiring a higher configuration version are used in the project, SILworX
automatically generates a configuration version higher than the preset Minimum
Configuration Version. This is indicated by SILworX in the code generation logbook. The
modules reject loading configurations if their version and operating system do not match.
The safety-related SILworX version comparison can be used to determine and prove
changes performed to the current project version compared to a previous one.
 For HIQuad X, Minimum Configuration Version must be set to SILworX V10 or higher.

Page 76 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.1.3.6 Rack System Variables

These system variables are used to change the behavior of the controller while it is operating in
specific states. The system parameter can be accessed by double-clicking the gray background
of the rack or selecting the Detail View context menu and opening the System tab in the
Hardware Editor.

Output Variables
Variables that are not selected in the Input Variables column through a tick, are output
variables.
System variables S 1) Function Setting for safe
operation
Force Deactivation Y Prevents the forcing process from starting and Application-specific
terminates a running forcing process.
The default setting is FALSE.
Emergency Y Shuts down the controller if faults are detected by Application-specific
Stop 1…Emergency the user program.
Stop 4 The default setting is FALSE.
Read-Only in RUN Y After the controller is started, the access Application-specific
permissions are downgraded to Read-Only.
Exceptions are forcing and reload.
The default setting is FALSE.
Reload Deactivation Y Locks the execution of reload. Application-specific
The default setting is FALSE.
1)
The operating system handles the system parameter in a safety-related manner, yes (Y) or no (N).
Table 26: System Parameters for Output Variables

Input Variables
Variables that are not selected in the Input Variables column through a tick, are output
variables.
System variables S 1) Description Data type
Number of Field Errors N Number of current field faults. UDINT
Number of Field Errors - N Counted number of field faults (counter resettable) UDINT
Historic Count
Number of Field Warnings N Number of current field warnings. UDINT
Number of Field Warnings - N Counted number of field warnings (counter resettable) UDINT
Historic Count
Number of Communication N Number of current communication errors UDINT
Errors
Number of Communication N Counted number of communication errors (counter UDINT
Errors - Historic Count resettable)
Number of Communication N Number of current communication warnings UDINT
Warnings
Number of Communication N Counted number of communication warnings (counter UDINT
Warnings - Historic Count resettable)
Number of System Faults N Number of current system errors UDINT
Number of System Faults - N Counted number of system errors (counter resettable) UDINT
Historic Count
Number of System Warnings N Number of current system warnings UDINT
Number of System Warnings N Counted number of system warnings (counter UDINT
- Historic Count resettable)

HI 803 211 E Rev. 1.01.00 Page 77 of 110

Programming System

System variables S 1) Description Data type

Autostart Y TRUE When the processor module is connected to BOOL
the supply voltage, it automatically starts the
user program.
FALSE When the supply voltage is connected, the
processor module enters the STOP state.
OS Major [1]…[2] Y Version of the operating system for every processor UINT
OS Minor [1]…[2] module. The number of redundant processor modules
and the values depend on the controller type.
CRC Y Resource configuration checksum. UDINT
Date/time [ms portion] N System date and system time in milliseconds and UDINT
Date/time [sec. portion] seconds since 1970-01-01:
0…999 ms, 0…4 294 967 295 s
Force Deactivation Y TRUE Forcing is deactivated. BOOL
FALSE Forcing is possible.
Forcing Active Y TRUE Global or local forcing is active. BOOL
FALSE Global and local forcing are not active.
Force Switch State N Information about the selected force switch. UDINT
0xFFFF FFFE No force switch set.
0xFFFF FFFF At least one force switch set.
Global Forcing Started Y TRUE Global forcing is active. BOOL
FALSE Global forcing is not active.
Last Field Warning [ms] N Date and time of the last field warning in milliseconds UDINT
Last Field Warning [s] and seconds since 1970-01-01:
0…999 ms, 0…4 294 967 295 s
Last Communication N Date and time of the last communication warning in UDINT
Warning [ms] milliseconds and seconds since 1970-01-01:
Last Communication 0…999 ms, 0…4 294 967 295 s
Warning [s]
Last System Warning [ms] N Date and time of the last system warning in milliseconds UDINT
Last System Warning [s] and seconds since 1970-01-01:
0…999 ms, 0…4 294 967 295 s
Last Field Error [ms] N Date and time of the last field error in milliseconds and UDINT
Last Field Error [s] seconds since 1970-01-01:
0…999 ms, 0…4 294 967 295 s
Last Communication Error N Date and time of the last communication error in UDINT
[ms] milliseconds and seconds since 1970-01-01
Last Communication Error 0…999 ms, 0…4 294 967 295 s
[s]
Last System Error [ms] N Date and time of the last system error in milliseconds UDINT
Last System Error [s] and seconds since 1970-01-01:
0…999 ms, 0…4 294 967 295 s
Fan State N Depends on the controller type; see the documentation. BYTE
0xFF: Not available.
Mono Startup Release Y Enable for non-redundant operation. The system BOOL
variable exists depending on the controller family.
TRUE A single processor module in rack 0, slot
10/12 (H51X) may also start with one
system bus only.
A single processor module in rack 0, slot
16/18 (H41X) may also start with one
system bus only.
FALSE Both system buses are also necessary for a
single processor module.

Page 78 of 110 HI 803 211 E Rev. 1.01.00

System Programming

System variables S 1) Description Data type

Power Supply Input N Value of the input voltage in the respective F-PWR 01 UINT
Voltage 1…5[D20_0004, power supply unit expressed in mV.
#580]
Power Supply N Status of the F-PWR 01 power supply units. 3 adjacent WORD
Status[D20_0004, #579] bits are coded for each power supply unit.
Bit 0…2 Status of power supply unit 1
Bit 3…5 Status of power supply unit 2
Bit 6…8 Status of power supply unit 3
Bit 9…11 Status of power supply unit 4
Bit 12…14 Status of power supply unit 5
The following applies to each power supply unit:
 Once the power supply unit has been detected, the
least significant bit is 1. Otherwise, it is bit 0.
 If at least one warning was issued for the power
supply unit, the middle bit is 1. Otherwise, it is bit 0.
 If at least on fault occurred in the power supply unit,
the most significant bit is 1. Otherwise, it is bit 0.
Allow Online Settings Y Main enable switch of the processor module BOOL
TRUE The subordinate enable switches may be
changed.
FALSE The subordinate enable switches may not
be changed.
Read-Only in RUN Y TRUE The following operator functions are locked: BOOL
Stop, Start, Download.
FALSE The following operator functions are
unlocked: Stop, Start, Download.
Redundancy Info Y Bit-coded redundancy state of the processor modules.
The variable exists depending on the controller family.
Reload Allowed Y TRUE Reload is allowed to load a controller. BOOL
FALSE Reload is not allowed to load a controller.
Reload Deactivation Y TRUE Reload is locked. BOOL
FALSE Reload is not locked.
Reload Cycle Y TRUE The current cycle is the first cycle after a BOOL
reload.
FALSE Otherwise
Responsible Module Y Essential state of redundant processor modules. The BYTE
Essential variable exists depending on the controller family.
Safety Time [ms] Y Safety time set for the resource in ms. UDINT
Start Allowed Y TRUE The processor module may be started BOOL
through the PADT.
FALSE The processor module may not be started
through the PADT.
Start Cycle Y TRUE The current cycle is the first cycle after the BOOL
start.
FALSE Otherwise
Power Supply State [1]…[2] N Bit-coded state of the power supply of processor BYTE
modules 1…2.
The following properties differ depending on the
controller family:
- Possible number of processor modules.
- State bits suitable for safety functions!
System ID [SRS] Y System ID of the controller, 1…65 535. UINT

HI 803 211 E Rev. 1.01.00 Page 79 of 110

Programming System

System variables S 1) Description Data type

Systemtick HIGH Y Revolving millisecond counter (64-bit). UDINT
Systemtick LOW
Temperature State [1]…[2] N Bit-coded temperature state of processor modules 1…2: BYTE
Bit no. State when the bit is set.
0 Temperature threshold 1 exceeded.
1 Temperature threshold 2 exceeded.
2 Incorrect temperature value.
Remaining Global Force Y Time in ms until the time limit set for global forcing DINT
Duration [ms] expires.
Watchdog Time [ms] Y Maximum permissible duration of a RUN cycle in ms UDINT
(dependent on the controller family).
Cycle Time, last [ms] Y Current cycle time. UDINT
Cycle Time, max [ms] N Maximum cycle time in milliseconds. UDINT
Cycle Time, min [ms] N Minimum cycle time in milliseconds. UDINT
Cycle Time, average [ms] N Average cycle time in milliseconds. UDINT
1) The operating system handles the system parameter in a safety-related manner, yes (Y) or no (N).
Table 27: System Parameter for Input Variables

Page 80 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.1.3.7 Locking and Unlocking the Resource

Locking the resource locks all functions and prevents users from accessing them during
operation. This also protects against unauthorized manipulations to the user program.
Unlocking the controller deactivates any locks previously set, e.g., to perform work on the
controller.
The three system variables Read-only in Run, Reload Deactivation and Force Deactivation are
used to lock the PES, see Table 26.
If all three system variables are TRUE, no access to the controller is possible. In this case, the
controller can only enter the STOP state by restarting all processor modules. Only then can a
new user program be loaded. The example describes a simple case, in which a key-operated
switch is used to lock or unlock all interventions to the resource.

Example: To make a controller lockable

1. Define a global variable of type BOOL and set its initial value to FALSE.
2. Assign the global variable as output variable to the three system variables Read-only in Run,
Reload Deactivation and Force Deactivation.
3. Assign the global variable to the channel value of a digital input.
4. Connect a key switch to the digital input.
5. Compile the program, load it into the controller, and start it.
► The owner of a corresponding key-operated switch is able to lock and unlock the controller. If
the corresponding digital input module fails, the controller is automatically unlocked.

This simple example can be modified using multiple global variables, digital inputs and key
switches. The permissions for forcing, reload and other operating functions can be distributed
on different keys and persons.

HI 803 211 E Rev. 1.01.00 Page 81 of 110

Programming System

6.2 Forcing
Forcing is the procedure by which a variable's current value is replaced with a force value.
The current value of a variable is assigned from one of the following sources:
 A physical input.
 Communication.
 A logic operation.
When a variable is being forced, its value is defined by the user.
Forcing can be used in the following cases:
 For testing the user program; in particular, in cases or conditions that cannot otherwise be
tested.
 For simulating unavailable sensors when the initial values are not appropriate.

WARNING
Physical injury due to forced values is possible!
 Only force values after receiving consent from the test authority responsible for the
acceptance test.
 Only remove existing forcing restrictions with the consent of the test authority
responsible for the acceptance test.

When forcing values, the person in charge must take further technical and organizational
measures to ensure that the process is sufficiently monitored in terms of safety. HIMA
recommends setting a time limit for the forcing procedure, refer to Chapter 6.2.1 for details.

WARNING
Failure of safety-related operation possible due to forced values!
 Forced value may lead to incorrect output values.
 Forcing prolongs the cycle time. This can cause the watchdog time to be exceeded.
Forcing is only permitted after receiving consent from the test authority responsible for
the acceptance test.

Forcing can operate at two levels:

 Global forcing: Global variables are forced for all applications.
 Local forcing: Values of local variables are forced for an individual user program.

Page 82 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.2.1 Time Limits

Different time limits can be set for global or local forcing. Once the defined time has expired, the
controller stops forcing values.
The behavior of the HIQuad X system upon expiration of the time limit can be configured:
 For global forcing, the following settings can be selected:
- Stop Resource.
- Stop Forcing Only, i.e., the resource continues to operate.
 For local forcing, the following settings can be selected:
- Stop Program.
- Stop Forcing Only, i.e., the user program continues to run.
Forcing can also be used without time limit. In this case, the forcing procedure must be stopped
manually.
The person responsible for forcing must clarify what effects stopping forcing have on the entire
system!

6.2.2 Restricting the Use of Forcing

The user can limit the use of forcing to avoid faulty safety-related operation due to its improper
use. The following measures can be implemented in the configuration:
 Configuring different user profiles with or without forcing authorization.
 Prohibit global forcing for a resource.
 Prohibit local forcing for a user program
 Forcing can also be stopped immediately using a key switch.
To do so, the Force Deactivation system variable must be linked to a digital input connected
to a key switch.

WARNING
Failure of safety-related operation possible due to forced values!
Only remove existing forcing restrictions with the consent of the test authority
responsible for the acceptance test.

6.2.3 Force Editor

SILworX Force Editor lists all the variables, grouped in global and local variables.
For each variable, the following can be set:
 The force value
 The force switch (switching it on or off) to prepare for forcing variables.
Forcing can be started and stopped for both local and global variables.
Forcing can be started for a predefined time limit or for an indefinite time period. If none of the
restrictions apply, all variables with an active force switch are set to their force values.
When forcing is stopped, manually or because the time limit has expired, the variables will again
receive their values from the process or the user program.
If forcing is started again, the configured force values will replace the values from the program
or process!
For more information on the Force Editor and forcing, refer to the SILworX online help.

Copying data from the Force Editor to the clipboard gathers the current state of the data
available in the Force Editor. Data that are not visible are not refreshed and can thus have an

HI 803 211 E Rev. 1.01.00 Page 83 of 110

Programming System

obsolete value! Press Ctrl+A to select and copy all the data, even if they are not in the visible
area.

6.2.4 Automatic Forcing Reset

The operating system resets forcing in the following cases:
 When the resource is restarted, e.g., after connecting the supply voltage.
 When the resource is stopped.
 When a new configuration is loaded by performing a download.
 When a user program is stopped: Reset of local forcing for this user program.
In these cases, the user program changes the force settings as follows:
 Force values to 0 or FALSE
 Individual force switch to OFF.

During a reload, local and global force values as well as forcing times and force timeout
reactions are still valid.
Global force values and force switches can be set when a resource is stopped. The configured
values become valid after restarting the resource and forcing.
Local force values and force switches can be set when the user program is stopped. The
configured values become valid after restarting the user program and forcing.

6.2.5 Forcing and Scalar Events

When forcing a global variable used to create scalar events, observe the following points:
 The events are created in accordance with the force value.
 The values of these variable-dependent status variables are not tracked to the force value!

In such cases, the corresponding status variables must also be forced!

6.3 Cycle Sequence

In a simplified overview, the processor module cycle (CPU cycle) of only one user program runs
through the following phases:
1. Processing of the input data.
2. Processing of the user program.
3. Provision of the output data.
These phases do not include special tasks such as reload, which might be executed within a
CPU cycle.
Global variables, results from function blocks, and other data are processed in the first phase
and represent the input data for the second phase. The first phase need not start at the
beginning of the cycle, but may be delayed. For this reason, inaccurate cycle times, potentially
exceeding the watchdog time, may result if timer function blocks are used to determine the cycle
time in the user program.
In the third phase, the user program results are forwarded for being processed in the following
cycles and supplied to the output channels.

Page 84 of 110 HI 803 211 E Rev. 1.01.00

System Programming

6.4 User Management

The user management allows users to organize user groups, user accounts and their access
permissions for each individual project. The user management in SILworX is set up for each
project and each controller:
 The PADT user management controls the access to the SILworX project.
 The PES user management controls the access to the PES.

HIMA recommends using the user management for protecting SILworX projects and controllers
(PES) against unauthorized access and cyberattacks. Refer to the HIMA automation security
manual (HI 801 373 E) for more details.

6.4.1 PADT User Management

The PADT user management is used to create user groups and user accounts. The user
management and access permissions apply to one SILworX project.
If no PADT user management exists, any user can open and modify the project. If the PADT
user management has been defined for a project, only authenticated users can open the
project. If a PADT user account was defined in a project as the default user account, every user
can open the project with the default user account. Only users with the corresponding rights
may modify the projects. The table shows the possible access modes (permission levels).
Access Mode Description
Security Administrator Security administrators may modify the user management, i.e., set
up, delete, change user accounts, user groups and the user
management, and define the default user account.
They may also perform all SILworX functions.
Read and Write Allows users to perform SILworX functions, except for the user
management.
Read Read-only access, i.e., users may not change or archive the
projects.
Table 28: Access Modes for the PADT User Management

The PADT user management allocates the permissions to the user groups. A user may only be
member in one user group. The user accounts obtain their permissions through the user group
assigned to them. At least one user group with configured user must have the access mode
Security Administrator.
Properties of user groups:
 The name must be unique within the project and may contain 1…31 characters from the
ISO Latin 1 character set. Leading white-spaces are ignored.
 An access mode is assigned to a user group.
 Any number of user accounts may be assigned to a user group.
 A project may contain any number of user groups.

Properties of user accounts:

 The name must be unique within the project and may contain 1…31 characters from the
ISO Latin 1 character set. Leading and trailing white-spaces are ignored.
 A user account is assigned to a user group.
 A project may contain any number of user accounts.
 A user account can be the default user account of the project.

No additional authentication is required if the project is opened with a default user account. The
default user account is defined in the Properties of the user management. Note: Close the user
management editor prior to opening the Properties dialog box.

HI 803 211 E Rev. 1.01.00 Page 85 of 110

Programming System

6.4.2 PES User Management

The PES user management serves to protect a HIMA controller against unauthorized access
and actions. The user groups and their access permissions are part of the project, they are
defined with SILworX and loaded into the PES.
The PES user management automatically displays the user groups created in the PADT user
management. The user groups in the PES user management can be directly allocated to the
corresponding resources.
User accounts for up to ten user groups can be managed in the PES user management of each
controller. The user data is available for login once the project has been loaded in the controller
through a download. The user accounts are stored in the controller and still apply after switching
off the operating voltage. The user accounts of a controller also apply to the connected remote
I/Os.
Users log in to a controller using the user group name and password. If they use the user group
name belonging to their user account, the password is not required for login. The values for
PES user group name and password are not those currently entered in the project, but those
transferred to the PES during the last loading process!
The use of the PES user management is not necessary, but is a contribution to safe and secure
operation. If PES user accounts are defined for a resource, at least one must have administrator
rights.

6.4.3 Default User

The factory user settings apply if no user accounts were set up for a resource. The factory
settings also apply after starting a controller using the mode switch set to Init.
Factory settings
Number of users: 1
User group: Administrator
Password: None
Access permission: Administrator

Note that the default settings cannot be maintained if new user accounts are defined.
i

Page 86 of 110 HI 803 211 E Rev. 1.01.00

System Programming

Parameters for PES User Accounts

When editing PES user accounts, the following parameters can be defined:
Parameters Description
PES PES name (resource); automatically filled in!
User Group User group name used to log in to a controller; automatically filled in!
PADT Security Administrator Field for entering the PADT security administrator password.
Password
Access Mode The access modes define the rights allocated to users.
The following access modes are possible:
 Read: Users may only read information but they cannot modify the
controller.
 Read + Operator: Similar to Read, but users may also:
- Start, stop and test user programs.
- Configure the redundancy for processor modules.
- Reset cycle time and fault statistics.
- Set the system time, restart and reset the modules.
- Start system operation for processor modules.
- Forcing
 Read + Write: Similar to Read + Operator, but users may also:
- Load the programs into the controller (by performing a download or
reload).
- Perform forcing.
- Change system parameters, such as watchdog time, online.
 Administrator: Similar to Read + Write, but users may also:
- Load operating systems.
At least one user must have administrator rights, otherwise the controller
settings are not accepted.
PES Password Password assigned to the PES user group and required for login.
The password must not contain more than 32 characters and may only be
composed of letters (A…Z, a…z), numbers (0…9) and the special
characters underscore «_» and hyphen «-».
The entry is case sensitive.
Confirm PES Password Repeat the password to confirm the entry.
Table 29: Parameters for User Groups in the PES User Management

HI 803 211 E Rev. 1.01.00 Page 87 of 110

Programming System

6.4.4 Setting up PES User Accounts

A PADT user account with Security Administrator access mode has access to all the PES user
groups.
Take the following points into account when setting up PES user groups:
 Make sure that at least one PES user account with Administrator access mode is configured
in every PES. Usually, this is the Security Administrator user group. Always define a
password for the PES user account with Administrator access mode.

Generally, passwords are to be used. Suitable passwords are composed of more than 10
i characters and contain numbers, special characters, capital and lowercase letters. For more
information, refer to the HIMA automation security manual (HI 801 373 E).

 In SILworX, use Verification to check the created PES user groups.

 The new PES user groups are valid once the code has been generated and a download has
been performed to load the project into the controller. All PES user groups previously saved,
e.g., the default settings, are no longer valid.

Page 88 of 110 HI 803 211 E Rev. 1.01.00

System Diagnostics

7 Diagnostics
The diagnostic LEDs are used to give a first quick overview of the system state.
The diagnostic history in SILworX provides detailed information.

7.1 Light Emitting Diodes

Light emitting diodes (LEDs) on the front plate indicate the module state. All LEDs should be
considered together. The state of one single LED is not sufficient to assess the module state.
A description of the LEDs is provided in the module-specific manuals.

After connecting the supply voltage, an LED test is performed and all the LEDs are lit for at least
2 s. The color of two-color LEDs changes once during the test.

Definition of blinking frequencies

The following table defines the blinking frequencies:
Definition Blinking frequencies
Blinking1 Long (600 ms) on, long (600 ms) off.
Blinking2 Short (200 ms) on, short (200 ms) off, short (200 ms) on, long (600 ms) off.
Blinking-x Ethernet communication: Blinking synchronously with data transmission.
Table 30: Blinking Frequencies of the LEDs

Some LEDs can report warnings (On) and faults or errors (Blinking1), see the following tables.
The indication of errors or faults has priority over the indication of warnings. Warnings cannot be
reported if errors or faults are being signaled.

7.2 Diagnostic History

The modules F-CPU, F-IOP and F-COM keep a history of the faults and other events that have
occurred. The events are stored in the history in chronological order. The history is organized as
a ring buffer.
The diagnostic history is composed of short-term and long-term diagnostics.
 Short-term diagnostics
If the maximum number of entries has been reached, each new entry deletes the oldest
entry.
 Long term dignostics:
The long term diagnosis essentially stores actions and configuration changes performed by
the user.
If the maximum number of entries has been reached, each new entry deletes the oldest
entry if this is older than three days.
The new entry is rejected if the existing entries are not older than three days. The rejection is
marked by a special entry.

The number of events that can be stored depends on the type of module.
Module type Max. number of events Max. number of events
long term diagnosis short-term diagnostics
F-CPU 01 2500 1500
F-IOP 01 400 500
F-COM 01 300 700
Table 31: Maximum Number of Entries Stored in the Diagnostic History per Module Type

HI 803 211 E Rev. 1.01.00 Page 89 of 110

Diagnostics System

The diagnostic entries can be lost if a power outage occurs just before they could be saved into
i non-volatile memory.

SILworX can be used to read the histories of the individual modules and represent them so that
the information required to analyze a problem is available:

Example:
 Mixing the histories from various sources
 Filtering by time period.
 Printing out the edited history
 Saving the edited history
For additional functions, see the SILworX online help.

7.2.1 Diagnostic Messages

A diagnostic message for I/O modules is structured as follows:
IO ERROR >> slot S I/O module type: MMMM status[Mod: mm OUT: AAAA IN: EEEE]
channel[OUT:aaaa IN:eeee] <<
The following table describes the data fields in the message.
Data field Format Description
S Decimal Slot number of the I/O module
MMMM Hexadecimal Module type
mm Hexadecimal Status of the module
AAAA Hexadecimal Code for faults in the module's outputs
EEEE Hexadecimal Code for faults in the module's inputs
aaaa Hexadecimal Code for channel faults in the output channels
eeee Hexadecimal Code for channel faults in the input channels
Table 32: Data Field of Diagnostic Message

For further details on the error codes, refer to the corresponding manuals. If multiple channels
are faulty, the data field aaaa / eeee contains an OR gate with 0x8000, e.g., the most
significant bit is set to 1 in addition to the error code.
The module type can be determined in the Hardware Editor.

Page 90 of 110 HI 803 211 E Rev. 1.01.00

System Diagnostics

7.3 Online Diagnosis

The online view in the SILworX Hardware Editor is used to diagnose failures in the HIQuad X
modules. Failed modules are signalized by a color change:
 Red indicates severe failures, e.g., that the module is not inserted.
 Yellow indicates less severe failures, e.g., that the temperature limit has been exceeded.
Point to a module to display a tooltip providing the following state information on the module:

Information Representatio Range of values Description

n
SRS Decimals System: 0...65 535 Module identification: System, Rack, Slot
Rack: 0...16
Slot: 1...18
Name Text Designation of the information , here always: Online
MODULE Information.
Module state Text RUN, STOP, NOT State in which the I/O processing module is
CONNECTED, operating.
Unknown, ...
Plugged Module Text Permissible Type of module which is plugged into the rack.
Type module types
Configured Module Text Permissible Type of module which is configured and loaded in the
Type module types controller.
Module Type in Text Permissible Type of module which is being projected as the
Project module types digital depiction.
Connection Status Hexadecimal 16#00...0F Status of the connection between each of the
of the Protocol value processor modules (max. of 2) and the I/O
processing module. Each of the bits 0...3 shows the
connection to the processor module with the
corresponding index.
Bit x = 0: Not connected.
Bit x = 1: Connected.
Interface Send Hexadecimal 16#0000...FFFF Every two bits represent the state of one interface
Status value identified with an index 0...16. Bits 0 and 1 apply to
interface 0, and so on.
Value Description
00 No message has been received or sent
yet, unknown status.
01 OK, no faults.
10 Last data received or sent was defective.
11 No faults during last
reception/transmission, one fault occurred
before.

HI 803 211 E Rev. 1.01.00 Page 91 of 110

Diagnostics System

Information Representation Range of values Description

Interface Receive Hexadecimal 16#0000...FFFF Every two bits represent the state of one interface
Status value identified with an index 0...16. Bits 0 and 1 apply to
interface 0, and so on.
Value Description
00 No message has been received or sent
yet, unknown status.
01 OK, no faults.
10 Last data received or sent was defective.
11 No faults during last
reception/transmission, one fault occurred
before.
Module Error Hexadecimal 16#00...3F Bit-coded status of the I/O processing module:
Status value Bit Meaning with value = 1
0 Warning related to external communication
1 Warning related to field connection
2 System warning.
3 External communication error
4 Field connection error
5 System error
6
Not used
7
Connection Status Hexadecimal 16#0...3 Status of the interface to system buses A:
of System Bus A value Value Description
0 The interface is OK.
1 The interface detected an error during last
reception, now it is OK.
2 An error occurred on the interface.
3 The interface is switched off.
Connection Status Hexadecimal 16#0...3 Status of the interface to system buses A:
of System Bus A value Value Description
0 The interface is OK.
1 The interface detected an error during last
reception, now it is OK.
2 An error occurred on the interface.
3 The interface is switched off.
Table 33: Diagnostic Information Displayed in the Online View for the Hardware Editor

Due to the timing behavior of the operating system, it is possible that the safety parameters are
not displayed in the diagnostics. To allow the safety parameters to be displayed in the
diagnostics, proceed as follows when opening the diagnostics:
1. Open the Control Panel and wait for all the fields to be refreshed.
2. In the Hardware Editor, open the diagnostics using the context menu of the online view and
not of the detail view!
Prior to opening the diagnostics, do not open the detail view and open as few online views as
possible (e.g., Force Editor, online test)!

Page 92 of 110 HI 803 211 E Rev. 1.01.00

System Product Data, Dimensioning

8 Product Data, Dimensioning

This chapter specifies the environmental requirements and the dimensions to be set in the
SILworX programming tool.

8.1 Environmental Conditions

Exposing the HIQuad X system to environmental conditions other than those indicated can
cause it to malfunction. Additionally, the instructions provided in the module-specific manuals
must be observed.
General
Protection class Protection class II in accordance with IEC/EN 61131-2
Ambient temperature 0…+60 °C
Transport and storage -40…+70 °C
temperature
Pollution Pollution degree II
Altitude < 2000 m
Enclosure Standard: IP20
If required by the relevant application standards (e.g.,
EN 60204), the system must be installed in an enclosure with
the specified degree of protection (e.g., IP54).
Power Supply Input Voltage 24 VDC, -15...+20 %, rp ≤ 5 %
SELV, PELV
Table 34: Environmental Conditions

8.2 Dimensioning
For details, refer to the component-specific manuals and communication manual
(HI 801 101 E).
For each resource Value
Number of racks  H51X: 1 base rack and a maximum of
16 extension racks.
 H41X: 1 base rack and a maximum of 1
extension rack.
Number of I/O modules  H51X: 256
 H41X: 28 (with extension rack)
Number of I/O elements Depending on the module type
 H51X: 4096
 H41X: 224
Number of processor modules 2
Total program and data memory for all user 5 MB less 64 kB for CRCs
programs
Memory for retain variables 32
Number of I/O processing modules for each rack 1 (none in the H51X base rack)
Maximum length of the system buses 50 m between two subscribers.
Number of communication modules  H51X: 0…10
 H41X: 0…2
Puffergröße für Verbindung zum OPC-Server
Anzahl PES-Benutzergruppen 1…10
Anzahl Anwenderprogramme 1…32
Anzahl Ereignisdefinitionen 0…5000
Größe des nichtflüchtigen Ereignispuffers 1000 Events
Table 35: Dimensioning of a HIQuad X Controller

HI 803 211 E Rev. 1.01.00 Page 93 of 110

Lifecycle System

9 Lifecycle
This chapter describes the following lifecycle phases:
 Installation
 Start-up
 Maintenance and repairs
Instructions for a correct decommissioning and disposal of the products are provided in the
manuals for the individual components.

9.1 Installation
This chapter describes how to structure and connect the HIQuad X system.

9.1.1 Mechanical Structure

To ensure proper operation when structuring the HIQuad X system, observe the conditions of
use specified in Chapter 2.1.
Observe the instructions for installing base racks and other components specified in the
corresponding manuals.

9.1.2 Connecting the Field Level

The field level is connected to the cable plugs of the I/O modules. The cable plug wires must be
connected to terminals.

9.1.3 Grounding
Observe the requirements specified in the low voltage directives SELV (Safety Extra Low
Voltage) or PELV (Protective Extra Low Voltage).
Functional ground is provided to improve electromagnetic compatibility (EMC). This functional
ground must be connected over a large area in the control cabinet.
HIQuad X systems must be grounded as described in the follow chapters.

Page 94 of 110 HI 803 211 E Rev. 1.01.00

System Lifecycle

9.1.3.1 CE-Compliant Structure of the Control Cabinet

In accordance with the EU Council Directive 89/336/EEC, converted in the EMC law for the
Federal Republic of Germany, from 1st January 1996, all electrical equipment within the
European Union must be labeled with the CE conformity marking for electromagnetic
compatibility (EMC).
All modules included in the HIQuad X system bear the CE marking.
To prevent EMC issues when installing controllers in control cabinets and support frames, the
following measures must be implemented:
 The H 7034 filter must be installed close to the 24 V supply to suppress interferences directly
at the supply point.
 Ensure proper and interference-free electrical installation in the vicinity of the controllers,
e.g., do not lay power lines together with field lines or 24 VDC supply lines. For further
information, see Chapter 9.1.3.2.
 Observe the instructions provided in this manual related to grounding, shielding and cable
routing to sensors and actuators.

9.1.3.2 Surges on Digital Inputs

Due to the short cycle time of the HIQuad X systems, a surge pulse as described in
EN 61000-4-5 can be read in to the digital inputs as a short-term high level.
To prevent malfunctions, take one of the following measures for the application:
 Install shielded input wires to prevent surges within the system.
 Noise blanking in the user program: a signal must be present for at least two cycles before it
is evaluated.
Caution: This measure increases the system response time!

The measures specified above are not necessary if the plant design precludes surges within
i the system.
In particular, the design must include protective measures with respect to overvoltage,
lightning, grounding and plant wiring in accordance with the relevant standards and the
manufacturer's specifications.

HI 803 211 E Rev. 1.01.00 Page 95 of 110

Lifecycle System

9.1.4 Grounding Connectors

All tangible surfaces of the 19-inch HIMA components (e.g., base racks, extension racks and
dummy front plates) are chromized and electrically conductive for ESD protection reasons.
Safe electrical connection between components and the control cabinet is ensured by cage nuts
with claw fasteners. The claw fasteners penetrate the surface of the pivoting frame [1], ensuring
safe electrical contact. Stainless steel screws and flat washers are used to prevent electrical
corrosion [2].
The components of the cabinet frame [3] are welded together and are considered an electrical
conductive construction element. Short grounding straps [5] with cross-sections of 16 mm2 or
25 mm2 are used to conductively connect the pivoting frames, door, mounting rails and
mounting plates to the cabinet frame.

Pivoting frame 2 x M 2500 busbar, see Figure 34

Screws, washers and cage nuts 16 mm2 or 25 mm2 grounding strap
Cabinet frame

Figure 33: Grounding Connectors for Racks

Page 96 of 110 HI 803 211 E Rev. 1.01.00

System Lifecycle

The roof sheeting is secured to the cabinet frame with four lifting eyes [8] (see Figure X). The
cabinet frame is electrically connected to the side panels and the backplane through grounding
claw fasteners [7] and to the floor panel through screws.
Two M 2500 busbars [4] are installed in the cabinet as standard equipment and connected to
the cabinet frame through 25 mm2 grounding straps [5]. The busbars can also be used as a
separate potential (e.g., to connect to the field cable shielding) if the grounding straps between
the busbars and the control cabinet are removed.
An M8 bolt is located on the cabinet frame to allow customers to connect the protective ground
cable [6].

2 x M 2500 busbar
DIN rails grounded with 16 mm² grounding strap
Central grounding point for the cabinet frame (M8 bolts)
Mechanical parts are grounded by standard fasteners to the cabinet frame
Roof sheeting with 4 lifting eyes and fan exhausts for fan inserts

Figure 34: Grounding Connections in the Control Cabinet

HI 803 211 E Rev. 1.01.00 Page 97 of 110

Lifecycle System

9.1.5 Grounding and Shielding Concept of HIMA Control Cabinets

The following figure shows the grounding and shielding concept of a HIMA control cabinet:

M 2500 busbar Base rack

24 VDC supply Cabinet frame
Filter (surge protective device) Cage nuts and cage clamps
Digital signals 25 mm grounding connector
Analog signals Shielded bus cable
Inline terminals Protective ground
Pivoting or fixed frame Equipotential bonding
Extension rack Standard connection to HIMA control cabinets, to
delete if equipotential bonding is applied.

Figure 35: Grounding and Shielding Concept of the HIMA Standard Cabinet

Page 98 of 110 HI 803 211 E Rev. 1.01.00

System Lifecycle

9.1.6 Grounding Several Control Cabinets

Connect several control cabinets to a central, interference-free ground; individually ground the
control cabinets of a controller, if required.
Ensure at least 16 mm² cross-section for the connection between the central grounding points of
the control cabinets and the common central ground.

Cabinet frame Central grounding point

M 2500 busbar Central ground

Figure 36: Control Cabinets with Central Ground

9.1.7 Ungrounded Operation

In ungrounded operation, a single ground fault does not affect the safety and availability of the
controller.
If several undetected ground faults occur, faulty control signals can be triggered. For this
reason, HIMA recommends using ground fault monitoring for ungrounded operation. Some
application standards, e.g., DIN EN 50156-1:2005, prescribe the use of ground fault monitoring.
Only use ground fault monitoring devices approved by HIMA.

9.1.8 Grounded Operation

Requirements for grounded operation are proper ground conditions and, whenever possible,
separate ground connection, in which no parasitic currents may flow. Only the negative pole L-
may be grounded. The positive pole L+ must not be grounded since a potential ground fault on
the sensor wire would bridge the affected sensor.
L- can only be grounded at one point within the system. L- is usually grounded directly behind
the power supply unit (e.g., on the busbar). Grounding should be easy to access and well
separate. The grounding resistance must be ≤ 2 Ω.

HI 803 211 E Rev. 1.01.00 Page 99 of 110

Lifecycle System

9.1.9 Shielding within the Input and Output Areas

Lay field cables for sensors and actuators separately from the power supply lines and at a
sufficient distance from electromagnetically active devices (electric motors, transformers).
To avoid interferences, ensure that the field cables are provided with continuous shielding. To
this end, connect the shielding on both ends of the field cables. This applies, in particular, to
field cables of analog inputs and proximity switches. Exception: The shield in the F 6217 may
only be connected to the rack.
If high compensation currents are expected, the shielding must be applied on at least one end.
Further measures, e.g., galvanic separation, must be implemented to avoid compensation
currents. Additionally, the requirements specified in the module-specific manuals must be
observed.

9.1.10 Lightning Protection for Data Lines in HIMA Communication Systems

Lightning protection for data lines can be improved by implementing the following measures:
 Completely shield the field wiring of the HIMA communication systems.
 Properly ground the system.

Install lightning protection devices in places outside of buildings and exposed to lightning.

9.1.11 Cable Colors

The cable colors used in the HIQuad X systems comply with international standards.
Notwithstanding the HIMA standard, other cable colors can be used for wiring due to national
standard requirements. In such a case, document and verify the deviations.

9.1.12 Connecting the Supply Voltage

Connect the supply voltage infeed lines to the clamp terminal blocks of the base racks (L1+,
L2+, L1-, L2-).
Attach the supply voltage infeed lines of the system fan to the screw terminals.

Page 100 of 110 HI 803 211 E Rev. 1.01.00

System Lifecycle

9.2 Start-Up
Only power up the HIQuad X system after the hardware is completely mounted and all the
cables are connected. First start up the control cabinet, then the PES itself.

9.2.1 Starting up the Control Cabinet

Prior to connecting the supply voltage, check if all cables are properly connected, thus ensuring
that no risk exists for controller and system.

9.2.1.1 Test of All Inputs and Outputs

Impermissible parasitic voltage (in particular with 230 VAC against ground or L-) can be
measured using a universal measuring instrument.
HIMA recommends testing every individual terminal for impermissible parasitic voltage.
When testing external cables for isolation resistance, potential short-circuits or open-circuits, no
cable ends must be connected to prevent potential damage or destruction of modules caused
by high voltage.
To check for ground faults, unplug the voltage connection plugs from the power distributor and
disconnect the supply voltage for sensors and the negative pole of actuators.
If the negative pole is grounded during operation, the ground connection must be interrupted for
the duration of the ground fault check. The same applies to the ground connection of ground
fault measuring facility, which may be connected to the system.
A megohmmeter or a special measuring instrument must be used to check each connection
against ground.

9.2.1.2 Voltage Connection

All the HIQuad X modules are inserted in the racks and the cable plugs are screwed on the I/O
modules. Check proper polarity, voltage and ripple for the 24 VDC supply voltage.

9.2.2 Starting up the PES with Processor Modules (F-CPU 01)

Requirements for start-up:
 The hardware is installed.
 The racks are interconnected.
 The PADT network connection is configured such that the modules of the HIQuad X base
plate can be reached. If required, enter a routing for the interface card in use.
 A suitable project is available with configured rack ID, IP address and system ID.

To start up the controller with processor modules (F-CPU 01)

1. Connect the supply voltage.
2. Set the system ID and IP address of the left F-CPU 01 processor module:
- Establish a direct physical connection between PADT and processor module.
- In the structure tree, select Hardware within the resource element, and click Online on
the Action Bar.
The Online Hardware tab and the System Login window appear.
- Click the To Module Login button.
- In the Online Hardware, log in to the processor module (double-click the processor
module, the module login window appears).
Use the MAC address (see the label on the module) to read the IP address and the SRS
(Browse button in the login window).

HI 803 211 E Rev. 1.01.00 Page 101 of 110

Lifecycle System

- Use the Change button on the Search via MAC dialog box to display the Write via MAC
window. This window can be used to set the system ID and IP address on the processor
module.
3. Use patch cables to connect the base rack to the extension rack as described in Chapter 3.2
and Chapter 3.3.
 The LEDs UP and DOWN as well as the Red. LEDs on the associated processor and I/O
processing modules are lit, see the F-CPU 01 manual (HI 803 215 E) and the F-IOP 01
manual (HI 803 219 E).
4. Prepare the left processor module:
- Log in to the processor module: Double click the processor module symbol in the online
image.

If a valid configuration is loaded into a processor module and the conditions for system
i operation are met, all settings such as SRS and IP address from the valid configuration
become operative. This is particularly important during the initial operation of a processor
module that was previously used.
HIMA recommends resetting to the factory settings (master reset) when using processor
modules with an unknown history.

- Reset the processor module to the factory settings (master reset).

- If the system is only equipped with one processor module (mono system), set mono
operation. To do so, click Set Mono/Redundancy Operation in the Online->Start-up
menu.
This setting only takes effect if a mono project is loaded. Otherwise, the system
automatically resets the switch.
5. Set the mode switch of the left processor module to Stop and wait until the processor module
indicates to be running in system operation.
 The Stop LED is lit or blinking, the Init LED is off.
6. Log in to the system.
7. Set the mode switch of the right processor module to Stop.
 The right processor module starts operating redundantly. The Stop LED is lit and the Init
LED is off.
8. Load the existing configuration to the processor modules by performing a download (menu
functions: Online -> Resource Download)
 The processor modules enter the STOP/VALID CONFIGURATION state.
9. The mode switches on all the processor modules are set to Run.
10. Perform a resource cold start.
► The system, i.e., all modules, are in RUN (or in RUN/UP STOP, if the user program was not
started).

For more information on how to start up the system, refer to the first steps manual
(HI 801 103 E).

9.2.2.1 Faults
 A processor module does not start redundant operation or quits it, in case of malfunction.
 The system enters the STOP/INVALID CONFIGURATION state if the project in SILworX
does not match the hardware.

Page 102 of 110 HI 803 211 E Rev. 1.01.00

System Lifecycle

9.3 Maintenance and Repairs

HIMA recommends replacing the fans of the controllers at regular intervals.

For a safety-related application, the controller must be subject to a proof test at regular
i intervals. Refer to the safety manual (HI 803 209 E) for more details.

NOTICE
Malfunction due to electrostatic discharge!
Damage to the controller or electronic devices connected to it!
Only qualified personnel may perform maintenance actions to supply, signal and data
lines. Implement ESD protection measures. Personnel must be electrostatically
discharged prior to any contact with the supply or signal lines!

9.3.1 Connecting the Power Supply after a Service Interruption

After connecting to the power supply, the HIQuad X system modules start in random order. This
applies to the HIQuad X modules as well as to the connected remote I/Os.

9.3.2 Connecting the Redundant Power Supply

Because of potential high currents, act with particular caution when connecting a redundant
power supply during operation.

WARNING
Physical injury due to overheating possible when connecting a redundant power source!
Check proper polarity, prior to connecting a redundant power supply unit during
operation!

9.3.3 Loading Operating Systems

Refer to the release notes for the corresponding operating system version for details on how to
load the operating system.
The HIQuad X system modules F-CPU 01 and F-IOP 01 contain processors and an operating
system controlling the module. The operating system is delivered with the module. HIMA is
continuously improving the operating systems. The improved versions can be loaded into the
module using SILworX.

HI 803 211 E Rev. 1.01.00 Page 103 of 110

HIQuad X Documentation System

10 HIQuad X Documentation
The following documents are available:
Document Document Topic File
number HIQuad X format
System manual HI 803 211 E Description of the system PDF
Safety manual HI 803 209 E Safe use of the HIQuad X system PDF
F-CPU 01 HI 803 215 E Processor module, SIL 3 PDF
F-COM 01 HI 803 223 E Communication module PDF
F-IOP 01 HI 803 219 E I/O processing module, SIL 3 PDF
F-PWR 01 HI 803 225 E 24 VDC / 5 VDC power supply unit, 50 W PDF
F-PWR 02 HI 803 227 E Buffer module PDF
F-FAN 01 Description of the system fans
SILworX HI 801 103 E Introduction for engineering HIMA PDF
first steps manual controllers using SILworX
SILworX online help - CHM
Communication manual HI 801 101 E Communication protocols and their PDF
application
HIPRO-S V2 manual HI 800 723 E Safety-related HIPRO-S V2 communication PDF
protocol
Document Document Topic File
number Fuse and power distribution module format
K 7205 HI 800 273 E 63 A, 18 circuit breakers, for SELV/PELV PDF
K 7206 HI 800 275 E 63 A, supply with decoupling for PDF
SELV/PELV
K 7207 HI 800 277 E Diode on heat sink, 25 A, for SELV/PELV PDF
K 7212 HI 800 287 E 35 A, 12 circuit breakers with decoupling, PDF
for SELV/PELV
K 7213 HI 800 289 E 35 A, 12 circuit breakers, for SELV/PELV PDF
K 7214 HI 800 291 E 150 A, 18 circuit breakers, for SELV/PELV PDF
Table 36: Overview of the HIQuad X Documentation

Page 104 of 110 HI 803 211 E Rev. 1.01.00

System Appendix

Appendix

Glossary
Term Description
AI Analog input
AO Analog output
ARP Address resolution protocol, network protocol for assigning the network addresses to
hardware addresses
Backplane PCB Backplane PCB
COM Communication module
CRC Cyclic redundancy check
DI Digital input
DO Digital output
EMC Electromagnetic compatibility
EN European standard
ESD Electrostatic discharge
FB Fieldbus
FBD Function block diagrams
ICMP Internet control message protocol, network protocol for status or error messages
IEC International electrotechnical commission
Interference-free In this context, interference-free refers to safety-related and non-safety-related
modules, which may be operated within a rack, if they are marked as interference-free.
In terms of functional safety, the non-safety-related-module has no influence on the
safety-related modules
MAC Address Media access control address, hardware address of one network connection
PADT Programming and debugging tool (in accordance with IEC 61131-3), PC with SILworX
PELV Protective extra low voltage
PES Programmable electronic system
R Read: The system variable or signal provides a value, e.g., to the user program
R/W Read/Write (column title for system variable/signal type)
Rack-ID Rack identification (number)
rPP Peak-to-peak value of a total AC component
SELV Safety extra low voltage
SFF Safe failure fraction, portion of faults that can be safely controlled
SIL Safety integrity level (in accordance with IEC 61508)
SILworX Programming tool for HIMA systems
SNTP Simple network time protocol (RFC 1769)
SRS System.Rack.Slot addressing of a module
SW Software
TMO Timeout
tWDT Watchdog time
W Write, the system variable or signal receives a value, e.g., from the user program
WD Watchdog, device for monitoring the system's correct operation Signal for fault-free
process

HI 803 211 E Rev. 1.01.00 Page 105 of 110

Appendix System

Index of Figures
Figure 1: H51X Base Rack Completely Assembled 14
Figure 2: Example of Safe H51X Mono Operation (1oo2) 15
Figure 3: Example of H51X Mono System 16
Figure 4: Example of Safe H51X Redundant Operation (1oo2) 17
Figure 5: Example of H51X Redundancy System 19
Figure 6: H41X Base Rack Completely Assembled 20
Figure 7: Example of Safe H41X Mono Operation (1oo2) 21
Figure 8: Example of H41X Mono System 22
Figure 9: Example of Safe H41X Redundant Operation (1oo2) 23
Figure 10: Example of H41X Redundancy System 24
Figure 11: Extension Rack 25
Figure 12: Fan Concept within the Control Cabinet 27
Figure 13: 19-Inch Frame 29
Figure 14: Dimensions of the 19-Inch Frame 30
Figure 15: Rear View of H51X Backplane 31
Figure 16: Rear View of H41X Backplane 33
Figure 17: Connection to the 24 V Power Supply of the Cable Plugs (H41X) 35
Figure 18: Rear View of Extension Rack Backplane 36
Figure 19: Mono 24 V Power Supply 38
Figure 20: Redundant 24 V Power Supply 39
Figure 21: Mono Connection to H51X Base Rack (24 VDC) 41
Figure 22: Redundant Connection to H51X Base Rack (24 VDC) 42
Figure 23: Redundant Connection to H51X Base Rack (24 VDC) and Redundant I/O Level 43
Figure 24: Mono Connection to H51X Base Rack (24 VDC) 44
Figure 25: Mono Connection to H41X Base Rack 45
Figure 26: Redundant Connection to H41X Base Rack and Extension Rack 1 46
Figure 27: 24 VDC Distribution for HIQuad X 47
Figure 28: Extension Rack Connected to a 5 VDC (H51X) 49
Figure 29: Extension Rack Connected to a 5 VDC (H41X) 50
Figure 30: Transient Interference 60
Figure 31: Interference Triggers a Safe Response 61
Figure 32: Effective Direction Associated with Noise Blanking and Output Noise Blanking 62
Figure 33: Grounding Connectors for Racks 96
Figure 34: Grounding Connections in the Control Cabinet 97
Figure 35: Grounding and Shielding Concept of the HIMA Standard Cabinet 98
Figure 36: Control Cabinets with Central Ground 99

Page 106 of 110 HI 803 211 E Rev. 1.01.00

System Appendix

Index of Tables
Table 1: Differences of HIQuad H51X Compared to H41X 13
Table 2: Power Dissipation of Standard Control Cabinets 26
Table 3: Fan Components as a Function of Power Loss 27
Table 4: Definitions for Calculating the Power Dissipation 28
Table 5: Installation Types for Control Cabinets 28
Table 6: Rack Backplanes 29
Table 7: Connection to the 24 V Power Supply 31
Table 8: Spring Terminals for Buffered Voltage 32
Table 9: Spring Terminals for 5 V Power Supply 32
Table 10: Spring Terminals in 5 Signaling Relays for Buffer Module 32
Table 11: Connection to the 24 V Power Supply 34
Table 12: Spring Terminals for 5 V Power Supply 34
Table 13: Spring Terminals for 24 V Auxiliary Voltages in I/O Modules 35
Table 14: Thresholds of the Temperature States 37
Table 15: Assignment of F 7133 Power Distribution Modules to I/O Module Slots 47
Table 16: Allowed Power Consumption in Relation to the Number of Power Supply Units 51
Table 17: Allowed Power Consumption in Relation to the Number of Power Supply Units 51
Table 18: Operating System States, States Entered 55
Table 19: Operating System States, User Interventions 56
Table 20: Possible I/O Modules to Be Used in HIQuad X 58
Table 21: Example for Calculating the Minimum and Maximum Noise Blanking Time 59
Table 22: Supported Variable Types 68
Table 23: System Variables at Different Project Levels 69
Table 24: Resource System Parameters 72
Table 25: Settings for Target Cycle Time Mode 73
Table 26: System Parameters for Output Variables 77
Table 27: System Parameter for Input Variables 80
Table 28: Access Modes for the PADT User Management 85
Table 29: Parameters for User Groups in the PES User Management 87
Table 30: Blinking Frequencies of the LEDs 89
Table 31: Maximum Number of Entries Stored in the Diagnostic History per Module Type 89
Table 32: Data Field of Diagnostic Message 90
Table 33: Diagnostic Information Displayed in the Online View for the Hardware Editor 92
Table 34: Environmental Conditions 93
Table 35: Dimensioning of a HIQuad X Controller 93
Table 36: Overview of the HIQuad X Documentation 104

HI 803 211 E Rev. 1.01.00 Page 107 of 110

Appendix System

Index
Communication time slice 73 PADT user management 84
De-energize to trip principle 11 PES user management 85
Diagnostic message Programming 66
I/O module 89 Safety-related protocols 56
Diagnostics 88 Specifications 92
History 88 System bus 51
Energize to trip principle 11 To make a controller lockable 80
ESD protection 12 User account 84
Loading the operating system 102 User group 84

Page 108 of 110 HI 803 211 E Rev. 1.01.00

 Fax
E-mail
Phone
System
MANUAL

HI 803 211 E

www.hima.com
68782 Brühl, Germany

www.hima.com/en/
[email protected]
+49 6202 709-0
Albert-Bassermann-Str. 28

+49 6202 709-107

HIMA Paul Hildebrandt GmbH
For further information, please contact:

Learn more about HIMA solutions online:

© 2017 by HIMA Paul Hildebrandt GmbH | Specifications subject to change without notice

© 2018 by HIMA Paul Hildebrandt GmbH | Specifications subject to change without notice

© 2018 by HIMA Paul Hildebrandt GmbH | Specifications subject to change without notice
© 2018 by HIMA Paul Hildebrandt GmbH | Specifications subject to change without notice
© 2018 by HIMA Paul Hildebrandt GmbH | Specifications subject to change without notice