HIMA HIMax  ® System Manual

System core positioning and security level

Product type: Safety related control system, used for control tasks in the process and factory automation industry (such as process controllers, protection systems, burner systems, etc.).

Security certification:

Complies with IEC 61508 standard and supports SIL 3 level.

Compliant with EN 954-1 standard, reaching Category 4 level.

Compliant with ISO 13849-1 standard, performance level e.

Core design principle: Supports both “de energizing to trip” and “energizing to trip” principles, with some models certified for use in fire alarm systems (DIN EN 54-2, NFPA 72).

System hardware composition and structure

Key specifications and functions of component types

Base Plates models: X-BASE PLATE 10 01 with 10 slots, 01/02 with 15 slots, and 01 with 18 slots; Expand up to 15 expansion substrates (a total of 16); Blank modules need to be inserted to ensure ventilation

Up to 4 processor modules, supporting redundant configuration; Installation location restrictions (slots 3-6 of rack 0, slots 3-4 of rack 1); Core functions: Running user programs, self testing, secure communication management

The I/O module includes digital/analog input/output and counter input modules; Support channel redundancy and module redundancy (2-3 layers); Some modules support sequence of events (SOE) recording

System bus dual redundancy (A/B bus), based on Ethernet technology; Copper cable up to 100m, fiber optic extension up to 19.6km; Cat. 5 (≤ 100Mbit/s) or Cat. 6 (1Gbit/s) cable required

Power supply 24VDC input (voltage range 19.2-30V); Support dual redundant power supply connection; Single substrate requires fuse protection of 63A or above

Software and Programming (Based on SILworX Tool)

Programming Fundamentals: Supports IEC 61131-3 standard functional blocks, can load up to 32 user programs, and supports multitasking scheduling (3 modes).

Variable management:

Types: local variables, global variables, input/output variables, etc.

Initial value: It is recommended to assign a secure initial value to physical input/communication variables. If not assigned, it defaults to 0.

System variables: pre-defined variables used to handle system properties such as temperature and power status.

Key functions:

Forcing function: supports global/local forcing, can set time limits, and requires authorized personnel to operate.

Event recording: Supports Boolean and scalar events, cache 5000 entries, and transmit them to third-party systems through X-OPC servers.

Loading methods: Download (interrupt running), Reload (uninterrupted running).

Redundant configuration (improves availability, not SIL level)

Key points for configuring redundant objects

1-4 redundant processor modules, with automatic synchronization configuration for newly added modules; Maintain safe operation of remaining modules during faults

I/O modules support module redundancy (2-3 modules of the same type) and channel redundancy; Configurable spare module to avoid false alarms

System bus dual bus (A/B), 2 system bus modules need to be inserted into each substrate; Prohibit cross connection

SafeEthernet communication supports redundant transmission paths; Standard protocols (Modbus, PROFIBUS) require user program management redundancy

Dual redundant power supplies are connected to terminals L1+/L1- and L2+/L2- to achieve voltage decoupling within the module

Operating environment and safety requirements

Environmental conditions:

Working temperature: 0-60 ℃ (testing limit -10-70 ℃), storage temperature -40-85 ℃.

Mechanical requirements: vibration tolerance (5-9Hz/3.5mm; 9-150Hz/1g), impact tolerance (15g/11ms).

Protection level: standard IP20, special scenarios require IP54+enclosure (compliant with EN 60204 and other standards).

Security protection:

ESD protection: Only authorized personnel with knowledge of ESD can modify the system or replace modules.

Prohibited use: public networks (such as the Internet) transmit security related data (without VPN/firewall); Exceeding the specified environment usage.

Emergency message: When the controller fails, the system automatically enters a safe state, and access to safety devices is prohibited in emergency situations.

​Whole life cycle management

Installation: Must comply with EMC requirements (EN 61131-2, IEC 61000 series); Grounding requires the use of a 16/25mm ² grounding wire; The bending radius and strain relief of the cable must comply with the specifications.

Startup: Control cabinet startup (test voltage, ground fault) and PES startup (configure IP/SRS, set “responsible” system bus module); The rack ID needs to be allocated through the system bus module as a safety critical parameter.

maintain:

Regular requirement: Regular verification testing is required (refer to security manual HI 801 003); It is recommended to replace the fan regularly.

Fault handling: Only authorized by HIMA can be repaired; When the processor module fails, the redundant module takes over the task.