User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo Building Automation System 6.2 - Technical Principles

Control concept

Superposed plant controls

78 | 351 CM110664en_07

Step 1: Safety function AllLifeSafety

If all switch commands for a given plant operating mode have the priority Life safety, it is referred to as the

AllLifeSafety plant operating mode.

A pending AllLifeSafety plant operating mode in the [ValPgm] is executed immediately in all cases and

maintained regardless of previously existing and newly occurring faults in the plant – human life takes

precedence over plant safety.

If the AllLifeSafety mode includes switch-on commands, then the preset delay times (Delay and Timeout)

will be observed. However, in the case of the Timeout setting, the switching sequence will continue even in

the absence of any feedback signal. Interlocks cannot therefore be guaranteed, with the exception of local

interlocks implemented via Priority 1 (life safety, manual).

Priority 1 (life safety, manual) cannot be overwritten in the AllLifeSafety.

Step 2: Preview Look Ahead

Before changing to a different plant operating mode, in which referenced blocks are to be enabled, block

CMD_CTL checks to ensure that all the aggregates can actually be enabled. For this purpose, the entries in

the priority array [PrioArr] for the switching sequence blocks are checked in advance. If switch commands

of a higher priority are found to be active (e.g., a minimum switch-off time or the OFF-command of a repair

switch), then CMD_CTL waits to implement the new plant operating mode until the full switching sequence

can be implemented. Only referenced blocks, for which a switch-on command exists in the new plant

operating mode, are checked, and only if the operating-state monitoring feature has been enabled.

The following priorities are checked:

● Priority 1 [EnSfty/ValSfty], life safety, manual.

● Priority 7 [EnSwi/ValSwi], manual operation, e.g., manual switch.

● Priority 8 [EnOp/ValOp], manual operation, operating unit.

● Priority 6 [TiMinOff], minimum switch off time.

Priority 6 is checked only for a switch on command to determine whether the aggregate is still within the

minimum switch off time. In this case, it waits until the switch off time expires and only then switches on.

There is no Look Ahead for Desigo 7.

Priority 4 (plant safety, manual [EnCrit/ValCrit]) is not considered during the check, since local mutual

locking via data flow interconnection, such as depicted in the figure

Cross-aggregate interlocking of

damper/fan

, would change this value during the switch-on process.

The present operating mode remains until it is certain that all impacted aggregates with active operating

state supervision can be switched to the new set state. A process alarm is triggered in CMD_CTL of a

monitored block is not switched on. The exception value [EcptVal] is active as the new plant operating

mode in this case. The online diagnostics for the Plant Control Editors determines which element is the

cause of the fault.

Step 3: Abort sequence

On-going switch sequences are aborted when delay times are still active. Exception: An alarm is generated

when a fault occurs as part of internal monitoring of the block. The demanded plant operating mode is

determined in this cased by the exception value [EcptVal]. If the switch sequence is active, but not

completed, it is NOT aborted, but rather is completed.

Step 4: Ramp-down sequence

The ramp-down sequence is started first for the new plant operating mode. This shuts down all aggregates

that must be switched off per the new plant operating mode. The shut down takes place in the table

sequence from right to left, in other words, the last aggregate in the switch sequence is the shut down first.

The parameterized times for the time off delay are active during ramp down to off. The time off delay can

be activated using a fixed delay time or a maximum timeout or deactivated using the immediate option. The

length of the delay for timeout depends on the switch off state of the monitored sequence elements.

Transition to the next sequence occurs as soon as it reports switched off, that is, the process value of the

block [PrVal] = Off. It switches after the timeout time expires when the shut-down message is not sent.

If a sequence element with a life-safety or plant-safety priority is switched off, the preset delay times will

be ignored.