ia02 - system redundancy
Post on 24-Nov-2014
140 Views
Preview:
TRANSCRIPT
Redundancy
• What does Redundancy mean to you?
• Definition: – the quality or state of being redundant – serving as a duplicate for preventing failure of an entire system (as a spacecraft) upon
failure of a single component
• Why is redundancy needed?– “My plant runs 24x7x365”
Can affect overall financial commitment and engineering development– “Zero Downtime”– “Zero Data Loss”
Source: Merriam-Webster
Different Redundancy Solutions Exist• Network Media Redundancy
– “What if my network cable gets cut ?”– “What if my network card fails?”
• Controller Redundancy– “What if my controller has a hiccup ?”– DE10: High Availability Control Systems
• Computer Hardware Redundancy– “What if my computer fails ?”– “What if some components of the PC fail?”
• Software Application Redundancy– “What if the software product faults ?”– Native feature of the product such as RSViewSE & FactoryTalk Data servers– Implemented with features built into the product. Example - A8934 - Redundancy Method Using
Cooperating RSSql Applications and A9067 - RSSql Redundancy Method Using PLC Logic• User-project “Redundancy”
– Specific checks/safeguards built into the project by the user
Which Solution Should I Use ?• May vary on a case-by-case basis
• Some applications may require several redundancy solutions used together to provide system-wide protection
– Beware of statements like “Zero Downtime” or “Zero Data Loss” These are virtually impossible to deliver How much $$ are you willing to spend
• Clearly understand:– What each solution was designed to protect against– The cost associated with a given solution– Application considerations associated with a given solution
What is important to the solution? Does this solution solve the problem?
• By the end of this session, you should have a better understanding of Rockwell’s redundancy solutions.
Redundancy Solutions OverviewRedundancy Solutions Overview
The Architecture
IA02 System Redundancy Architecture - Logical
Secondary RSSql
Terminal Server 2
Secondary HMI/Data
Primary HMI/Data
Primary RSSql
Terminal Server 1
Factory Talk Directory
Student Clients
Redundant CLXPrimary ENet
Secondary Enet
Redundant ControlNet
Student Clients
IA02 System Redundancy Architecture – Physical
Primary HMI/Data
Primary RSSql
Terminal Server 1
Secondary RSSql
Terminal Server 2
Secondary HMI/Data
Student Clients
•Microsoft SQL Server *•RSBizWare Historian
•Factory Talk Directory
Redundant CLX
Redundant ControlNet
Fiber Optic Ring
* Location for demo purposes only
Network Media RedundancyNetwork Media Redundancy
Redundant Switches and Network Cards
Network Media Redundancy• What is it ?
– Automatic switching of physical media such that the network automatically switches to a different cable path in the event of a problem
• How does it work ?– The network transceivers perform a “diagnostic” of each cable path to determine the
“best” physical cable to use– This is transparent to controllers, computers, software, user project, etc.
Its all handled by the network.– “Spanning Tree” – Hirschmann HIPER-Ring
• Redundant topology in that it provides network redundancy instead of just path redundancy while preventing loops in a network.
• For Ethernet to function properly only one active path can exist between devices.• To provide redundancy, Spanning Tree relies on having multiple paths or
connections to different switches and configures some of these paths into standby (Blocked) state.
• If a network segment becomes unreachable, spanning tree reconfigures and reestablishes link by activating the "Blocked" links.
• IEEE standardized (Most existing company IT architectures)• Demonstrates importance of managed switches instead of “home grown” networks
Media Redundancy Types
Spanning Tree / Rapid Spanning Tree
HIPER-Ring
• Typically used when downtime is critical• Available in all Hirschmann Managed Switches• Up to 50 switches in a ring supported• Maximum reconfiguration time of 300mS – reducing downtime• No software required to configure – just set DIP switch on 1 switch in ring
(Redundancy Manager)
500 ms maximum network “downtime” with 100BASE ring
50 ms maximum network “downtime” with 100BASE ring
(up to 50 switches in ring and 4,000 connected MAC addresses)
ToPLC 7
From PC 10
RM: ON (ACTIVE)RM: OFF RM: ON (STANDBY)RM: OFF
P1 P2 P1 P2 P1 P2
P3
PC 10
P3
PLC 3
P3
PLC 7
ToPLC 7
From PC 10
ToPLC 7
From PC 10
ToPLC 7
From PC 10
ToPLC 7
From PC 10
Redundant Connection
HIPER-Ring Redundancy
ToPLC 7
From PC 10
ToPLC 7
From PC 10
ToPLC 7
From PC 10
SW 1 Address TablePORT 1 PORT 2 PORT 3
PLC 3 - PC 10PLC 7 - -
SW 2 Address TablePORT 1 PORT 2 PORT 3
- PLC 7 PLC 3- PC 10 -
SW 3 Address TablePORT 1 PORT 2 PORT 3
PLC 3 PC 10 PLC 7- - -
HIPER-Ring(Reconfiguration < 0,5sec.)
HIPER-Ring(Reconfiguration < 0,5sec.)
Media Redundancy – Combinations
Redundant Link(Spanning Tree)
Spanning Tree / Rapid Spanning Tree
HIPER-Ring(Hirschmann Only)
Hirschmann Switches workIn Spanning Tree, Rapid Spanning Tree, And HIPER-Ringnetwork architectures
Network Media Redundancy (con’t.)• When should I use it ?
– To protect against media failures• What products supports it ?
– ControlNet 1756-CNBR, 1786-PCICS
– Ethernet Thru the use of Hirschmann switches Encompass Partner
• Instructor– Use HIDiscovery to show Hirschmann configuration software samples– Disconnect a fiber-optic connection– Clients continue to get data and successfully navigate screens– Reconnect the fiber-optic cable
• Questions?
Network Interface Card Redundancy• What is it?
– Automatic switching of NIC such that the network communications automatically switches to a different hardware component of the same PC in the event of a failure
• How does it work?– Typically, software ‘utility pack’ is used to ‘team’ a pair (or more) of NIC’s to appear as a single IP
address to the rest of the network. Should any NIC fail, the rest of the team carries the load.
Controller RedundancyController Redundancy
Redundant CLX with SRM Module
Controller Redundancy• What is it ?
– Duplicate chassis hosting controllers and communications modules such that if one controller faults, the other controller takes over.
– System is “bumpless” from the standpoint of I/O – no uncontrolled I/O states– DE10: High Availability Control Systems– System may or may not be bumpless from a supervisory/HMI perspective – temporary
loss of communications may exist depending upon media type.• How does it work ?
– Controller pairs sync their program scans, and data from supervisory systems, program edits, etc. written to the primary controllers are automatically cross-loaded to the secondary controllers Note: The bandwidth and memory required for successful synchronization should
be taken into account when estimating communications throughput.– Communications cards in the primary & secondary chassis automatically “swap” node
addresses so that the primary & secondary chassis remain at the same node addresses Times for communications to be re-established after a node swap vary by network
type, system loading, etc.
RSLogix 5000 Configuration• Configuration check box option within RSLogix 5000
Recipe Display• Students to return back to the “Welcome” display (press buttons or F3 key) and then open the
Recipe Demo display• Instructor to download values to the registers with a ‘full control’ client• Students verify they see the downloaded values & navigate back to the previous displays (F3)
as instructed in the beginning of the lab based on seat location
1 person in each row to connect in a different manner:“Rich” client on EtherNet“Rich” client on ControlNet
“Thin” client on EtherNet“Thin” client on ControlNet
Computer Hardware RedundancyComputer Hardware Redundancy
Marathon Endurance
Computer Hardware Redundancy• What is it ?
– Automatic switching of PC hardware devices such that a failure of the device does not interrupt the O/S nor applications running on the PC.
Motherboard Hard Drive Network Card
• How does it work ?– Performs similarly to Controller Redundancy– The PC performs self checks of system components.– If a component fails, the system switches over to use the secondary system component provided
by the other co-server. – This is transparent to the application software, networks, etc.
• Software Faults?– Does not protect against faulty code, “hang ups”, or software “glitches”– If system gets out of synch, it is possible to have to start from scratch in order to rebuild
Computer Hardware Redundancy (con’t.)• When should I use it ?
– To protect against PC hardware failures• What products supports it ?
– RAID– Clustering
Although not supported by RSI products, it can be used for database components of a system– Marathon Technologies Endurance system
Although not currently supported by RSI products, it is being reviewed for platform support in the very near future…so stay tuned
– How is it configured? A pair of hardware ‘co-server’ systems share a ‘virtual’ system that is synchronized via a 1
Gb/s Ethernet backbone Requires Server class hardware
Marathon Configuration
Co-Server 1
Co-Server 2
Virtual ServerVirtual Server
• 2 Co-Server PC’s host a virtual server
• This is the most costly example. Can be used with less network connections
Computer Hardware Redundancy (con’t.)• Hands-On:
– RSSql configuration running within the synchronized ‘virtual’ server– Demonstrate the GUI provided by Marathon– Disable the network card on a co-server– Co-server #2 detects the network card failure and uses its component– RSSql configuration remains running and inserts data into the database– Students notice the Virtual Server Manager indicates the component failure inside the provided GUI
Software Application RedundancySoftware Application Redundancy
RSView SE & RSLinx Enterprise
Software Application Redundancy• What is it ?
– Automatic failover from a software application running on one computer (primary) to an identical software application running on another computer (secondary) should the primary software application fail
• How does it work ?– The health of both primary & secondary software application is checked, and client-side
applications will automatically switch to the secondary server-side application should the primary server-side application become unavailable
Example – RSView SE & FactoryTalk Data Server allow redundancy configuration
Software Application Redundancy (con’t.)• Hands-On:
– Please navigate to an HMI display 1 person in each row to connect in a different manner
“Rich” client on EtherNet connect to Alarm Summary “Rich” client on ControlNet connect to a Segment display “Thin” client on EtherNet connect to a Segment display “Thin” client on ControlNet connect to Alarm Summary
– Using examples from the RSView SE Design Guide, Fail the primary HMI/Data Server by disconnecting the network cables and shutting down
power– Please note the behavior of the system and compare with your neighbor’s system
Alarm States are synchronized between primary & secondary HMI Servers
Summary• Many forms of redundancy exist
– Each were created to solve a specific application need– Be sure to use the correct redundancy solution for the application– Multiple solutions may be used concurrently based on application needs
• Redundancy is dependent upon software and hardware solutions working in tandem• Many times the software is a messenger to problems with hardware• Redundancy is not a method to ‘cover up’ poor application implementation
Questions ?
• G102753810 – RSView SE 3.20 Distributed System Design Considerations• OP07 – RSView SE Distributed Design Considerations• GN03 – FactoryTalk Distributed Design Considerations
• Thanks for attending IA02 - Visualization Redundancy for Real World Applications at RSTechEd 2005
• Please tidy up your area, complete the survey, and have a nice evening!
top related