The
high availability requirements of plant constructors and operators
as well as the process and data security can be covered with the
redundancy concept of WinCC OA.
High
availability and reliability are becoming more important in the
automation technology. Even a short breakdown can result in heavy
costs and security risks. The redundancy is used to guarantee
plant management without any adverse effects in case of a failure
and thus loss of data and associated problems do not occur.
The
exact configuration of the redundant computer system varies due
to the different requirements. The most common case is, however,
the duplication of hard and software. Redundancy is an integral
part of WinCC OA.
Reliability
is achieved in WinCC OA
using a redundant system with hot standby. Hot standby is a hardware
independent solution for high availability. The hot standby concept
uses two servers connected to each other. Both servers are operating
permanently and are subject to same functional demands (only one
server is, however, always active. The second server synchronizes
the data at runtime with the primary unit). If the active server
fails the system switches "on the fly" to the passive
server, which takes over control and becomes the active server.
As a result, access to data or functions is always guaranteed
.
For
information on redundancy between two redundant server systems,
see Disaster
Recovery System.
Redundancy in WinCC OA
The following figure shows in an easy form a possible
structure of a plant, which is monitored and controlled via a
redundant WinCC OA
system.
Figure: Redundant system with WinCC OA
A complete server project
runs 2x on separate computers: control and hot standby server
(in the figure Server 1 and Server 2). The computer with the
control status is indicated as "active" and the
computer with hot standby functionality as "passive".
Both servers have an active
process connection.
The standby server chooses
the values from the active server when adopting the value
changes and discards the values from UIs
and drivers.
Therefore, it is guaranteed
that both computers have a consistent process image (same
time stamp, data, ... etc.).
The operating terminals
(clients) are always connected to both servers. However, only
data of the active server is displayed.
In case of errors the system
automatically switches to the other system. The error can
be of many different type and the weighting of the error (how
grave the error is for the system) is configured by the user
(examples on errors could be a breakdown of a manager, a failure
of network connection in case of redundant networks, computer
breakdown, ...).
Furthermore there is the split mode for the redundancy.
In the split mode the redundant servers are separated. A system
remains "active", runs normal and takes care of the
operating terminals. The second server can be used for tests of
new configurations and for configurations. Thereafter the state
automatically returns to normal (redundancy) on the basis of an
arbitrary server (keep the original configuration or establish
the new configuration).
A redundant WinCC OA
system fulfills the following tasks:
Fast and correct switching
in case of errors
Balancing of dynamic data
at runtime
Balancing of the historical
data after the project start (Recovery)
Continuous control of different
components on both systems (Manager, RAM memory, disk space,
arbitrary data points)
The weighting of the components
can be configured according to the case = "Error state"
Interpretation of the system
state and administration of the active/passive state
Automatic (if activated)
synchronization of files between the systems, when the system
was in split mode before.
Advantages of redundancy in WinCC OA
Reliability via hot standby
Increase of data security
via double data records in two separated
databases.
Test of new configurations
and configurations without interfering the operation.
Guarantee of best possible
plant security via avoiding of operation interruptions.
On the following pages you can find important information
and details for creating a redundant system with WinCC OA as well as examples
on configuration of error weighting.
Caution
It is not possible to combine 32bit and 64bit
in one redundant project. The redundancy partners must be of the
same bit-version. |