∷
Darrell Halterman, director for PACSystems control products at Emerson, explains how new high availability technologies make it more economical to implement a redundancy strategy for PLC, PAC, and edge controllers.
Maximizing plant uptime, improving operational efficiency and increasing profitability are fundamental aims for manufacturers. To help them achieve these goals, they are increasingly looking to implement high availability (HA) technology and systems that help ensure continuous operation. Industrial automation controllers, which can control a range of mission-critical devices and applications, provide a key opportunity.
The Need For New High Availability Technology
Distributed control systems have had in-built HA functions for a long time because large process plants depend on them for continuous operation. However, in applications controlled by programmable logic controllers (PLC) and programmable automation controllers (PAC), HA functionality has been utilized in only the most critical cases.
This is because typical failure rates of these controllers have been acceptable for traditional operational availability requirements while building and maintaining redundant PLC or edge controller architectures has frequently been complex and costly. Therefore, spare part backup has often been the most cost-effective approach to mitigating controller failure.
PLC, PAC, and edge controllers are now playing increasingly critical roles in industrial applications, including key functions in data analysis and communications. A controller failure could now significantly impact the uptime and efficiency of an entire plant or operation, and the need for always-on control solutions is driving increased demand for HA control architectures.
Modern controllers make it possible to implement HA in these systems easily, rapidly, and at a cost not much greater than the traditional spare part model while achieving the benefits of increasing uptime, mitigating risk, and supporting stronger cybersecurity.
The Emerson PACSystems Controller
In the Emerson PACSystems? RX3i controller, for example, two paired controllers oversee systems by running in parallel, fully synchronized, with lock-step execution in real-time and access to the same I/O. The controller thus ceases to be a single point of failure, since a fault in the primary controller results in a bumpless transfer to the secondary controller in milliseconds. This is accomplished through reflective memory technology, which transfers an image of the necessary memory from an active controller to its paired backup controller with each individual scan.
est-in-class HA control solutions incorporate a range of capabilities and conditions to provide consistent, deterministic, reliable application control in cost-effective and maintainable solutions.
First, both controllers need the same access to all I/O and field devices, which is best achieved via a fault-tolerant Ethernet ring network.
Second, the controllers need to communicate with each other over high-performance links designed to support lock-step synchronization and scan for scan, so the backup controller always has the same dataset as the active controller. These links permit control failovers as fast as three milliseconds in a single PLC scan. The failover time is deterministic and not variable due to side-effects of other network devices or events.
Third, while the two controllers can be installed in the same location, it is best to separate them geographically to avoid both being subject to common localized problems, such as power outages, fires, or floods. The latest HA solutions use dedicated controller-to-controller links and support I/O networks over distances of up to 10km via fiber-optics.
Fourth, the latest HA solutions are designed to continue seamless operations even with different software or firmware versions installed on the paired controllers. If the control software or firmware needs updating to deploy a new cybersecurity patch, the primary can be updated while the second runs and vice versa, meaning that the machine or process does not have to be shut down.
王若谷