Redundancy

The high availability requirements of plant constructors and operators as well as the process and data security can be covered with the redundancy concept of WinCC OA.

High availability and reliability are becoming more important in the automation technology. Even a short breakdown can result in heavy costs and security risks. The redundancy is used to guarantee plant management without any adverse effects in case of a failure and thus loss of data and associated problems do not occur.

The exact configuration of the redundant computer system varies due to the different requirements. The most common case is, however, the duplication of hard and software. Redundancy is an integral part of WinCC OA.

Reliability is achieved in WinCC OA using a redundant system with hot standby. Hot standby is a hardware independent solution for high availability. The hot standby concept uses two servers connected to each other. Both servers are operating permanently and are subject to same functional demands (only one server is, however, always active. The second server synchronizes the data at runtime with the primary unit). If the active server fails the system switches "on the fly" to the passive server, which takes over control and becomes the active server. As a result, access to data or functions is always guaranteed .

For information on redundancy between two redundant server systems, see Disaster Recovery System.

Redundancy in WinCC OA

The following figure shows in an easy form a possible structure of a plant, which is monitored and controlled via a redundant WinCC OA system.

Figure 1. Redundant system with WinCC OA
  1. A complete server project runs 2x on separate computers: control and hot standby server (in the figure Server 1 and Server 2). The computer with the control status is indicated as "active" and the computer with hot standby functionality as "passive".
  2. Both servers have an active process connection.
  3. The standby server chooses the values from the active server when adopting the value changes and discards the values from UIs and drivers.
  4. Therefore, it is guaranteed that both computers have a consistent process image (same time stamp, data, ... etc.).
  5. The operating terminals (clients) are always connected to both servers. However, only data of the active server is displayed.
  6. In case of errors the system automatically switches to the other system. The error can be of many different type and the weighting of the error (how grave the error is for the system) is configured by the user (examples on errors could be a breakdown of a manager, a failure of network connection in case of redundant networks, computer breakdown, ...).

Furthermore there is the split mode for the redundancy. In the split mode the redundant servers are separated. A system remains "active", runs normal and takes care of the operating terminals. The second server can be used for tests of new configurations and for configurations. Thereafter the state automatically returns to normal (redundancy) on the basis of an arbitrary server (keep the original configuration or establish the new configuration).

A redundant WinCC OA system fulfills the following tasks:

  • Fast and correct switching in case of errors
  • Balancing of dynamic data at runtime
  • Balancing of the historical data after the project start (Recovery)
  • Continuous control of different components on both systems (Manager, RAM memory, disk space, arbitrary data points)
  • The weighting of the components can be configured according to the case = "Error state"
  • Interpretation of the system state and administration of the active/passive state
  • Automatic (if activated) synchronization of files between the systems, when the system was in split mode before.

Advantages of redundancy in WinCC OA

  • Reliability via hot standby
  • Increase of data security via double data records in two separated databases.
  • Test of new configurations and configurations without interfering the operation.
  • Guarantee of best possible plant security via avoiding of operation interruptions.

On the following pages you can find important information and details for creating a redundant system with WinCC OA as well as examples on configuration of error weighting.

Note: It is not possible to combine 32bit and 64bit in one redundant project. The redundancy partners must be of the same bit-version.