Controllers in an era of high availability

12 September 2022

The emergence of new high availability technologies is making it more economical to implement a redundancy strategy for PLC, PAC and edge controllers. Darrell Halterman explains.

A fault-tolerant PROFINET ring network allows both controllers to be in independent communication simultaneously with all field I/O.
A fault-tolerant PROFINET ring network allows both controllers to be in independent communication simultaneously with all field I/O.

With manufacturers seeking new ways to maximise the efficiency and profitability of their operations, there is greater emphasis on control system technology that helps to ensure continuous production and greater plant availability. Traditionally, the replacement of a failed device may have been seen as a reasonable cause of downtime, but within modern manufacturing it is nore often considered unacceptable. High availability (HA) technology and systems are now increasingly in demand, including industrial automation controllers, which can control a range of mission-critical devices and applications.

HA functionality has been built into distributed control systems for many years, because large process plants depend on them for continuous operation, and any downtime tends to be costly. However, in applications controlled by programmable logic controllers (PLC) and programmable automation controllers (PAC) – such as machines and other equipment – HA functionality has typically only been used for the most critical instances.

One major reason for this is that the typical failure rates of PLC, PAC and edge controllers have been considered acceptable for traditional operational availability requirements. Also, building and maintaining redundant PLC or edge controller architectures has often been complex and costly. Consequently, many organisations have considered spare part back-up to be the most cost-effective means of mitigating a controller failure.

However, today PLC, PAC and edge controllers are playing increasingly critical roles, including key functions in the areas of data analysis and communications. Whereas a controller failure might once have taken a single machine offline, it now has the potential to significantly affect the uptime and efficiency of an entire plant or operation. As lights-out manufacturing processes become more common in industries, such as electronics manufacturing and logistics or warehousing, for example, the need for always-on control solutions is driving increased demand for HA control architectures.

Controller redundancy
With modern controller technology, it is now possible to implement HA in these automation systems quickly, easily and at a cost roughly equivalent to the traditional spare part model. This new HA approach enables organisations to increase plant uptime, mitigate risk and support more robust cybersecurity.

Modern PLC, PAC and edge controllers should have the ability to enable paired controllers to oversee systems by running in parallel, fully synchronised, with lock-step execution in real-time and access to the same I/O. The controller therefore ceases to be a single point of failure, because a fault in the primary controller results in a bumpless transfer to the secondary controller in milliseconds. This is accomplished through reflective memory technology, which completely transfers an image of the necessary memory from an active controller to its paired back-up controller with each individual scan.

A range of capabilities and conditions are incorporated in best-in-class HA control solutions to provide consistent, deterministic, reliable application control in cost-effective and maintainable solutions. To begin with, both controllers must have the same access to all I/O and field devices, and this is best achieved through a fault-tolerant Ethernet ring network. A ring network can often be created with minimal additional materials and effort when compared with traditional dual line or star networks.

Secondly, the controllers need to communicate with each other over high-performance links designed to support lock-step synchronisation, scan for scan. This enables the back-up controller to always have the same dataset as the active controller. These links permit control failovers as fast as three milliseconds in a single PLC scan. The main benefit of these dedicated synchronisation links, however, is that the failover time is deterministic and not variable due to the side-effects of other network devices or events. When other architectures try to synchronise the two controllers via the I/O networks, interactions with other networked devices can cause control switchover lag. In the worst instances, the non-deterministic failover of these other architectures could cascade into additional system failures or even a total halt of both redundant controllers.

Thirdly, while the two controllers can be installed in the same location, it is best to separate them geographically to avoid both being subject to common localised problems, such as power outages, fire or flood. The latest HA solutions use dedicated controller-to-controller links and support I/O networks over distances of up to 10km via fibre-optics.

Finally, the latest HA solutions are designed to continue seamless operations even with different software or firmware versions installed on the paired controllers. If the control software or firmware needs updating to deploy a new cybersecurity patch, the primary controller can be updated while the secondary controller runs and vice versa, meaning that the machine or process does not need to be shut down while this critical update takes place. This can lead to additional economic benefits. Users may be able to perform routine maintenance and even upgrade activities without having to stop the application. Activities that were once relegated to night and weekend shifts, resulting in costly overtime, can therefore now be performed during daylight shifts, without a loss of production.

It is no longer necessary for organisations to sacrifice performance or costs in order to reap the many benefits of HA control architectures. Modern control system redundancy architectures provide cost-effective HA solutions with fast, deterministic and consistent failovers. Operational availability can now be maximised and maintenance costs minimised, leading to increased and quicker return on investment. With the additional benefit of improved cybersecurity resiliency, it is apparent that HA control architectures have become a critical evolution in modern control strategies.

Darrell Halterman is director for PACSystems control products at Emerson.

Contact Details and Archive...

Print this page | E-mail this page