The AC500 High Availability System

The AC500 High Availability system is designed for the demand of automation systems that require a higher availability, which is realized by redundant devices and communications. The redundancy concept reduces the risk of losing production due to failure of parts of the automation system and thereby minimizes scheduled idle times. For instance, control can be taken over by the secondary station if the primary station fails.

AC500 High Availability system helps to implement redundancy based on standard AC500 PLCs:

• PLC
• Field communication
• SCADA communication

Differences in high availability and redundancy systems are in which way and how fast the switchover between redundancies happens.

AC500 High Availability systems are hot-standby.

Redundant systems or redundancy functions are:

• always up and running (hot),
• detect failures,
• can switch over automatically in very short time

The AC500 High Availability system HA-Modbus TCP is the ETHERNET based variant of HA-CS31 redundancy system.

Principle AC500 HA architecture example based on ETHERNET redundancy

• For the data exchange/synchronization (=Sync) between the PLC A and the PLC B the protocols UDP is used e.g. via one of the ETHERNET ports.

  Note: To differ a “sync link” failure from an “other PLC” failure a so called lifecom2 communication is used, which then should be routed via a different communication path than the Sync, e.g. the field or SCADA network.

• The field I/O connection is performed via the ETHERNET protocol ‘Modbus TCP’ - connecting the CI52x Modbus I/O-cluster devices (CI521-MODTCP: CI521-MODTCPCI522-MODTCP: CI522-MODTCPETHERNET network redundancy mechanism is used (realized by external, managed switches). CI52x modules are not actively participating in ring recovery, however, smaller systems can be daisy chained if MRP (Media Redundancy Protocol) is used.

• SCADA connection is redundant by nature of the two ETHERNET ports and can be extended with further redundancy level as well by managed switches. SCADA itself can also switch the primary PLC to ensure communication to the active PLC in case of a simple connection and a connection failure.

In most PLC applications the critical components to fail are typically the power supply or communication components such as wires or other communication equipment. Therefore a SPOF (Single Point Of Failure) has to be avoided by adding redundant devices or redundancy functions.

HA core functionality typically can tolerate only one single failure. Then, a repair of the failed part is highly advised to achieve and ensure redundancy again. As shown in the following figure, the network already provides a second independent redundancy layer by its ring redundancy mechanism, which can keep up communication despite a break in the ring itself, without switching the PLCs: There a second failure in the PLC level could be tolerated, but it is highly advised to repair immediately anyway.

With a well-planned communication network, the PLCs can operate geographically separated. So even in catastrophic events with full mechanical destruction still one PLC will be available to control the process or infrastructure.

Libraries

In order to achieve high availability, the IEC 61131-3 editor application must be enhanced with HA function blocks, from the HA-Modbus TCP library and the CI52x library.

• HA control function blocks manage the core HA functionality by collecting diagnosis and switching if necessary.
• HA utility function blocks provide standard functions in the application program with internal sync for integral data e.g. timers, counters, PI control.
• CI52x library contains a function block to interface to the CI modules and ensures that only the primary PLC writes to the outputs. The inputs are read by both PLCs.
• For both PLCs the same application must be used/downloaded.

Bulk Data Manager tool (BDM)

For configuration of the CI52x Modbus TCP clusters, a separate Bulk Data Manager tool (BDM) is provided. Especially in larger systems usage of BDM is recommended to comfortably engineer and create CI52x related data in one place:

• Configuration and parameters of the used I/O modules
• Program code for variable naming, configuration, communication and HA functionality

The BDM tool can serve SCADA programming and documentation as well in an efficient manner.