SCADA systems
Redundancy in weaving technology
Accessing a system from any browser-enabled end device, regardless of location: SCADA systems using pure web technology are becoming increasingly popular. One drawback: until now, fail-safe operation was not possible, but this is now changing with 'hot standby redundancy'.
All screens dark - regardless of whether access is via desktop, tablet or smartphone, inaccessible systems or system areas, significant data loss, expensive downtime: All situations that should not happen in areas such as important infrastructure projects or various applications in mechanical and plant engineering. The main triggers for this are hardware or power failures, which can also be caused by unexpected events such as (natural) disasters. To prevent these situations, it is not only control systems and networks that are redundant in automation. Control and SCADA systems address this issue in order to
to prevent a system failure due to a single technical component.
A lot has changed in this area over the years. In the past, in the days of control consoles, control panels and pushbuttons, system operation still filled rooms. There was also only one central access point to the systems. Nowadays, a redundant pair of servers fits under a desk and industrial processes can be operated and monitored from anywhere and with any end device. This 'update' is making more and more users think about a redundant version of their SCADA solutions. The aim is to use the latest technology, but this is proving difficult. Because anyone who wants to use communication via OPC UA to data sources or higher-level systems such as a cloud application and expects visualization in pure web technology will be disappointed with conventional systems in terms of redundancy.
Following modern standards
What characterizes a modern SCADA system today? In order to offer users the greatest possible freedom in the deployment and use of software solutions, support for modern standards was and is a basic requirement. This is the only way to avoid dependency on closed systems and ensure investment security. In the SCADA sector in particular, major innovations have become established in recent years.
The topology of 'Atvise' SCADA redundancy: Visualization in pure web technology and data source-side communication via OPC UA and OPC Classic (also redundant).
© CertecOn the one hand, there is OPC UA as a platform-independent communication protocol, which also offers a sophisticated object type concept for effective, object-oriented engineering with a high degree of standardization. Among other things, this enables users to significantly and sustainably reduce project planning and maintenance costs.
In addition, the understanding has grown that only pure web technology without plug-ins ensures barrier-free visualization. This, in turn, is the only guarantee that the system can be accessed from any browser-enabled end device, regardless of location.
The 'Atvise' product line from Certec was developed on the basis of these standards instead of 'connecting them externally' in a makeshift manner, which ensures performance, expandability and simplicity. In addition to the SCADA solution, the portfolio includes a pure HMI solution ('Webmi') - which is offered as a software development kit (SDK) for OEMs - as well as a portal solution that manages a large number of plant visualizations on a multi-client basis and makes them available in the (private) cloud. What was still missing here was the logical further development of the SCADA solution to include hot standby redundancy.
SCADA with hot standby redundancy
Certec therefore decided to add redundancy to its existing SCADA portfolio. The redundancy itself was implemented with all options - including switch-over, fail-over, split operation and vitality status. As with all 'Atvise' products, it was implemented using pure web technology, i.e. without plug-ins or other tools in the web browser. However, this is not a matter of course with redundancy. Because when switching between the redundant servers, the visualization must neither go away nor 'choke', but should continue to work without interruption - and in compliance with web standards.
The redundancy status in the web browser shows the vitality status of the systems and the status of the networks between the visualization and the computers as well as between the computers themselves.
© CertecWith 'Atvise' from version 3.0, redundancy between two servers can now be configured. There is one operational and one non-operational server. These communicate with each other via a redundant connection. The active server manages the operation and is basically the leading server via which the system is visualized. The passive server runs in parallel, takes over current process data and its status from the active server and also buffers information from the data sources, which it does not transfer to the process image as long as the system is in a normal state. In the event of a fail-over, i.e. the total failure of the operating server, no data is lost as the passive server can now access the buffered data from the data sources.
The engineering tool: The 'Atvise' builder with redundancy status display offers a graphical drawing interface for adapting the visualization as well as corresponding parameterization options.
© CertecStructural changes are also transferred during the ongoing synchronization of changes in the process image between the servers. This means, for example, that if a data point is created in the 'Atvise' builder - the engineering tool - on the active server, this change is synchronized and adopted by the passive server.
The system monitors the 'health status' of both computers and all their connections and displays the actual status via the vital status. The evaluation of the vital status can be configured and parameterized in the 'Atvise' builder using a variety of criteria such as network status, CPU speed or memory performance (e.g. limit values or weighting). If you now want to manually intervene in the redundancy and change the operating server, a so-called switch-over is initiated, which is implemented on the condition that both servers have the same vital status. This is also decisive for a switch between the computers, because if the vitality status of a server deteriorates, a fail-over is initiated. Conversely, the system switches back to the original state if the vitality status of the originally operating computer has improved again. The most malicious form of fail-over is the complete failure of the operating server. If this occurs, the investment in redundancy has already paid for itself.
Operating modes for all situations
The 'Atvise' redundancy distinguishes between two operating modes: one according to the described redundancy mode and a so-called split mode. The latter is initiated manually by the user. During this state, there is virtually no communication between the servers - apart from 'keep-alive', status and preferred position. This means that there is also no synchronization of the process image between the servers. At the moment of separation, the originally active server assumes the status of SOP (Split Operational) and remains the operating computer, while the previously passive server now becomes SNOP (Split Non-Operational) and has no influence. In split operation, the status of the servers can be changed, i.e. SOP becomes SNOP and vice versa.
Split mode is used for maintenance purposes on one of the servers. In this operating mode, both servers act independently and do not influence each other, as redundant operation is canceled. This means that you can continue to operate your system with the operating server, which still has the old version of the application, while hardware replacement or major changes to the application can be carried out on the non-operating server, for example. During the transition to redundant operation, which is also initiated manually, the two computers are synchronized again and the application changes, including the current process image, are transferred to the second computer.
The requirements
Many basic requirements were necessary to successfully implement this redundancy: among other things, the kernel was trimmed in the direction of 'Threading Building Blocks' (Intel TBB) in order to achieve a scalable, improved use of the available resources such as processors and cores. The purpose of this measure is also to increase performance.
Next, the developers turned their attention to revising the history module - a key issue in terms of reliability. This is because loss-free, automatic synchronization of online/historical data during operation and also after a switch-over or failure must be guaranteed. This also led to an optimization of the 'Atvise' history screen.
The focus then shifted to the data sources. Here it was also necessary to get a handle on those that are redundant. In addition, each data source can also be equipped with a redundant network connection. Communication with redundant data sources can take place via OPC UA and OPC Classic. This is because OPC UA is always the first choice for 'Atvise' products, and has been since the very beginning. This feature is also available in stand-alone operation with 'Atvise 3.0'.
Finally, the developers integrated the latest OPC UA SDK and an update of the internal libraries such as QT 5 or OpenSSL. The latest version also supports the SNMP V1/V2C communication protocol, including the calculation and linking of OIDs (object identifiers). SNMP is the basis for network management and enables the monitoring and control of network elements such as routers, servers and switches.
First applications being implemented
In the meantime, a lot has happened in terms of sales: when Certec started developing redundancy, there was great demand to implement this type of SCADA solution for infrastructure projects such as water/wastewater. Since then, there have been many inquiries from other different industrial segments such as logistics, oil and gas, marine and the automotive industry.
"The interest in the world's first SCADA solution with hot standby redundancy in pure web technology is greater than expected," says Certec Managing Director Leopold Matouschek. "The first applications are already being implemented and will probably go live in the fourth quarter. Reports on this will follow."
Author:
Ronald Düker is Head of Marketing/Product Marketing at Certec.
You might also be interested in
Double security through redundancy
The 'Safety Key' from Hy-Line allows the simple integration of safety-relevant switches in glass displays.
read more...Operation via touch, glove, pen or digitizer
Getac launches the next generation of 'F110' and 'K120' tablets: The new F110 is suitable for use in a variety of harsh outdoor and indoor scenarios.
read more...Flexible visualization
'Prime Panel Touch' and 'Prime Panel Extend' from Schubert System Elektronik (SSE) are suitable for sophisticated visualization concepts in industry.
read more...Support arm panel expands portfolio
The 'TT 1564' multi-touch operating panel for mounting arm installation extends the Sigmatek range.
read more...Managing Board expanded
Kontron expands its Management Board with Philipp Schulz and Dr. Johannes Fues. As COO, Schulz will be responsible for the Aerospace and North America business units, while Dr. Fues will assume the position of COO for the GreenTec business unit.
read more...Tablet for the Ex area
With the 'Pad-Ex 01 P12', Pepperl+Fuchs is launching a new tablet for professional use in potentially explosive atmospheres in Zone 2/22, Division 2.
read more...Modular embedded touch HMI
Irlbacher, provider of free-form touch solutions, has a new solution kit for modular embedded HMIs.
read more...Control elements that can be used for security
The control element PIToe ETH with activatable Ethernet port from Pilz protects freely accessible Ethernet interfaces in industry against unauthorized access.
read more...Control panel series updated
Kontron has developed a new generation of its Control Panels which, thanks to the more powerful Arm NXP i.MX8M Plus processors, provide a significant performance boost compared to previous models.
read more...