Introduction
There are two basic types of redundancy solutions available in the IGSS system: the hot standby server, also known as the dualized server, and the single-user backup server. These redundancy options are safeguards against lost production output or safety hazards arising from the absence of on-line surveillance data. Their characteristics are described in further detail in the following.
Note
Neither solution is included in the standard IGSS package. They must be purchased separately.
Hot standby (or dualized) server
As the name implies, this solution protects your system against server failure. By setting up a second, or dualized server, uninterrupted process surveillance and control is assured. The dualized server runs in parallel to the primary IGSS server in hot standby mode. All process data received by the primary server is also received on the dualized server. Upon primary server failure, the hot standby server takes over the full server function both with respect to data collection and communication with plant surveillance workstations. There is no loss of data or loss of process control due to blackouts.
After recovery, the primary server resumes its normal function. The
data collection gap present on the primary server, which occurred when
it was "down", is remedied by fetching the missing data from
the hot standby server when the primary server is brought back on-line.
A/B switch
This option is only chosen in the following two specific situations. The first is when there is only one transmission line available for communication between the IGSS server and remote PLCs. This might be the case, for example, in a context where the expense of leasing a second transmission line for communicating with outlying PLCs would be prohibitive. The second situation is when the PLCs are unable to communicate effectively with 2 servers simultaneously due to PLC resource limitations of one kind or another.
The A/B switch can be implemented as a software solution only, or with a physical hardware switch.
In the hardware switch solution, the A/B switch box is installed with one switch position connected to each of the two servers, the primary server and the hot standby server. Additions or modifications to the running configuration can be implemented on the hot standby server by an administrator. When the changes are completed, the administrator switches plant surveillance workstations over to the hot standby server and then uploads the new configuration to the primary server. After the new configuration is in place on the primary server, the administrator once again switches surveillance workstations back to the primary server and the new configuration becomes the newest, valid operations configuration. The A/B switch is placed at the LAN/WAN periphery to control to which server data collection from remote PLCs is to be directed.
Workstations are automatically switched to the hot standby server while the new configuration is being uploaded to the primary server, and back again when the new configuration is running on the primary server. These workstations need not be informed of the changes and are switched back and forth between the servers automatically.
In the event of Primary server loss, the Secondary server goes into operation automatically and takes over as (new) Primary server. While the original Primary server has been in operation, all its data has automatically been replicated onto the Secondary server.
(Implementation of this solution requires the following hardware from, for instance, Black Box: Ganged Switching System, Remote System Gang Controller and an RS-232/V.24 Line Sharer.)
In the "soft switch" solution, the primary and the hot standby server are both connected to the PLCs. This solution assumes that the individual PLCs have two connections available to the data communication network. No other hardware is required.
For both A/B switch solutions, the appropriate station type for the servers must be correctly selected in the System Configuration program. In this case, AB primary must be selected for the primary IGSS server, and AB secondary must be selected for the hot standby server.
Single-user backup server
Another type of redundancy is the single-user backup server. This solution is often used in remote locations where process data collection and plant control must continue even in the event of a communications line failure into the IGSS server, or in situations where protection of only selected components in a plant is required.
The single-user backup server is set up on an ordinary plant surveillance workstation. In the event of failure of the IGSS server, the workstation then restarts as a single-user backup server and fulfills the functions of both surveillance workstation and server at the same time. The process components to be safeguarded here must, of course, be connected to the single-user backup server in addition to having been connected to the IGSS server.
If there is a need to maintain access to historical data when the IGSS server fails and the single-user backup server takes over, then installation of a separate file server which stores historical data is recommended.
