Upload File

opc-redundancy.pdf

6
Cogent Real-Time Systems Inc Copyright © 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com Redundancy for OPC by Robert McIlvride and Andew Thomas Cogent RealTime Systems Inc. Early one morning, Mel Farnsworth was sitting in the control booth at the Hardy Automotive Parts assembly line, drinking his final cup of coffee before the end of the shift. Watching the line meter graph, he noticed that the yield and efficiency trends for the Line 3 had dropped to zero. He looked down through the controlroom window, but Line 3 seemed to be rolling right along. What was the problem? The line was running smoothly, but Mel wasn’t getting the data he needed. Somewhere between the PLCs and his HMI display there was a data disconnect. Maybe it was a fieldbus problem, or a bad network connection. Perhaps it was caused by his OPC server, or possibly even his HMI system. Whatever the reason, since Mel’s data connection was a single chain, one break in the chain means that he didn’t get his data. To minimize this kind of risk and ensure the highest possible availability, missioncritical systems often use redundancy. What is Redundancy? Redundancy in a process control system means that some or all of the system is duplicated, or redundant. The goal is to eliminate, as much as possible, any single point of failure. When a piece of equipment or a communication link goes down, a similar or identical component is ready to take over. There are three types of redundant systems, categorized by how quickly a replacement (or standby) can be brought online. These are cold standby, warm standby, and hot standby. Cold standby implies that there will be a significant time delay in getting the replacement system up and running. The hardware and software are available, but may have to be booted up and loaded with the appropriate data. Picture the olden days of steam locomotives. The cold standby was the extra engine in the roundhouse that had to be fired up and brought into service. Cold standby is not usually used for control systems unless the data changes very infrequently. Warm standby has a faster response time, because the backup (redundant) system is always running, and regularly updated with a recent copy of the data set. When a failure occurs on the primary system, the redundant system can disconnect from the failed system and connect instead to the backup system. This allows the system to recover fairly quickly (within seconds, usually), and continue the work. Some data will be lost during this disconnect/reconnect cycle, but warm standby can be an acceptable solution where some data loss can be tolerated. Hot standby means that both the primary and secondary data systems run simultaneously, and both are providing identical data streams to the downstream client. The underlying physical

Upload: nguyenquitrong

Post on 16-Dec-2015

212 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Cogent Real-Time Systems Inc

    Copyright 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com

    RedundancyforOPC

    byRobertMcIlvrideandAndewThomasCogentRealTimeSystemsInc.

    Earlyonemorning,MelFarnsworthwassittinginthecontrolboothattheHardyAutomotivePartsassemblyline,drinkinghisfinalcupofcoffeebeforetheendoftheshift.Watchingthelinemetergraph,henoticedthattheyieldandefficiencytrendsfortheLine3haddroppedtozero.Helookeddownthroughthecontrolroomwindow,butLine3seemedtoberollingrightalong.Whatwastheproblem?Thelinewasrunningsmoothly,butMelwasntgettingthedataheneeded.SomewherebetweenthePLCsandhisHMIdisplaytherewasadatadisconnect.Maybeitwasafieldbusproblem,orabadnetworkconnection.PerhapsitwascausedbyhisOPCserver,orpossiblyevenhisHMIsystem.Whateverthereason,sinceMelsdataconnectionwasasinglechain,onebreakinthechainmeansthathedidntgethisdata.Tominimizethiskindofriskandensurethehighestpossibleavailability,missioncriticalsystemsoftenuseredundancy.WhatisRedundancy?Redundancyinaprocesscontrolsystemmeansthatsomeorallofthesystemisduplicated,orredundant.Thegoalistoeliminate,asmuchaspossible,anysinglepointoffailure.Whenapieceofequipmentoracommunicationlinkgoesdown,asimilaroridenticalcomponentisreadytotakeover.Therearethreetypesofredundantsystems,categorizedbyhowquicklyareplacement(orstandby)canbebroughtonline.Thesearecoldstandby,warmstandby,andhotstandby.Coldstandbyimpliesthattherewillbeasignificanttimedelayingettingthereplacementsystemupandrunning.Thehardwareandsoftwareareavailable,butmayhavetobebootedupandloadedwiththeappropriatedata.Picturetheoldendaysofsteamlocomotives.Thecoldstandbywastheextraengineintheroundhousethathadtobefiredupandbroughtintoservice.Coldstandbyisnotusuallyusedforcontrolsystemsunlessthedatachangesveryinfrequently.Warmstandbyhasafasterresponsetime,becausethebackup(redundant)systemisalwaysrunning,andregularlyupdatedwitharecentcopyofthedataset.Whenafailureoccursontheprimarysystem,theredundantsystemcandisconnectfromthefailedsystemandconnectinsteadtothebackupsystem.Thisallowsthesystemtorecoverfairlyquickly(withinseconds,usually),andcontinuethework.Somedatawillbelostduringthisdisconnect/reconnectcycle,butwarmstandbycanbeanacceptablesolutionwheresomedatalosscanbetolerated.Hotstandbymeansthatboththeprimaryandsecondarydatasystemsrunsimultaneously,andbothareprovidingidenticaldatastreamstothedownstreamclient.Theunderlyingphysical

  • Cogent Real-Time Systems Inc

    Copyright 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com

    systemisthesame,butthetwodatasystemsuseseparatehardwaretoensurethatthereisnosinglepointoffailure.Whentheprimarysystemfails,theswitchovertothesecondarysystemisintendedtobecompletelyseamless,orbumpless,withnodataloss.Hotstandbyisthebestchoiceforsystemsthatcannottoleratethedatalossofacoldorwarmstandbysystem.ATypicalRedundantOPCSystemWhatdoesredundancylooklikeinanOPCbasedsystem?AtypicalscenariowouldhavetwoOPCserversconnectedeithertoasingledeviceorPLC,orpossiblyduplicatedevicesorPLCs.ThosetwoOPCserverswouldthenconnecttosomekindofOPCredundancymanagementsoftwarewhich,inturn,offersasingleconnectiontotheOPCclient,suchasanHMI.TheredundancymanagerisresponsibleforswitchingtothesecondaryOPCserverwhenanyproblemariseswiththedatacomingfromtheprimaryOPCserver.ThisscenariocreatesaredundantdatastreamfromthephysicalsystemallthewaytotheHMI.

    ThemostcommonuseofredundancyinOPCisforOPCDA,butitispossibletoconfigureredundantOPCA&EorOPCUAsystems.Theprinciplesarethesame.Sometimes,onlargesystems,itisnecessarytoconfiguremultipleredundantpairs.Redundancycanalsobeconfiguredoveranetwork,usingDCOMorOPCtunneling.Foranetworkedconfiguration,theredundancymanagerwouldnormallyresideontheOPCclientmachine,tominimizethenumberofpotentialpointsoffailure.Althoughcoldorwarmstandbymaybeusefulundersomecircumstances,typicallyanengineerorsystemintegratorimplementingaredundantOPCsystemislookingforhotstandby.Thisisthemostusefulkindofredundancyinaprocesscontrolsystem,andatthesametimethemostdifficulttoachieve.LetslookalittlemorecloselyatthatallimportanttaskoftheOPCredundancymanagerinahotstandbysystemmakingtheswitch.

    cpeme-cd00101Highlight

    cpeme-cd00101Highlight

    cpeme-cd00101CalloutOPC Data Access is a group of standards that provides specifications for communicating real-time data from data acquisition devices such as PLCs to display and interface devices like Human-Machine Interfaces (HMI).

  • Cogent Real-Time Systems Inc

    Copyright 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com

    MakingtheSwitchPutsimply,ahotstandbyredundancymanagerreceivesdatafromtwoidenticalinputs,andsendsasingleoutputtotheOPCclient.Itistheredundancymanagersjobtodetermineatalltimeswhichofthetwodatastreamsisthebest,andswitchfromonetotheotherassoonaspossiblewheneverthestatuschanges.Theswitchcanbetriggeredbyanumberofdifferentkindsofevents:

    Singlepointvaluechangetoorfromacertainvalue,achievingathreshold,etc. Singlepointqualitychangeforexample,fromGoodtoanyotherOPCquality. Multipleitemmonitoringifthequalityorvalueofanypointinagroupgoesbad. Rateofchangemonitoringifpointschangevaluemoreslowlythanexpected. Networkbreaksandtimeoutscheckedwithsomekindofheartbeatmechanism.

    Oncetheswitchhasoccurred,thesystemortheredundancymanageritselfmighthavetheabilitytosendanalarmoremailmessage,orevenlaunchsomekindofdiagnosticorinvestigativeprogram.ItmightalsobeabletologdiagnosticinformationaboutthestateoftheprimaryOPCserverornetworkconnection.Andinasystemthatdistinguishesbetweenprimaryandsecondaryinputs,therewilloftenbeameanstofavortheprimaryinput,andswitchbacktoitwhenpossible,sometimesreferredtoasafallback.

    PracticalConsiderationsTheideaofredundancyisnotdifficulttograsp,butimplementingittakessomethought.Aninitialdecisiononcold,warmorhotstandbywillimpactallaspectsoftheimplementation.Thechoiceofproperhardwareandsoftwareiscriticalforawellfunctioningsystem.Robustsystemarchitectureisalsoimportant,especiallyiftheconnectionisacrossanetwork.InadditiontoselectingOPCserversandplanningthenetworkinfrastructure(ifnecessary),animportantdecisionwillbethesoftwareusedtomanagetheredundancy.Goodredundancymanagementsoftwareshouldbeeasytouse,withnoprogrammingnecessary.Thetechnologyshouldbeuptodate,capableofrunningonthelatestversionofWindows.Thereshouldbeanabsoluteminimumchanceofdatalossduringaswitchover,evenoveranetwork.TheTimerPitfallInpracticeitisnotpossibletoachieveacompletelyseamlessswitchoverinallcases,evenwithahotstandbysystem.Forexample,ifanetworkfailureoccursontheprimaryconnection,acertainamountoftimewillpassbeforearedundancymanagercandetectthatfailure.Datatransmittedduringthisperiodwillfailtoarrive,buttheredundancymanagerwillnotbeabletodistinguishbetweenafailureandanormalpauseindataflow.

  • Cogent Real-Time Systems Inc

    Copyright 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com

    Manyredundancymanagersimplementtimerstoperiodicallycheckthenetworkconnectionstatustotrytominimizethisdelay,butaswitchovermechanismbasedonperiodictimerswillalwayssufferfromdataloss.Systemswithmultipletimingparameterswilloftenresultinadditivedelays,wherethefastestpossibleswitchoverforthesystemisthesumofthesetimingdelays.Inaddition,theuseoftimerstodetectnetworkfailurecanresultinaconfigurationproblemwherethesystemintegratormusttradeoffswitchoverlatencyagainstfalsepositivenetworkfailuredetection.Thiseffectivelybecomesatradeoffbetweensystemstabilityandresponsiveness.Usingtimerstoperiodicallycheckdatavaluesorqualities,orpolltheOPCservers,isalsoproblematicbecausetimersintroduceunnecessarylatencyintothesystem.Whereasanetworkfailuremustbedetectedbasedontiming,adatavalueorqualitychangecanbedetectedimmediatelyastheeventoccurs.Itisusuallybesttoavoidsystemsbasedontimebasedvaluechangedetection,anduseeventbasedobjectmonitoringinstead.ObjectandLinkMonitoringAgoodredundancymanagershouldbeabletosupportbothobjectmonitoringandlinkmonitoring.Objectmonitoringmeanstheabilitytomonitorindividualpoints,andmakeaswitchoverbasedonanevent.Forexample,ifadesignatedwatchdogtagchangesinasignificantway,suchasturningnegativeorgoingoveraspecifiedthreshold,itcantriggeraswitchtothesecondaryOPCserver.Ormaybeyoudliketomonitoragroupofpoints,andifthequalityofanyofthemgoestoBadorUnconnected,youcanswitch.Linkmonitoringisespeciallyusefulfornetworkedconnections.Yoursystemwillneedawaytodetectanetworkbreakveryquickly,topreventdataloss.Forhotstandbyonhighspeedsystemswithfastdataupdaterates,timeoutdetectionwithasubsecondresponserateisessential.Inanyevent,thesystemshouldbeabletodetectatimeoutforafailednetworkconnection,aswellasafailuretoreceivedata.Thisdistinctionisimportant.Itmaytakesecondsorevenminutestodetectacommunicationfailure,butaredundancymanagershouldbeabletodetectastoppageofdataflowinanamountoftimeveryclosetothetruedataratefromthephysicalsystem.Theredundancymanagershouldbeabletoswitchfromonesourcetotheotherbasedsolelyonanobservationthatdatahasnotarrivedfromtheprimaryconnection,buthasarrivedfromthebackupsystem.SomesystemsuseCOMtimeoutsforlinkmonitoring.Thismaybeacceptableforcircumstanceswhererelativelylongdataoutagesaretolerable,butwedonotrecommendrelyingonCOMtimeoutsforhotorwarmstandby.SmartSwitchoverThebehavioroftheredundancysystemduringaswitchovercanbesignificant.Forexample,supposetheprimaryandsecondaryconnectionshavebothfailedforsomereason.AtypicalredundancymanagerwillbeginacycleofattemptingtoattachtooneandthentheotherOPC

  • Cogent Real-Time Systems Inc

    Copyright 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com

    serveruntiloneofthemresponds.Theredundancymanagerwillflipflopbetweenthetwoindefinitely,injectingsleepperiodsbetweeneachflipfloptoreducesystemresourceload.Thissleepperiodisitselfasourceoflatency.Asmarterswitchovermodelistomaintainasourcehealthstatusthatallowstheredundancymanagertoonlyswitchoverwhenasourcestatuschanges.Thisallowstheredundancymanagertoeffectivelyidle,orperformsimultaneousreconnectionattempts,untilasourcestatuschanges,thenimmediatelyrespondwithoutintroducingextralatency.Smarterswitchinglogiccanresultinsubstantiallyreducedsystemloadandswitchovertimes.ForcedSwitchingvsPreferredSourceItisusefultobeabletoselectonedatasourceoveranother,evenifthecurrentlyattachedsourceishealthy.Anaveredundancymanagerwillforcetheusertoswitch,evenifthebackupsystemisnotavailable.Thiswillagainresultinaflipflopbehaviorastheredundancymanagerattemptstoswitchtotheunavailablebackupsource.Amuchbetterapproachisfortheredundancymanagertounderstandtheconceptofapreferredsourcethatcanbechangedatruntime.Ifthepreferredsourceisavailable,theredundancymanagerwillswitchtoit.Iftheuserwantstoswitchfromonesourcetoanother,hesimplychangesthepreferredsource.Ifthatsourceisavailable,theswitchwillbemade.Ifitisnot,theredundancymanagerwillmaketheswitchonlywhenitbecomesavailable.Thiseliminatestheflipflopbehaviorwhileatthesametimeeliminatingthedatalossassociatedwiththeminimumoftwoswitchcyclesthatthenaveredundancymanagerwillimpose.AccessingRawDataAgoodhotredundancysystemwillgivetheclientapplicationaccessnotjusttotheredundantdata,butalsototherawdatafrombothsources.Thisgivestheclientapplicationtheoptionofpresentingdiagnosticinformationaboutthesystemonthefarsideoftheredundancymanager.Mostredundancymanagershidethisinformationsothataclientapplicationwouldhavetomakeandmanagemultipleconnectionstoaccesstherawdata,ifitispossibleatall.OtheroptionsandfeaturesInadditiontotheabovecapabilities,agoodredundancymanagermayofferadditionalfeaturesforyourconvenience.Itmightprovidetheoptiontorefreshtheentiredatasetatswitchover.Maybeitwillsendoutemailsorevenlaunchadditionalprogramsateachswitchover.Thiscanbeusefulfornotifyingkeypersonnelofthesystemstatus.Itmaylogdiagnosticstoprovidevaluableinformationaboutthereasonsformakingtheswitch.Someredundancymanagerscanconnecttomultipleservers,andcreatemultipleredundantconnections.Otherscanletyouworkwithsubsetsofthedata.Anotherdesirablefeatureistheabilitytoassigntheprimaryandsecondarydatasources,andtotriggerafallbackfromthesecondarytotheprimarydatasourceoncetheproblemthatcausedtheswitchoverhasbeenresolved.

  • Cogent Real-Time Systems Inc

    Copyright 2011, Cogent Real-Time Systems Inc. www.cogentdatahub.com

    Ascontrolsystemscontinuetogrowincomplexity,andaswerelymoreandmoreonthem,MelFarnsworthssituationwillbecomemorecommon,andmorecostly.Ifdataconnectivityiscrucialtothesuccessofthecompany,itwouldbewisetoconsiderthepossibilityofinstallingaredundantsystem,andtoweightheoptionscarefullywhenchoosingthekeycomponents.

    Foundedin1995,CogentRealTimeSystemsprovidesversatileandreliablemiddlewareproductstoenablerealtimedataintegrationandaccessforindustrial,embedded,andfinancialsystems.CustomersincludeSiemens,ABB,Honeywell,IBM,GE,Statoil,Goodyear,BASF,CadburyChocolate,andtheBankofCanada.Formoreinformation,pleasecontactCogentatinfo@cogent.caorvisitourwebsiteatwww.cogentdatahub.com.Youcanalsocallusat+1(905)7027851.


OPC middlEwarE OPC Easy Connect Suite...OPC Bridge – OPC Communication Across Specification Boundaries The OPC Bridge ensures interoperability of OPC Servers and OPC Clients supporting

OPC Use Cases and Benefits Thomas J. Burke OPC Foundation … · 10/5/2012 1 OPC Use Cases and Benefits Thomas J. Burke OPC Foundation President & Executive Director OPC Foundation

Climatix™ Remote OPC Server POL0L9.00/xxx ... - …iqheat.com/IQHeat_Siemens_Climatix/Datakom/OPC/RemoteOPC_POL… · 7.1 OPC Server operation as Windows service ... OPC OLE for

OPC support OPC servers validation tests - CERNen-dep.web.cern.ch/en-dep/Groups/ICE/Services/OPC/... · OPC support OPC servers validation ... • Switch ON the wago node power supplies;

Introduction to OPChome.hit.no/~hansha/documents/control/opc/OPC Overview.pdf · Introduction to OPC ... • OPC - “Open Process Control”/“ Open Platform Communications

OPC Foundation Introduction · OPC Foundation Introduction Thomas J. Burke OPC Foundation President & Executive Director. OPC in Japan • Introduction • OPC Foundation Global Overview

Cross-Sector Antenna Sharing Redundancy.pdf

OPC-3 Beauty Blend OPC-3 Beauty Blend is our beauty blend opc OPC-3 Beauty Blend contains opc as our antioxidant to keep our bodies free of free radicals

OPC Unified Architecture - OPC--The Interoperability Standard for

OPC UA for Machinery - OPC UA - vdma.org - VDMA

PLCopen and OPC Foundation: OPC UA Information Model …€¦ · PLCopen and OPC Foundation: OPC UA Information Model for IEC 61131-3 - Release 1.00 March 24, 2010 . OPC UA Information

Fatek OPC Serverftp.fatek.pl/PLC/software/opc_server/opc-document-fateko... · 2020. 4. 10. · Table 1: Fatek OPC Server specification Item Characteristics Compliance with OPC Data

OPC Number - NASA · OPC N (

OPC General Page 1 of 56 TwinCAT OPC server ... - Fermilablartpc-docdb.fnal.gov/0001/000132/006/TwinCat_opc_server.pdf · OPC General OPC Definition OPC stands for "Openess Productivity

Configuring RSLinx OPC Server and OPC Client

Prosys OPC UA Client - downloads.prosysopc.com · OPC UA Client Overview Prosys OPC UA Client is a generic purpose OPC UA client. You can test connections and view data from any OPC

OPC kurs Introduksjon · Prediktor as OPC Kurs - OPC Data Access Oversikt 22 Eksempel på systemarkitektur 1 OPC Data Access server 2 OPC Data Access server 1 OPC Data Access server

OPC Quick Client - Kepware · SeeAlso:Server,Group,andItems. 3. ... ,OPC 1.0(WithTimestamp) ... OPC Quick Client Keywords: OPC Quick Client

WorkstationST* OPC® UA Server - GE...The OPC® Unified Architecture (OPC UA) standard combines the older standards of OPC Data Access (DA), OPC Alarm and Event (AE), and OPC Historical

Thomas Burke President & Executive Director OPC Foundation ...€¦ · Thomas Burke OPC Foundation Vision Stefan Hoppe OPC Marketing, OPC Collaboration Briefing, 2017 Events Michael

OPC Unified Architecture - Siemens AG · SIMATIC WinCC V7.2 - OPC Unified Architecture OPC UA Principles: Unified Access . Unified Access . OPC UA integrates existing OPC specifications

PowerPoint Presentationww1.prweb.com/prfiles/2017/02/11/14063749/OPC... · What is opc 3 OPC Foundation Standards 4 OPC Solves Compatibility 5. Benefits due to OPC OPC Specifications

Router Redundancy.pdf

Migrating from OPC Classic to OPC-UA - JACoW.org

2016 OPC marketing update OPC UA to become the … · -2016 OPC marketing update-OPC UA to become the accepted standard for IIoT and Industrie4.0-Increase visibility ... Basics: OPC

04. OPC Test Client (OPC Tag Name)

OPC UA Symposium - Automaatioseura · • OPC tools for storage and data analysis ... OPC Client OPC Server OPC Client ... • Needed small footprint to fit low power processor

Transcription factors, coregulators, and epigenetic marks are …vcp.med.harvard.edu/papers/re-redundancy.pdf · 2018. 1. 23. · RESEARCH ARTICLE Transcription factors, coregulators,

MATLAB OPC Toolbox Video...MATLAB OPC Toolbox • OPC Toolbox provides access to live and historical OPC data directly from MATLAB and Simulink • You can read, write, and log OPC

Future X Interface – OPC UA - electrospeed.roFuture X Interface –OPC UA Mao Hsu Product Manager ... Connect to a Mitsubishi via OPC UA PLC Driver OPC UA Server OPC UA Client Tag

OPC Developing OPC Apps

Putting OPC to Work: OSIsoft’s OPC Architecture

OLE for Process Control. Talk Outline u OPC Overview u What is OPC? u Why OPC at CERN? u OPC functionality and architecture? u OPC Data Access u Access

OPC Training Catalogue 2020€¦ · OPC Training Catalogue 2020. Introduction to OPC OPC Capability Presentation 2 Established in 1988, Oilfield Production Consultants (OPC) is a

Prosys OPC UA Client - User Manual 11.4.2016 Prosys ......Prosys OPC UA Client – User Manual Prosys OPC UA Client is a generic purpose OPC UA client. It implements the three OPC