Redundancy (from Latin Redunda) means 'presence of extra components beyond what is needed for the proper function of a device'.
By building in spare components you can increase a plants availability so that the plant will continue to run even if one component will fail.
Observe the difference between availability and safety. You can also use doubled components to control each other; for example doubled sensors to control a function or double relay contacts in a safety relay. In this text we talk about redundancy in the sense of increasing availability.
The large PLC and SCADA manufacturers have complete redundancy solutions.
The most important is first to make a risk and consequence analysis. Where is the risk of component failure biggest and where will a fault have the largest consequences. An important aspect is of cause cost. Redundancy solutions increase cost.
Some possibilities:
PLC
Power supply; Simatic S7-400 supports the use of double power supplies if the right rack is used. This way you may not only guard yourself against faulty power supply units. You can also connect them to different power sources
Communication and bus connections. Communication systems are perhaps those components most subject to disturbances. If it is important to safeguard communication you might consider double your bus system. Fiber connections should use a ring topology.
Sensors and I/O boards. Sensors may break and for important functions you may want to use two sensors connected to different I/O modules.
Complete redundant PLC. A complete redundancy solution consists of two complete central racks with a special communication connection between them. The primary controller executes the program while the backup controller is kept updated via the communication link. I/O nodes in the form of Profibus nodes are connected to both CPUs through two separate busses. In the case of a fault on the primary CPU the secondary CPU immediately takes over.
PC (SCADA systems)
Power supply. Power supply and power source is probably the most sensitive part of a PC. There are redundant power supplies and power supplies which can be fed from two different power sources.
Hard drives. Mirrored drives (RAID1) is a cheap way to guard yourself against hard disk crashes.
Network cards. Even for PCs there exists the possibility to have double network cards.
Complete redundant PC. All leading SCADA manufacturers has solutions for redundant servers. Some does however have an extra license cost for this in addition to paying a license fee for the extra I/O server. A redundant SCADA server works so that one system acts as primary server while the backup server is updated via a communication link. In case of a fault on the primary server the backup server takes over. This goes for all server functions; I/O communication, alarms, trends etc.
Other components
Switches. As a first step you may chose a switch with dual power supplies. For enhanced redundancy you can use an advanced switch which can route the traffic through alternative routes. |
