The engineering definition of redundancy is “the inclusion of extra components which are not strictly necessary to functioning, in case of failure in other components.” In the Industrial Automation space, redundancy is critical. Not planning for redundancy can easily result in vulnerability to financial losses due to unexpected downtime. There are multiple types of redundancy in the industry. In this blog, we will be covering “Media-Level Redundancy”.
Media-Level Redundancy is when you create a backup network, network type or device for communications to continue should the primary experience failure. The TOP Server Media-Level Redundancy Plug-In facilitates duplicate or backup systems used to maintain reliable communications with the critical components in your environment which in turn minimizes data loss and increases the availability of your critical industrial data. This allows for a redundant system to take over without interruption of service in the event of a failure. If you're interested in handling redundant OPC Server instances, please see the related blog posts list at the end of this post.
Media-Level Redundancy in TOP Server
Media-Level Redundancy is a free feature plug-in available in TOP Server versions 5.6 and up. Both modes of redundancy can be used together or separately to provide the reliability necessary. The plug-in is available to Serial or Ethernet drivers, Modbus Plus drivers operating in client mode, and the OPC UA Client Driver. Please see the entry from our knowledgebase, TOP Server Media-Level Redundancy Support, for more information on what drivers are supported by the plug-in.
The TOP Server Media-Level Redundancy Plug-In supports two types of redundancy shown in the diagram below.
- Communications Path Redundancy
- Device Pair Redundancy
Communications Path Redundancy is utilized when a user would like to communicate with a device over multiple communication methods. For example, your device may support both Ethernet and Serial communication. Communications Path Redundancy allows you to set the primary source of communication as Ethernet and then also assign the device to use Serial communications should the Ethernet network become unavailable.
Device Pair Redundancy is used when you have two identical devices programmed with the exact same logic running as a redundant pair. In TOP Server, you would utilize the redundant configuration settings to define a primary PLC and a secondary PLC. You would also specify when the server is to failover to the secondary PLC and switch back to the primary PLC. It should be noted that this can be accomplished with more than just two devices.
To enable Media-Level Redundancy, select the plug-in during the installation of TOP Server. If TOP Server is already installed, run the installer and select “Modify” to add the plug-in.
Enabling the Media-Level Redundancy Plug-In with the installer will add a “Redundancy” tab in Device Properties of the primary device. You configure redundancy under this Property Group, regardless of whether you are using Communications Path or Device Pair Redundancy.
Configuring Device Pair Redundancy
For this blog, we will step through configuring Device Pair Redundancy. To configure, we will need to specify an unaliased path to our secondary device that will serve as the backup if our primary device fails. If you are interested in more information on configuring Communications Path Redundancy, please see our related blog post, Revisiting TOP Server Redundancy with Communication Paths.
In the below image, you can see we have configured both a “Primary_Device” and a “Secondary_Device”. Under the Primary_Device property editor, you will find the Redundancy tab. This is where you specify the explicit, unaliased path to the Secondary_Device. This will allow the Secondary_Device to act as a backup should the Primary_Device fail.
Selecting a secondary device:
- Navigate to the Redundancy tab found in the primary device properties.
- Click the ellipsis to open the “Select a Device” window.
- Next, select the Secondary_Channel where the backup device is configured.
- Lastly, select the Secondary_Device to set as the failover device.
Now it is time to select the Operating Mode. This specifies how the active device is chosen at runtime. There are 4 options:
- Switch On Failure
- Switch On Trigger
- Primary Only
- Secondary Only
Switch On Failure Mode determines that communication fails over to the selected secondary device when the primary device enters an error state. The system’s active device will return to the primary device once it is no longer in an error state. This Operating Mode allows the selection of an optional Monitored Item and Monitor Interval to monitor the health of the device connectivity. If the Monitored Item is left blank, a tag is automatically chosen.
The Switch On Trigger Mode is when the server monitors a configured trigger item. When the trigger condition becomes true, communication will switch over to the configured secondary device. If the condition is false, communication will remain on the primary device. The user will need to specify a Trigger Item, as well a Trigger Scan Rate (ms) and Trigger Type. The Trigger Type options are:
- Quality Not Good – the failover occurs if the Trigger Item has any quality besides Good.
- Value – the failover occurs when the Value of the Trigger Item is equal to, not equal to, greater than, or less than the specified value.
- No Data Change – the failover occurs when the value of the Trigger Item does not change for a certain amount of time, specified in the Timeout (ms) property. This is helpful if your Trigger Item is a heartbeat tag that is expected to change its value at a certain interval.
Both Primary Only and Secondary Only are typically used for maintenance. When one is selected the other is taken offline. Communication will not failover regardless of the error state.
In the example seen below, we have selected the Switch On Failure Mode.
As mentioned above, because we are leaving the Monitor Item empty, the TOP Server will automatically choose a tag and monitor whether it is active every 300 seconds, or 5 minutes.
Lastly, by default, Return to Primary ASAP is set to Yes. When set to Yes, the primary is re-activated as soon as possible following a transition of its error state from True to False. If set to No, the device would need to be re-activated at a configured time.
If all the above is configured correctly, a device with a redundant configuration will display the double device icon in the server Configuration Project View user interface.
Now that you have a redundant pair configured, we will cover how to monitor our redundant devices. Each redundancy definition has a set of specific read-only system tags created in the _System tag group for the primary device. These tags can be used to observe the current failover status from any client application, including whether the primary or secondary connection is currently active and how many failovers have occurred since the last reset of the counter. For more information please refer to the Media-Level Redundancy Plug-In help file (which also installs with TOP Server).
This post has shown the importance of redundancy in your automated systems and proven that TOP Server can provide an easily configurable solution for your device and communications path redundancy needs.
If you are interested in using the TOP Server Media-Level Redundancy Plug-In, please contact our support team with any questions. We will help you identify the best way to configure your project based on your use case. Don’t forget to subscribe to our blog to find out about the latest updates to TOP Server.
