PR03 High Availability
Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process)
Agenda Overview Controllers & I/O Software Networks Servers & Storage
What is High Availability? High availability is a system implementation that ensures a certain degree of operational continuity during a given time period. Avoid or minimize application disruption due maintenance Avoid or minimize application disruption due to hardware or software failure Availability % Availability is measured as a % of time, often expressed as # of 9 s High Availability is more than redundancy Possible Downtime per Year 99% 3.65 days 99.9% 8.76 hours 99.99% 52.6 minutes 99.999% 5.26 minutes 99.9999% 30 seconds
Why Design for High Availability? To protect production and product quality To protect critical equipment and assets To protect the environment To protect plant personnel
Where is High Availability Applied? Design for High Availability applies at every level of the system, from operator stations to I/O and from power to servers High Availability Design Consideration Replicated OWS Redundant L2 Switch OWS Sw P OWS Sw S Process requirements Redundant Server PASS PASS Failure modes and impact Cost Redundant L2 Switch Redundant L3 Switch (Router) Sw P Sw P Sw S Sw S Redundant L2 Stratix Sw P Sw S Redundant Controller PS PS CLX P CLX S PS PS Dual ControlNet Media Limited Fault Tolerant IO PS PS 1756 I/O 1715 I/O PS PS
Agenda Overview Controllers & I/O Software Networks Servers & Storage
High Availability for I/O 1715 Redundant I/O Features: Fault-tolerant I/O Ability to operate on Device Level Ring Benefit: Integrates all levels of a system on a common fault-tolerant network Advantages: Automatic switch over in the event of any fault in a module pair Requires no additional hardware to implement and no programming required
1715 Redundant I/O Features Redundant Power Supply Three Slot I/O Backplanes Two Slot Adapter Backplane Redundant Termination Assemblies DLR Ports Redundant Ethernet Adapters Redundant Output Modules 24VDC Discrete Input Module 24VDC Discrete Output Module 4 to 20 ma Analog Input Module 4 to 20 ma Analog Output Module Redundant 24VDC Power supply connections Redundant Input Modules
ControlLogix Redundancy Dual chassis design Full redundancy Both chassis match Transparent Primary/Secondary chassis IP address swap ControlNet node swap Easy to use No special code Automatic crossload Treat as one chassis Uses Standard 1756 hardware Up To: 2 Controllers 7 Communications Modules
ControlLogix Redundancy Overview Operation Basics Application from primary is automatically loaded into the secondary processor Data changes are sent to secondary at the end of each program. The secondary controller is synchronized with the primary via Sync Points at each crossload point. System is Floating Master type. Each chassis is capable of being primary Primary Chassis Secondary Chassis 1756-RM2
Enable ControlLogix Redundancy Controller Properties New Controller Dialog
ControlLogix Redundancy Considerations Limitations of ControlLogix redundancy: The following modules are unsupported in a redundant chassis I/O DH/RIO DNB Most third party modules Motion Control Sercos or CIP Motion Inhibit a task Event task Unicast Data Consumer Redundancy system can be producer to another controller as Unicast. Firmware supervisor
Agenda Overview Controllers & I/O Software Networks Servers & Storage
Software High Availability Key portions of the FactoryTalk Suite and Platform support redundancy that can be part of an High Availability solution FactoryTalk View SE RSLinx TM Enterprise FactoryTalk Alarms & Events FactoryTalk Historian SE
FactoryTalk Services Common software license management for all FactoryTalk products Common address lookup of resources that are shared among FactoryTalk enabled products Common security authority for all FactoryTalk components in the system Common diagnostic messaging subsystem across all FactoryTalk products Activation Directory Security Diagnostics Comprehensive record of any changes made to the manufacturing system Audit Enterprise-wide access to realtime manufacturing data Live Data Enterprise-wide notification to real-time alarms and events that require action Alarms and Events
FactoryTalk View SE Server Redundancy Primary Server Secondary Server Ensures visibility in the event of a system hardware or network failure FactoryTalk services provide health detection and automatically switch View SE clients over to the secondary server in the event of failed primary server The View SE client will transition to the secondary with no loss of operation or system visibility
FactoryTalk View SE - Configuration
FactoryTalk Historian Redundant LiveData Interface Recommendation is to have the Interface node on the same computer as RSLinx Enterprise
FactoryTalk Historian Configuration
Agenda Overview Controllers & I/O Software Networks Servers & Storage
Networking High Availability Overview Enterprise Zone Levels 4 and 5 Windows 2003 Servers Remote desktop connection VPN Demilitarized Zone (DMZ) Gbps Link for Failover Detection Firewall (Standby) Cisco ASA 5500 FactoryTalk Application Servers View Historian AssetCentre Transaction Manager FactoryTalk Services Platform Directory Security Data Servers Level 0 2 Firewall (Active) Layer 3 Router Layer 3 Switch Stack Cisco Catalyst Switch Demilitarized Zone (DMZ) Manufacturing Zone Site Manufacturing Operations and Control Level 3 Network Services DNS, DHCP, syslog server Network and security management Cell/Area Zone Drive Controller HMI Distributed I/O Cell/Area #1 (Redundant Star Topology) Rockwell Automation Stratix 8000 Layer 2 Access Switch Controller HMI Drive Cell/Area #2 (Ring Topology) HMI Controller Drive Distributed I/O Cell/Area #3 (Bus/Star Topology)
Networking High Availability Spanning Tree Distribution Switches Catalyst 3750 Switch Stack STP IEEE 802.1D Designed to detect and prevent network loops One link forwards traffic in both directions, secondary link does not F X B F Stratix 8000 Access Switches X B Pros Helps ensure user error does not create loops causing broadcast storms Cons Slow convergence time Trunk bandwidth lost to redundancy F - Forwarding B - Blocking
Networking HA - Etherchannel Distribution Switches Catalyst 3750 Switch Stack LACP IEEE 802.3AD Designed to increase bandwidth on trunk connections by aggregating identical links together Both links forward traffic simultaniously F F F Stratix 8000 Access Switches F Pros Increase trunk bandwidth Faster convergence than STP Cons Etherchannel must be configured on both ends of the connection Not supported by all industrial switches F - Forwarding B - Blocking
Networking HA FlexLinks Distribution Switches Catalyst 3750 Switch Stack Dedicated link redundancy Configured at the access layer switch. Access switch listens for packets on both links but only replies on the primary F F B B Stratix 8000 Access Switches F F Pros Fast convergence time Simple configuration on one end only Cons Cisco proprietary feature Trunk bandwidth lost to redundancy Bottom up instead of top down configuration F - Forwarding B - Blocking
Networking High Availability REP Catalyst 3750 Switch Stack Resilient Ethernet Protocol - Cisco proprietary protocol for ring topologies Allows ring topology with faster convergence time than spanningtree Pros Fast convergence time Simpler cable routing between switches Cons Cisco proprietary feature Read ENET-TD005A-EN-P Deploying the Resilient Ethernet Protocol (REP) in a Converged Plant wide Ethernet System (CPwE) Design Guide Limited number of switches supporting protocol
Agenda Overview Controllers & I/O Software Networks Servers & Storage
What is Virtualization? Traditionally the OS and its applications were tightly coupled to the hardware they were installed on Virtualization breaks the link between operating system and physical hardware This allows the ability to change hardware without replacing the OS or applications Additionally multiple instances of an OS with independent applications can now run on the same hardware Application Operating Hypervisor System
Reliability: High Availability Automatic restart of failed virtual machines Resource Pool VMware ESXi VMware ESXi VMware ESXi Operating Server Operating Failed Server Operating Server
Reliability: VMware Fault Tolerance Simultaneous execution across two physical servers No Reboot Seamless Cutover VMware ESXi VMware ESXi VMware ESXi OperatingServer OperatingServer Failed OperatingServer
Increasing Uptime and Availability Local Site Failover Site vsphere vsphere vsphere vsphere vsphere Local Availability vsphere High Availability vsphere Fault Tolerance vmotion and Storage vmotion Disaster Recovery vcenter Site Recovery Manager Includes vsphere Replication Data Protection vsphere Data Recovery Storage APIs for Data Protection
Typical Hardware Architecture In the data center Storage array (iscsi, FC, NFS) 2-5 physical servers Redundant gigabit switches In the office and on the shop floor Legacy desktops Ruggedized laptops Solid state thin clients Tablets (ipad / Android)
What is the Industrial Data Center? Industry-leading partners collaborating with Rockwell Automation to help your business realize the benefits of virtualization through a pre-engineered, scalable infrastructure offering. Complete turn key solution including: Hardware Software Factory assembly On-site configuration Documentation TechConnect SM support Model Shown: E3000 Standard pre-engineered industrial solution to simplify deployment making commissioning and maintenance easier, scalable, and more supportable.
Stratus Fault-Tolerant Servers Fully redundant hardware Managed like a single server Plug-and-play operational simplicity No failover time No data loss Hot-swappable components 24/7/365 support
Data Protection High Availability is more than Redundancy Remember Data Protection! Data / Virtual Machine Backup VMware Data Protection Symantec NetBackup EMC Avamar Controller source protection FactoryTalk Asset Centre Anti-Malware Protection McAfee MOVE and epo Symantec Endpoint Protection
FactoryTalk AssetCentre Platform Set of asset-centric focused tools to securely and centrally manage your automated production environment Centrally archive electronic files/folders Provide backup and compare of operating asset configurations Track users actions Secure access Configure process instruments Manage process instruments calibrations Scalable design allows expansion of functionality and device counts Practical application for small-line applications and site-wide installations Low entry cost easily supports testing and proof of concept work FactoryTalk AssetCentre is a tool to manage automation assets
High Availability Live Demo
Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process)
PR03 High Availability Q&A