PR03. High Availability

High Availability

Related Topics

• NI10 Ethernet/IP Best Practices

• NI15 Enterprise Data Collection Options

• NI16 Thin Client Overview

Agenda

Servers & Storage

Networks

Software

Controllers & I/O

What is High Availability?

• Avoid or minimize application disruption due maintenance

• Avoid or minimize application disruption due to hardware or

software failure

Availability is measured as a % of

time, often expressed as # of 9’s

High availability is a system implementation that ensures a certain

degree of operational continuity during a given time period.

Availability %

Why Design for High Availability?

To protect production and product quality

To protect plant personnel

To protect critical equipment and assets

Where is High Availability Applied?

Limited Fault Tolerant IO Dual ControlNet Media

• High Availability

Design Consideration

– Process requirements

– Failure modes and

impact

– Cost

Design for High Availability applies at every level of the system, from

operator stations to I/O and from power to servers

OWS Sw P PASS Sw P 1756 I/O OWS Sw S PASS Sw S 1715 I/O Sw S Sw P Sw P Sw S PS PS PS PS CLX P CLX S PS PS PS PS

Agenda

Servers & Storage

Networks

Software

Controllers & I/O

High Availability for I/O

• 1715 Redundant I/O

– Features:

• Fault-tolerant I/O

• Ability to operate on Device Level Ring

– Benefit: Integrates all levels of a

system on a common fault-tolerant

network

– Advantages:

• Automatic switch over in the event of any fault in a module pair

• Requires no additional hardware to

1715 Redundant I/O Features

Redundant Power Supply

Two Slot Adapter Backplane DLR Ports Redundant Ethernet Adapters Redundant Input Modules Redundant Output Modules Redundant Termination Assemblies

• 24VDC Discrete Input Module

• 24VDC Discrete Output Module

• 4 to 20 ma Analog Input Module

• 4 to 20 ma Analog Output Module

• Redundant 24VDC Power supply connections

Three Slot I/O Backplanes

ControlLogix

®

Redundancy



_{Up To:}

 2 Controllers

 7 Communications Modules



Dual chassis design



_{Full redundancy}

_{Both chassis match}



Transparent



_{Primary/Secondary chassis}

_{IP address swap}



_{ControlNet node swap}



Easy to use



_{No special code}



_{Automatic crossload}

_{Treat as one chassis}

ControlLogix Redundancy Overview

• Operation Basics

– Application from primary is

automatically loaded into the

secondary processor

– Data changes are sent to

secondary at the end of each

program.

– The secondary controller is

synchronized with the primary

via “Sync Points” at each

crossload point.

– System is “Floating Master”

type. Each chassis is capable

of being primary

Primary Chassis

Enable ControlLogix Redundancy

• Controller

Properties

ControlLogix Redundancy

Considerations

• The following modules are unsupported in a redundant

chassis

– I/O

– DH/RIO

– DNB

– Most third party modules

• Motion Control – Sercos or CIP Motion

• Inhibit a task

• Event task

• Unicast Data Consumer – Redundancy system can be

producer to another controller as Unicast.

• Firmware supervisor

Agenda

Servers & Storage

Networks

Software

Controllers & I/O

Overview

Software High Availability

• FactoryTalk View SE

• RSLinx

_Enterprise

• FactoryTalk Alarms & Events

• FactoryTalk Historian SE

Key portions of the FactoryTalk

_{Suite and Platform support}

FactoryTalk Services

enabled products

Directory

• Common security authority for all FactoryTalk components in the system Security • Common diagnostic messaging sub-system across all FactoryTalk products Diagnostics • Comprehensive record of any changes made to the manufacturing system Audit • Enterprise-wide access to real-time manufacturing data Live Data • Enterprise-wide notification to real-time alarms and events that require action

Alarms and Events

FactoryTalk View SE – Server Redundancy



Ensures visibility in the event

of a system hardware or

network failure



FactoryTalk services provide

health detection and

automatically switch View SE

clients over to the secondary

server in the event of failed

primary server



The View SE client will

transition to the secondary

with no loss of operation or

system visibility

Secondary Server Primary

FactoryTalk View SE -

Configuration

FactoryTalk Historian – Redundant

LiveData Interface

Recommendation is to have the

Interface node on the same computer as RSLinx Enterprise

Agenda

Servers & Storage

Networks

Software

Controllers & I/O

Overview

Networking High Availability

Overview

(Redundant Star Topology) (Ring Topology) Cell/Area #2 (Bus/Star Topology) Cell/Area #3 Cell/Area Zone Demilitarized Zone (DMZ) Demilitarized Zone (DMZ) Enterprise Zone Levels 4 and 5 Windows 2003 Servers

• Remote desktop connection

• VPN

FactoryTalk Application Servers

• View • Historian • AssetCentre • Transaction Manager FactoryTalk Services Platform • Directory • Security Data Servers Rockwell Automation Stratix 8000 Layer 2 Access Switch

Cisco ASA 5500 Cisco Catalyst Switch Manufacturing Zone Site Manufacturing Operations and Control Level 3

Network Services

• DNS, DHCP, syslog server

• Network and security management

Networking High Availability –

Spanning Tree

X

X

• STP IEEE 802.1D – Designed to

detect and prevent network loops

• One link forwards traffic in both

directions, secondary link does

not

• Pros

– Helps ensure user error does not create loops causing broadcast storms

• Cons

– Slow convergence time – Trunk bandwidth lost to

Networking HA - Etherchannel

• LACP IEEE 802.3AD

• Designed to increase bandwidth on trunk connections by aggregating identical links together

• Both links forward traffic simultaniously

• Pros

– Increase trunk bandwidth – Faster convergence than STP

• Cons

– Etherchannel must be configured on both ends of the connection

– Not supported by all industrial switches

Networking HA – FlexLinks

• Dedicated link redundancy

• Configured at the access layer switch. Access switch listens for

packets on both links but only replies on the primary

• Pros

– Fast convergence time

– Simple configuration on one end only

• Cons

– Cisco proprietary feature

– Trunk bandwidth lost to redundancy – Bottom up instead of top down

Networking High Availability – REP

Catalyst 3750 Switch Stack

• Resilient Ethernet Protocol -

Cisco proprietary protocol for ring

topologies

• Allows ring topology with faster

convergence time than

spanning-tree

• Pros

– Fast convergence time

– Simpler cable routing between switches

• Cons

– Cisco proprietary feature – Limited number of switches

supporting protocol

Read ENET-TD005A-EN-P “Deploying the Resilient Ethernet

Protocol (REP) in a Converged Plant wide Ethernet System

(CPwE) Design Guide

Agenda

Servers & Storage

Networks

Software

Controllers & I/O

Overview

What is Virtualization?

• Traditionally the OS and its

applications were tightly coupled to the hardware they were installed on

• Virtualization breaks the link between operating system and physical hardware

• This allows the ability to change hardware without replacing the OS or applications

• Additionally multiple instances of an OS with independent

applications can now run on the same hardware

Hypervisor

Operating System

VMware ESXi VMware ESXi VMware ESXi

Resource Pool

Failed Server Operating Server

Operating Server _{Operating Server}

Reliability: High Availability

Automatic restart of failed virtual machines

VMware ESXi VMware ESXi VMware ESXi

Failed Server OperatingServer OperatingServer

No Reboot Seamless Cutover

OperatingServer

Reliability: VMware Fault Tolerance

Increasing Uptime and Availability

Local Availability

 vSphere High Availability

 vSphere Fault Tolerance

 vMotion and Storage vMotion Data Protection

 vSphere Data Recovery

 Storage APIs for Data Protection

Local Site

_{Failover Site}

Disaster Recovery

 vCenter Site Recovery Manager

 Includes vSphere Replication

vSphere vSphere vSphere vSphere vSphere

Typical Hardware Architecture



In the data center

•

Storage array (iSCSI, FC, NFS)

•

2-5 physical servers

•

Redundant gigabit switches



In the office and on the shop

floor

•

Legacy desktops

•

Ruggedized laptops

•

Solid state thin clients

•

Tablets (iPad / Android)

What is the Industrial Data Center?

• Complete turn key solution

including:

Standard pre-engineered industrial solution to simplify deployment making commissioning and maintenance easier, scalable, and more supportable .

Industry-leading partners collaborating with Rockwell Automation to help your business realize the benefits of virtualization through a pre-engineered, scalable

infrastructure offering.

Stratus Fault-Tolerant Servers

• Fully redundant

hardware

• Managed like a single

server

• Plug-and-play

operational simplicity

• No failover time

• No data loss

• Hot-swappable

components

• 24/7/365 support

Data Protection

• Data / Virtual Machine Backup

– VMware Data Protection

– Symantec NetBackup

– EMC Avamar

• Controller source protection

– FactoryTalk Asset Centre

• Anti-Malware Protection

– McAfee MOVE and ePO

– Symantec Endpoint Protection

High Availability is more than Redundancy – Remember Data

Protection!

FactoryTalk

®

AssetCentre Platform

• Set of asset-centric focused tools to securely and centrally manage your automated production environment

– Centrally archive electronic files/folders

– Provide backup and compare of operating asset configurations – Track users’ actions

– Secure access

– Configure process instruments

– Manage process instruments calibrations

• Scalable design allows expansion of functionality and device counts – Practical application for small-line applications and site-wide

installations

– Low entry cost easily supports testing and proof of concept work

Related Topics

• NI10 Ethernet/IP Best Practices

• NI15 Enterprise Data Collection Options

• NI16 Thin Client Overview

Q&A