Embed Size (px)
Citation preview
High Availability
PR03
Related Topics
• NI10 Ethernet/IP Best Practices
• NI15 Enterprise Data Collection Options
• NI16 Thin Client Overview
• Solution Area 4 (Process)
Agenda
Servers & Storage
Networks
Software
Controllers & I/O
Overview
What is High Availability?
• Avoid or minimize application disruption due maintenance
• Avoid or minimize application disruption due to hardware or
software failure
Availability is measured as a % of
time, often expressed as # of 9’s
High availability is a system implementation that ensures a certain degree of operational continuity during a given time period.
Availability % Possible Downtime
per Year
99% 3.65 days
99.9% 8.76 hours
99.99% 52.6 minutes
99.999% 5.26 minutes
99.9999% 30 seconds
High Availability is more than redundancy
Why Design for High Availability?
To protect production and product quality
To protect plant personnel
To protect critical equipment and assets
To protect the environment
Where is High Availability Applied?
Replicated OWS
Redundant L2 Switch
Redundant Server
Redundant L3 Switch
(Router)
Redundant L2 Switch
Redundant L2 Stratix
Redundant Controller
Limited Fault Tolerant IO
Dual ControlNet Media
• High Availability
Design Consideration
– Process requirements
– Failure modes and
impact
– Cost
Design for High Availability applies at every level of the system, from operator stations to I/O and from power to servers
OWS
Sw P
PASS
Sw P
1756 I/O
OWS
Sw S
PASS
Sw S
1715 I/O
Sw S Sw P
Sw P Sw S
PS
PS
PS
PS CLX P CLX S
PS
PS
PS
PS
Agenda
Servers & Storage
Networks
Software
Controllers & I/O
Overview
High Availability for I/O
• 1715 Redundant I/O
– Features:
• Fault-tolerant I/O
• Ability to operate on Device Level Ring
– Benefit: Integrates all levels of a
system on a common fault-tolerant
network
– Advantages:
• Automatic switch over in the event of any
fault in a module pair
• Requires no additional hardware to
implement and no programming required
1715 Redundant I/O Features
Redundant Power Supply
Two Slot Adapter Backplane
DLR Ports
Redundant Ethernet Adapters
Redundant Input Modules
Redundant Output Modules
Redundant Termination Assemblies
• 24VDC Discrete Input Module • 24VDC Discrete Output Module • 4 to 20 ma Analog Input Module • 4 to 20 ma Analog Output Module • Redundant 24VDC Power supply connections
Three Slot I/O Backplanes
ControlLogix® Redundancy
Up To: 2 Controllers
7 Communications Modules
Dual chassis design
Full redundancy
Both chassis match
Transparent
Primary/Secondary chassis
IP address swap
ControlNet node swap
Easy to use
No special code
Automatic crossload
Treat as one chassis
Uses Standard 1756 hardware
ControlLogix Redundancy Overview
• Operation Basics – Application from primary is
automatically loaded into the secondary processor
– Data changes are sent to secondary at the end of each program.
– The secondary controller is synchronized with the primary via “Sync Points” at each crossload point.
– System is “Floating Master” type. Each chassis is capable of being primary
Secondary Chassis
Primary Chassis
1756-RM2
Enable ControlLogix Redundancy
• Controller Properties
• New Controller Dialog
ControlLogix Redundancy
Considerations
• The following modules are unsupported in a redundant chassis – I/O
– DH/RIO
– DNB
– Most third party modules
• Motion Control – Sercos or CIP Motion
• Inhibit a task
• Event task
• Unicast Data Consumer – Redundancy system can be producer to another controller as Unicast.
• Firmware supervisor
Limitations of ControlLogix redundancy:
Agenda
Servers & Storage
Networks
Software
Controllers & I/O
Overview
Software High Availability
• FactoryTalk View SE
• RSLinxTM Enterprise
• FactoryTalk Alarms & Events
• FactoryTalk Historian SE
Key portions of the FactoryTalk® Suite and Platform support redundancy that can be part of an High Availability solution
FactoryTalk Services
• Common software license management for all FactoryTalk products
Activation
• Common address lookup of resources that are shared among FactoryTalk enabled products
Directory
• Common security authority for all FactoryTalk components in the system
Security
• Common diagnostic messaging sub-system across all FactoryTalk products
Diagnostics
• Comprehensive record of any changes made to the manufacturing system
Audit
• Enterprise-wide access to real-time manufacturing data
Live Data
• Enterprise-wide notification to real-time alarms and events that require action
Alarms and Events
FactoryTalk View SE – Server Redundancy
Ensures visibility in the event of a system hardware or network failure
FactoryTalk services provide health detection and automatically switch View SE clients over to the secondary server in the event of failed primary server
The View SE client will transition to the secondary with no loss of operation or system visibility
Secondary
Server
Primary
Server
FactoryTalk View SE -
Configuration
FactoryTalk Historian – Redundant
LiveData Interface
Recommendation is to have the Interface node on the same computer as RSLinx Enterprise
FactoryTalk Historian – Configuration
Agenda
Servers & Storage
Networks
Software
Controllers & I/O
Overview
Networking High Availability
Overview
Gbps Link for Failover Detection
Firewall (Active)
Firewall (Standby)
Layer 3 Router
Layer 3 Switch Stack
Drive
Controller
Controller
Drive HMI
Controller
Drive
HMI
Distributed I/O Distributed I/O
Level 0–2
HMI
Cell/Area #1 (Redundant Star Topology)
Cell/Area #2 (Ring Topology)
Cell/Area #3 (Bus/Star Topology)
Cell/Area Zone
Demilitarized Zone (DMZ)
Demilitarized Zone (DMZ)
Enterprise Zone Levels 4 and 5
Windows 2003 Servers • Remote desktop connection
• VPN
FactoryTalk Application Servers • View
• Historian • AssetCentre
• Transaction Manager
FactoryTalk Services Platform • Directory • Security
Data Servers
Rockwell Automation Stratix 8000
Layer 2 Access Switch
Cisco ASA 5500
Cisco Catalyst Switch
Manufacturing Zone Site Manufacturing
Operations and Control Level 3
Network Services • DNS, DHCP, syslog server
• Network and security management
Networking High Availability –
Spanning Tree
Distribution Switches
F B
F - Forwarding
F
Catalyst 3750 Switch Stack
Stratix 8000 Access
Switches
B
B - Blocking
X X
• STP IEEE 802.1D – Designed to detect and prevent network loops
• One link forwards traffic in both directions, secondary link does not
• Pros – Helps ensure user error does not
create loops causing broadcast storms
• Cons – Slow convergence time
– Trunk bandwidth lost to redundancy
Networking HA - Etherchannel
Distribution Switches
F F
F - Forwarding
F
Catalyst 3750 Switch Stack
Stratix 8000 Access
Switches
F
B - Blocking
• LACP IEEE 802.3AD
• Designed to increase bandwidth on trunk connections by aggregating identical links together
• Both links forward traffic simultaniously
• Pros – Increase trunk bandwidth
– Faster convergence than STP
• Cons – Etherchannel must be configured on
both ends of the connection
– Not supported by all industrial switches
Networking HA – FlexLinks
Distribution Switches
F F
F - Forwarding
F
Catalyst 3750 Switch Stack
Stratix 8000 Access
Switches
F
B - Blocking
B B
• Dedicated link redundancy
• Configured at the access layer switch. Access switch listens for packets on both links but only replies on the primary
• Pros – Fast convergence time
– Simple configuration on one end only
• Cons – Cisco proprietary feature
– Trunk bandwidth lost to redundancy
– Bottom up instead of top down configuration
Networking High Availability – REP
Catalyst 3750 Switch Stack
• Resilient Ethernet Protocol - Cisco proprietary protocol for ring topologies
• Allows ring topology with faster convergence time than spanning-tree
• Pros – Fast convergence time
– Simpler cable routing between switches
• Cons – Cisco proprietary feature
– Limited number of switches supporting protocol
Read ENET-TD005A-EN-P “Deploying the Resilient Ethernet Protocol (REP) in a Converged Plant wide Ethernet System (CPwE) Design Guide
Agenda
Servers & Storage
Networks
Software
Controllers & I/O
Overview
What is Virtualization?
• Traditionally the OS and its
applications were tightly coupled to
the hardware they were installed
on
• Virtualization breaks the link
between operating system and
physical hardware
• This allows the ability to change
hardware without replacing the OS
or applications
• Additionally multiple instances of
an OS with independent
applications can now run on the
same hardware
Hypervisor Operating System
Application
VMware ESXi VMware ESXi VMware ESXi
Resource Pool
Failed Server Operating Server Operating Server Operating Server
Reliability: High Availability
Automatic restart of failed virtual machines
VMware ESXi VMware ESXi VMware ESXi
Failed Server OperatingServer OperatingServer
No Reboot Seamless Cutover
OperatingServer
Reliability: VMware Fault Tolerance
Simultaneous execution across two physical servers
Increasing Uptime and Availability
Local Availability
vSphere High Availability
vSphere Fault Tolerance
vMotion and Storage vMotion
Data Protection
vSphere Data Recovery
Storage APIs for Data Protection
Local Site Failover Site
Disaster Recovery
vCenter Site Recovery Manager
Includes vSphere Replication
vSphere vSphere vSphere vSphere vSphere
Typical Hardware Architecture
In the data center
• Storage array (iSCSI, FC, NFS)
• 2-5 physical servers
• Redundant gigabit switches
In the office and on the shop floor
• Legacy desktops
• Ruggedized laptops
• Solid state thin clients
• Tablets (iPad / Android)
What is the Industrial Data Center?
• Complete turn key solution
including: • Hardware
• Software
• Factory assembly
• On-site configuration
• Documentation
• TechConnectSM support
Standard pre-engineered industrial solution to simplify deployment making
commissioning and maintenance easier, scalable, and more supportable .
Industry-leading partners collaborating with Rockwell Automation to help your business realize the benefits of virtualization through a pre-engineered, scalable
infrastructure offering.
Model Shown: E3000
Stratus Fault-Tolerant Servers
• Fully redundant hardware
• Managed like a single server
• Plug-and-play operational simplicity
• No failover time
• No data loss
• Hot-swappable components
• 24/7/365 support
Data Protection
• Data / Virtual Machine Backup
– VMware Data Protection
– Symantec NetBackup
– EMC Avamar
• Controller source protection
– FactoryTalk Asset Centre
• Anti-Malware Protection
– McAfee MOVE and ePO
– Symantec Endpoint Protection
High Availability is more than Redundancy – Remember Data Protection!
FactoryTalk® AssetCentre Platform
• Set of asset-centric focused tools to securely and centrally manage your
automated production environment
– Centrally archive electronic files/folders
– Provide backup and compare of operating asset configurations
– Track users’ actions
– Secure access
– Configure process instruments
– Manage process instruments calibrations
• Scalable design allows expansion of functionality and device counts
– Practical application for small-line applications and site-wide
installations
– Low entry cost easily supports testing and proof of concept work
FactoryTalk AssetCentre is a tool to manage automation assets
High Availability Live Demo
Related Topics
• NI10 Ethernet/IP Best Practices
• NI15 Enterprise Data Collection Options
• NI16 Thin Client Overview
• Solution Area 4 (Process)
Q&A
PR03 High Availability
