Redundant design fault-tolerant automation system

• Under fault-tolerant technology for applications requiring reliability: restart or shutdownAreas of production that could cause significant losses; factories requiring minimal management and maintenance

• Redundant features

Enhanced I/O availability: Switchable I/O configuration

• Can also be applied with conventional I/O: Single-sided configuration

• Hot Standby: Automatically switches to the backup unit during a fault event

• 2 separate racks or 1 separated rack configuration

• Connectable to redundant PROFIBUS-DP or PROFINET switchable I/O

Applied

In many automated fields, there is a demand for automated systems that are fault-tolerant and reliable.The applications are increasingly widespread. Particularly in certain fields, downtime would result in massiveEconomic loss. In this case, only redundant systems can ensure reliability.Sexual requirements.

The reliable SIMATIC S7-400H meets these requirements fully. It is capable of connectingContinue operation, even if some components of the controller fail due to one or more faultsAlso unaffected. Due to the high availability of the SIMATIC S7-400H, itEspecially suitable for the following application fields:

The cost to restart after a controller failure is extremely expensive (usually in the process control realm).Manufacturing Industry

• In the event of a shutdown, it will result in significant economic losses.

• Valuable materials (such as industrial) are included in the process control.

Unattended application scenarios

• Applications requiring reduced maintenance personnel

SIMATIC S7-400H includes the following components:

• 2 controllers (rack):

2 separate controllers (UR1/UR2), or 1 split into 2 zonesController (UR2-H).

Each controller features 2 synchronized modules, connected via fiber optics.

• Each controller features a CPU412-5H, CPU414-5H, CPU416-

5H、CPU417-5H

• The S7-400 I/O module is on the controller rack.

• UR1/UR2/ER1/ER2 Expansion Units with or without I/O Template Groups for ET 200MBlank I/O

Functions are always redundant configurations.

I/O templates can be either conventional or switchable configurations.

In the single-sided configuration, the I/O template is a single-channel design, accessible by two controls only.One configuration address within the device. The single-sided configuration I/O template can perform:

• Insert into a controller and/or

• Insert into an expansion rack or a distributed I/O station

In the single-side configuration, the read information is simultaneously provided to 2 controllers, enabling accessInquiry: The I/O operations are running correctly. In the event of a failure, it belongs to the fault controller's I/O.Template exited running. Unilateral configuration applies to

• Applications where reliability does not need to be enhanced

• Connect to a redundant I/O station based on user programs. For this purpose, the system

Symmetrical configuration

Design

In the switchable configuration, the I/O template is a single-channel design, but it features two controllers.All I/O templates can be accessed via a redundant bus network. Switchable I/O templates can only be inserted

• ET 200M Remote I/O Station.

Connect to the controller via PROFIBUS-DP or PROFINET.

Switchable Configuration 1

Toggle Configuration 2

Single-sided configuration (standard availability)FM and CP redundancyGongFM and CP redundancy

Functional Templates (FM) and Communication Templates come in two redundancy configurations:

• Switchable redundant settings:

FM/CP can be plugged into the separate ET 200M or inserted in pairs into the switchableOne of the ET200M.

• Dual-channel redundant configuration: FM/CP can be plugged into two sub-units or with these sub-unitsExpansion devices in the yuan interface (refer to unilateral configuration)There are various methods to achieve redundancy in templates.

• User Programmable: Utilizing function modules and SIMATIC CP, programming can be performed by the user.

Redundant features.

Select the active template and check for any faults to initiate the conversion mechanism. Required proceduresConsistent with the structure of a non-redundant CPU with redundant FM/CP.

• Directly supported operating systems: SIMATIC NET-CP (CP-443-1, CP 443-1)On TCP, CP 443-5 Basic and CP 443-5 Extended models, the operating system is directlySupports redundant structure; detailed information can be found in the communication manual.

CPU412-5H, CPU414-5H, CPU416-5H, CPU417-5H with Self-Operating SystemExecute all additional functions required for the S7-400H.

Data Communication

• Fault Response (Switch to Backup Controller)

• Synchronization feature for 2 sub-units

Self-inspection

"S7-400H with 'Hot Standby' mode operates based on the principle of active redundancy (in the event of a fault...)"In the event of a fault, it automatically switches without disturbance. Based on this principle, when there is no fault, the two sub-units...Yuan is in operation. In the event of a failure, the normally functioning subunits can operate independently.Control throughout the entire process.

To ensure undisturbed switching, achieve rapid and reliable communication between controller links.Data exchange based on trust.

For this controller to automatically receive

• Same user program

• Identical data blocks

• Process Image Content

• Identical internal data, such as timers, counters, bit storage, etc.

This ensures that both sub-controllers are to be updated with content at all times, and at any time justOne is faulty, and the other can handle all control tasks, thus the CPU switching time is

Zero, I/O station large switch time 100ms.

To switch without disturbance, the two units remain synchronized.

S7-400H operates on "event-driven synchronization."

That means synchronization occurs when the two subunits have different internal states.

For instance, in the following situations:

Direct I/O Access

• Interruption, Alarm

• Refresh User Time

• Modify data via communication functions

The synchronization function is executed automatically by the operating system, so there is no need to consider it during programming.

S7-400H executes an extended self-check. Includes the following:

• Interlink between controllers

• CPU Template

Processor/ASIC

• Memory

Every detected fault is reported.

Post-operation self-check, upon restart, each sub-unit fully executes all testsTest the functionality.

Self-check during cyclic operation:

All self-tests are allocated to several cycles for execution. Each cycle only performs self-inspections withinA portion of the load is distributed to alleviate the controller's burden.

SIMATIC's communication availability offers users a new type of communicationType, featuring the following characteristics:

Enhanced usability:

In the event of a failure, communication can continue through up to 4 redundant connections.The switching process is invisible to the user.

User-friendly features

From the user's perspective, usability is unseen, but can be achieved with standard communication features.User program requires no modification. Redundant features are only established during the parameterization phase.Currently, S7-400H (both redundant and non-redundant configurations) and PC support fault-tolerant communication. PCRedundancy requires a connection program package.

Configuration

Due to varying requirements for fault tolerance, the configurations are diverse:

• Non-redundant or redundant bus

• Bus or ring structure

The programming for S7-400H is identical to that of S7-400, and it can utilize all SIMATIC S7 features.Programming Languages.

Programming S7-400H requires the use of STEP7 V5.5 SP2 HF1 version.

The basic steps for configuring the S7-400H are the same as those for the S7-400.

For instance

• Establish projects and stations

Hardware and network configuration

Load system data into the target system