For critical applications, with a 24/7 workload and operating at very high speeds, a failure that involves the plant stopping can result in considerable losses for the company. As we saw in the article on the importance of redundancy in industrial automation systems, several market segments use redundant architectures to prevent the operating plant from ceasing to function if a piece of equipment becomes unavailable.
With high technology on board, adhering to the most advanced applications in the industry, the programmable controllers from the Nexto Series and units Hadron Xtorm remote terminals feature hardware and software redundancy at different levels. In this article, we will talk about the redundancy features available in two of Altus' most advanced product series, their applications and main features.
CPU redundancy in the Nexto and Hadron Xtorm series
The Nexto family of programmable controllers includes a high-performance model that supports hot standby redundancy, ensuring the highest levels of system availability. You can configure a redundant setup with two NX3030 CPUs—one primary (active) CPU running the system, and a standby CPU constantly monitoring its performance.
If the primary CPU encounters an issue, the standby unit automatically takes over, keeping the process running without operator intervention and without disrupting plant operations. This seamless switch-over ensures minimal downtime.
To use the resource in the Nexto Series, the architecture must have two complete identical racks (half-cluster), each with an NX3030 CPU, a model with redundancy support, and an NX4010 module, a redundancy link. With two onboard Ethernet communication interfaces, the NX4010 modules are responsible for creating the connection between the two racks (active and stand-by), keeping the secondary CPU updated and triggering the switch-over procedure.
To see more details about CPU redundancy in Altus PLCs, download the Nexto Series User Manual.
The Hadron Xtorm Series has a different redundancy configuration than the Nexto Series, being applied in the same rack. To do this, it is enough that the power supplies and HX3040 CPUs are connected side by side, as the redundant data is connected via the bus. In this model, synchronization occurs through a hardware and software interface dedicated to this function within the CPUs.
Switch-over activation
There are some common types of failure in automation systems that can cause switch-over between CPUs, the main ones being:
- - Hardware failure.
- - Power supply failure.
- Removing the controller from the rack;
- - Communication failure.
The redundancy status can be viewed in the programming software and through the CPUs' LCD display, with the exchange procedure triggered through some commands, such as those listed below:
- Received from programming software or a SCADA system;
- Generated by the user application due to other diagnoses, such as Ethernet communication failure;
- Diagnostic button present on CPUs (Hadron Xtorm Series);
- PX redundancy control panel (Nexto Series), which has the ability to completely turn off a half-cluster if necessary.
Function definition and sync channel redundancy
The CPUs themselves define the primary and stand-by functions autonomously during startup, with no user action required. Both units are loaded with the same programs and process data, with online updating of spare CPU operands through synchronization channels. These channels have the function of synchronizing redundant variables, diagnostics, redundant user memory area, event queue, project and command synchronization.
Download the Series User Manual here Hadron Xtorm and see more details about the feature.
Network redundancy in Nexto PLCs
In addition to CPUs, Nexto product technology also allows the configuration of field network redundancy (PROFIBUS and MODBUS), which further increases the level of availability in distributed system architectures. This type of resource allows normal operation of the application even during a failure in one of the redundant networks, offering greater availability, an essential feature in critical applications.
In the case of PROFIBUS networks, to use a redundant architecture it is necessary that the bus of each half-cluster has a pair of NX5001 modules, PROFIBUS master from the Nexto Series. The master modules are then connected, in an equally redundant way, with the pair of field remotes responsible for communicating with the distributed I/O modules - remotes, which can be the NX5210 model, our PROFIBUS field network head. -Redundant DP.
In network redundancy, each slave device has two network connections connected to two NX5001 modules. Each pair of redundant heads controls a bus of Nexto Series I/O modules, alternately, one in the network (active) and the other in reserve, which can take control of the bus if there is a defect in the network or in the active head hardware. This change of control is automatic and transparent to the user, keeping the system in operation in the event of a failure in one of the networks.
Redundancy in architectures with MODBUS network is achieved through the NX3030 and NX3020 CPUs, Nexto Series models with two Ethernet interface ports. In the article Redundant Nexto CPU Configuration with MODBUS Remotes, available at Knowledge Base, we show you how to build this type of architecture.
Ethernet Redundancy with NIC Teaming
Network Interface Card Teaming, or NIC Teaming, is a strategy that allows two Ethernet interfaces of a CPU to be used to form a redundant pair and share the same data and the same IP address. This way, redundant Ethernet networks can be built more easily, without clients connected to a NIC Teaming pair having to implement complex scripts to switch IP addresses.
The resource can be used, for example, in communicating with a supervision network. In this case, the two Ethernet interfaces that form the NIC Teaming pair connect to two different switches that, at some point, would be interconnected. This type of architecture enables a high rate of availability for the system, and is strongly recommended to prevent failures in Ethernet ports, cables and switches.
Advanced diagnostics
As already mentioned, automatic switching between CPUs in redundant architectures is a feature that exceptionally increases application availability and security. However, this silent transition can mask some failures (called “hidden failures” – when there is a failure and operation and maintenance is unaware of it) which, in turn, result in serious problems for the operation in the future.
To prevent the occurrence of these hidden faults, Nexto and Hadron Xtorm series products have an extensive list of diagnostics, such as:
- One Touch Diag
- Diagnostics via LED
- Diagnostics via WEB
- Diagnostics via Variables
- Diagnostics via Functional Blocks
These resources are capable of identifying and alerting the process operator about the occurrence of failures in the application at the time of switch-over between the active and reserve modules, even though the process has not suffered any discontinuity or unwanted stoppage.
For more information about Nexto PLC diagnostics, do download the user manual for the family's CPUs.
Possibility of hot exchange
In advanced PLC families, I/O modules support hot swapping. The functionality, also known as hot-swapping, allows the replacement or removal of components present in a PLC without the need to turn it off. In other words, these components can be handled while the controller continues to operate.
Talk to our experts
Are you interested in the topic and believe that this type of resource can add value to your business? Our experts can help you set up a redundant architecture to increase the availability, robustness and security of your application.
Contact our Commercial team via email vendas@altus.com.br or telephone numbers (11) 2039-1950 and (51) 3589-9514.
