You are on page 1of 7

Design Considerations for Redundant

FactoryLink Systems
The purpose of this document is to introduce the most common hardware configurations
used in the design of redundant FactoryLink systems and to describe the possible failures,
advantages, and disadvantages of each. It is an overview only and is not intended to
describe the complete details of configuring FactoryLink for the various configurations.
The configurations discussed are:
Single LAN with LAN-based and Server-based Clients
Single LAN with Dedicated LAN between Servers
G Dual LAN with LAN-based and Server-based Clients
G
G

Please note that you will see several references to Ethernet HUB throughout the
document. Many systems also use Ethernet SWITCHES to accomplish the same
functionality. This discussion applies to SWITCHES as well.

Design Considerations for Redundant FactoryLink Systems

Page 1 of 7

1. Single LAN with LAN-based and Server-based Clients


The architecture shown below is the most common configuration that FactoryLink users
set up. There is a single LAN connecting the two redundant servers, remote clients, and
other devices such as PLCs.

Client Station 1

Client Station 2

Client Station 3

HUB

SCADA Server

Server
B Crt

SCADA Server

Server
A Crt

Design Considerations for Redundant FactoryLink Systems

Page 2 of 7

Possible Failures
SCADA Server
Goes Down

One of the SCADA Servers goes down for some reason. When this
happens, the remaining SCADA Server becomes Master (if it was not
already Master), scans the PLCs, and services the Clients. When the
failed SCADA Server is restored, the restored server becomes the Slave
and the other SCADA Server remains running as Master.

HUB Fails

The HUB is a single point of failure. When the HUB fails, no clients or
servers can communicate. During this failure, each SCADA Server tries
to communicate with the other SCADA Server. Since communication is
not possible, both SCADA Servers become the Master. When the HUB
is restored, the two SCADA Servers determine that both have been
Master. The SCADA Server that has been Master longest will remain
the Master and the other will switch to Slave.

Communication This can happen when the network cable between the Server and the
to one SCADA HUB is broken or when the Ethernet Card in the Server fails. During
this failure the good SCADA Server becomes Master (if it was not
Server is Lost
already Master), scans the PLCs, and services the Clients. The SCADA
Server with the communications failure also continues to run, but cannot
communicate with any of the Clients or the good SCADA Server. This
isolated SCADA Server also becomes Master because it cannot
communicate with the other server. It cannot tell the difference between
this failure and the failure of the HUB above. When the failure is
restored, the two SCADA Servers determine that both have been
Master. The SCADA Server that has been Master longest will remain
the Master and the other will switch to Slave. This is undesirable if the
previously isolated SCADA Server were the one up the longest. If this
is the case, the history that was maintained by the good server may be
lost. To avoid this, the isolated SCADA Server should have
FactoryLink shut down and restarted manually before the
communications failure is repaired.
Client Failure

Client failures are tolerated by switching to another Client. In most


situations, this is not a problem because multiple stations are used.
Even if there are no remote clients, there are two local clients (one on
each server).

Advantages

Network configuration and maintenance are simple.

Disadvantages

The HUB is a single point of failure.


If communication is lost to only one of the SCADA Servers, it may lead to a loss
of historical data.

Design Considerations for Redundant FactoryLink Systems

Page 3 of 7

2. Single LAN with Dedicated LAN between Servers


This configuration is very similar to the previous configuration (Single LAN with LANbased and Server-based Clients), with the difference being the addition of a dedicated
communications path between the two SCADA Servers. The addition is shown in Blue
in the diagram below.

Client Station 1

Client Station 2

Client Station 3

HUB

Crossover Cable
SCADA Server

Server
B Crt

SCADA Server

Server
A Crt

A second Ethernet card is added to each of the two SCADA Servers and connected using a
Crossover cable. A Crossover cable is a cable designed to connect two computers without
using a HUB. The cable simply has its XMT & RCV lines crossed and is similar to a Null
Modem cable. VRN is configured so that there are two paths to get from one SCADA Server
to the other: one through the dedicated Crossover cable and the other through the LAN.

Design Considerations for Redundant FactoryLink Systems

Page 4 of 7

Possible Failures
SCADA Server
Goes Down

One of the SCADA Servers goes down for some reason. When this
happens, the remaining SCADA Server becomes Master (if it was not
already Master), scans the PLCs, and services the Clients. When the
failed SCADA Server is restored, the restored server becomes the
Slave and the other SCADA Server remains running as Master.

HUB Fails

When the HUB fails, none of the remote clients can communicate
with the servers. However, the SCADA Servers can still
communicate via the Crossover cable path. The Primary server stays
Primary and the Secondary server stays Secondary. When the HUB is
restored, the Clients will reconnect.

Communication
to one SCADA
Server via HUB
is Lost

This can happen when the network cable between the Server and the
HUB is broken or when the Ethernet Card in the Server fails. When
this happens, the two SCADA Servers can still communicate via the
Crossover cable path. The Primary server stays Primary and the
Secondary server stays Secondary. This can be a problem if the
Primary is the server that had the failure and communications with the
PLCs is accomplished over Ethernet via the HUB. If this happens, a
method (manual or automatic) must be provided to switch the
communicating server to be the Primary. When the HUB is restored,
the Clients will reconnect.

Crossover
communication
is Lost

This can happen when the Crossover cable between the two servers is
broken or when one of the Ethernet Cards connected to the Crossover
cable fails. When this happens, the two SCADA Servers can still
communicate via the HUB path. The Primary server stays Primary
and the Secondary server stays Secondary.

Client Failure

Client failures are tolerated by switching to another Client. In most


situations, this is not a problem because multiple stations are used.
Even if there are no remote clients, there are two local clients (one on
each server).

Advantages

Network configuration and maintenance are still simple.


Historical data will not be lost.

Disadvantages

A HUB failure renders remote clients unusable.


Communication lost to only one of the SCADA Servers may require manual
failover or custom Math & Logic to switch Primaries.

Design Considerations for Redundant FactoryLink Systems

Page 5 of 7

3. Dual LAN with LAN-based and Server-based Clients


This configuration implements a fully redundant LAN by duplicating the HUB and all
network communication. The addition is shown in Magenta.
VRN is configured so that there are two paths to get from one SCADA Server to the
other: one via each HUB. The Clients are configured so that there are two paths to each
SCADA Server: one via each HUB.

Client Station 1

Client Station 2

Client Station 3

HUB X

HUB Y

SCADA Server

Server
B Crt

SCADA Server

Server
A Crt

Design Considerations for Redundant FactoryLink Systems

Page 6 of 7

Possible Failures
SCADA Server
Goes Down

One of the SCADA Servers goes down for some reason. When this
happens, the remaining SCADA Server becomes Master (if it was not
already Master), scans the PLCs, and services the Clients. When the
failed SCADA Server is restored, the restored server becomes the
Slave and the other SCADA Server remains running as Master.

HUB X or
HUB Y Fails

When either HUB fails, the SCADA Server and Remote Clients
continue to talk via the other HUB. If the PLCs are Ethernet based
and are dual ported (two Ethernet connections), then the system will
continue as if no failure has occurred.

Communication
to one SCADA
Server via
either HUB is
Lost

This can happen when the network cable between the Server and the
HUB is broken or when the Ethernet Card in the Server fails. When
this happens, the SCADA Server and Remote Clients continue to
communicate via the other HUB. If the PLCs are Ethernet based and
are dual ported (two Ethernet connections), then the system will
continue as if no failure has occurred.

Client Failure

Client failures are tolerated by switching to another Client. In most


situations, this is not a problem because multiple stations are used.
Even if there are no remote clients, there are two local clients (one on
each server).

Advantages

Network configuration and maintenance are still fairly simple.


Historical data will not be lost.
A HUB failure will not render clients unusable.
If PLCs are dual ported, a network failure will not require a manual or automatic
failover.

Disadvantages

Its a little more complicated to set up and maintain.

Tecnomatix Technologies Ltd


2435 North Central Expressway
Richardson, TX 75080-2722 USA

http://www.tecnomatix.com/
(972) 680-9700
(877) 873-2821

Design Considerations for Redundant FactoryLink Systems

COPYRIGHT 2004 Tecnomatix


Technologies Ltd.

Page 7 of 7