You've heard them speak. You might even be one of them yourself. The redundant "is" talker can turn a simple sentence into a complicated web of syntax.
"The problem is, is that we need to clarify our objectives."
"What you need to know is, is that there are more potential pitfalls lying in wait."
While the redundant "is" talker's duplication is unnecessary, redundancy in machine systems and networks can be critical. The trick is knowing when redundancy is necessary and beneficial and when it needlessly complicates the design and function and increases the cost. Redundant safety and power systems are often a given. In fact, Tobin Robertson, portfolio manager, advanced connectivity, Weidmüller (www.weidmuller.com), indicates one of the first questions to ask is whether there are any safety issues with a possible shutdown or loss of power. But what about control and I/O?
Dan Cox, director of engineering at AOC Resins (www.aoc-resins.com), a supplier of resins, gel coats and colorants headquartered in Collierville, Tenn., believes redundancy of electronics in plants is extremely overdone. "In my experience, the failure rate for redundant systems is greater than the failure for simplex systems," he explains. "The only benefit usually gained from a redundant controller setup is the ability for online upgrades, but this is typically outweighed by cost and complexity. In 20 years, the only controller failures that have occurred in facilities I have worked in were on redundant systems. In fact, redundant systems have caused me more heartburn than simplex systems have."
Even with redundancy, traditional design measures should be taken to minimize impacts, agrees Choy-Hsien Lin, development engineer, process control, Stora Enso Publication Paper, Hylte Mill, (www.storaenso.com) in Hyltebruk, Sweden. "If a failure doesn't impact the bottlenecks of the process, redundancy should be avoided in order to reduce the complexity and remove the additional point of failure that redundancy would introduce," he says.
When the organization can live with an interruption in the system for the time it takes to fix it, redundancy is optional, explains Lee House, CTO and VP of engineering, GarrettCom (www.garrettcom.com). "The availability of replacement equipment can be a factor in determining the need for redundancy," he says. "However, redundancy is often more cost-effective than dealing with the headache and cost of downtime."
Redundancy can involve a variety of technologies including rapid-recovery options for a switch utilizing a ring topology or mesh network, where there are two or more ports in each switch connected to different points in the network allowing data to continue to flow without interruption in the event that a switch in the network goes down; and dual-homing at the edge of a network, which allows that device to be connected to two separate points in the network so that there is no interruption if one of the network connections is interrupted, says House.
Some systems that operate intermittently and have inherent standby time for repair and maintenance may require minimal or no redundant systems, says Thomas Ferrara, VP director of engineering, Atlantic Industrial Technologies (www.aitzone.com), a designer and manufacturer of hydraulic and pneumatic systems in Shirley, N.Y. "The ripple effect of this type of subsystem is containable, and therefore the expense of implementing redundant systems is debatable," he says. "There exists a middle ground. A system without redundancy can utilize inexpensive redundant relays, which provide a poor man's redundancy. These redundant relays would use a majority voting scheme to circumvent relay or signal failure. These systems can also implement a quick repair cycle procedure to substitute for a true redundant system. Maintaining equipment such as performing hydraulic filter element changes, tracking amp-draw readings and maintaining a spare-parts inventory provide a good solution. The secret to a quick repair is having the spare parts pre-calibrated for the application. For example, spare PLCs and variable speed drives should be pre-loaded with the latest code to avoid a panicked telephone call to a since-retired programmer. The hydraulic pumps and valves should also be pre-adjusted for the application. And finally, there should be a procedure with easy-to-follow steps for component change-out."
The majority voting scheme lends itself to redundancy’s definition, explains Otto Fest, president of Otek (www.otekcorp.com). “Based on my understanding and experience, redundancy suggests the use of at least three identical systems monitoring or controlling a process, making a decision if and when one of the three did not agree with the other two and automatically disabling the differing unit,” he says. “Some individuals equate redundancy with a backup consisting of two identical instruments where, if one fails, the operator would have to take action and replace it, without disturbing the process. In other words, there’s no automatic process.”
The need for redundancy comes down to the application, explains Tyler Croft, product marketing manager, GE Intelligent Platforms (www.ge-ip.com). "There are applications that cannot shut down, in which case redundant controllers are essential so that routine maintenance can be done on one controller while the other is controlling the process. If you can't lose the controller and the program, then you need to have redundant CPUs. If they want to ensure that they do not lose I/O, then they should have redundant I/O."
But Helge Hornis, Ph.D, manager, intelligent systems, Pepperl+Fuchs (www.pepperl-fuchs.com) adds some words of caution when dealing with redundant inputs. "It's common to use sensors with inverted outputs," he says. "As far as the logic is concerned, one only works with one output. The second output allows the PLC to check that the sensor is still OK." His white paper on redundancy (www.ControlDesign.com/redundancy) explains I/O considerations in much greater detail.
"Fractions of a second of downtime don't matter," explains Croft. Still, high-availability systems are gaining attention from companies in industries that have not traditionally used such systems, he says. "They have begun evaluating the financial and operational benefits of these systems' redundant controller technology as part of their control strategies. This emerging trend is most likely as a result of a weaker economic climate, fewer available resources the rising costs of system interruptions."
Jim Toepper, product manager, industrial Ethernet infrastructure, Moxa (www.moxa.com), reminds that redundancy doesn't always have to be on the machine either. And in some cases, he notes, it's possible the Ethernet connection to the machine may not have a redundant path all the way back to the HMI or other reporting system. "In this case, it's important to consider Ethernet topology and the use of redundancy protocols such as RSTP and redundant ring," he explains. Just as "redundancy" pertains to physical backups, "resiliency" deals with communication protocols. "A redundant device may kick in on a failure, but if you do not have resiliency built in, as well, there could be data loss or, worse, the inability to establish the redundant connection," says Toepper.
Rich Gamboa, infrastructure/critical applications account manager, Omron Electronics (www.omron247.com) bases the need or requirement for redundancy on a set of system criteria that includes four guidelines. "The system is running for 24 hours and downtime is not acceptable; but if a system fault occurs, downtime must be minimal. If or when it occurs, a shutdown of the primary system should switch over seamlessly to the secondary system. The information shared between the PLCs and the PCs must remain constant and reliable. And single points of failure within the control system must be minimized, and no node on the network should stop the overall operation of the control system."
With concerns for improving overall product reliability, PAC and PLC systems used for machine control are often required to feature redundancy, says Surge Yu at Opto 22 (www.opto22.com). He cites companies such as Con-Weigh and Boeing as requiring redundancy in their machine's control systems and notes that often the value of what's being produced might be the impetus for redundancy. "In the manufacturing and processing of semiconductors, thin film LCD, pharmaceuticals, semiconductors and other high-value products, redundancy is frequently mandated," he says.
