The Evolution of Redundancy

Nov. 3, 2008
Users Demand More Flexibility by Pushing for Open Standards. Don't Use Less Costly, Commercially Available Ethernet Components to Maximize System Availability
By Bob Wagner

As control systems grew in scope and became more distributed, the number of components in the system grew as well. Every component, to some extent, affects overall reliability of the system. To minimize the downtime due to system failures most major suppliers have developed products and systems to provide redundancy in an attempt to maximize system availability. These products range from redundant power supplies and cabling schemes to redundant processor and I/O systems with automatic failover, should an error occur.

External factors such as power source failures, electrical noise and potential physical damage to equipment also need to be considered. The installed system is typically a trade-off between cost and potential risk. Numerous potential points of failure will still exist, so system design must be carefully thought out to minimize their impact.

Network connection of controllers and I/O has resulted in significant installation savings in both material and labor. As these networks evolved, users demanded more flexibility by pushing for open standards. The proprietary networks gave way to more-open networks such as DeviceNet, ControlNet, Profibus, Modbus and Foundation fieldbus, to name a few. These networks provided the potential to integrate products from multiple vendors. Along with increased flexibility came the ability to access a wealth of configuration and diagnostic information directly from individual field devices. The status data help to pinpoint specific problems, potentially decreasing downtime. Automatic device replacement, available on some networks, enables the automatic download of specific configuration information to a replacement device, decreasing the time to replace a failed or failing device, as well as limiting the level of expertise required to perform the replacement. Diagnostic data also can be used to trigger preventive maintenance to help ward off potential failures.

Most of the networks noted require properly connected termination resistors at the end points to avoid excessive reflected signals that can interfere with normal signal transmission and result in intermittent or complete network failure. Connectors with individual resistors and wire connections are the most problematic. Molded type connectors are typically most reliable. Several vendors have an extensive selection of connector sets designed for reliably implementing the various networks in specific plant environments.

Profibus requires an active termination at the end nodes. Not only do the proper resistors need to be in place, but power must be maintained to those end devices, as well. If an end node loses power or is shut down for repair or replacement, resulting network errors can shut down the entire network. For critical applications, Siemens offers an active termination device that is separate from the normal network nodes to provide more flexibility in maintaining the system and limit potential failures. Of course, this device itself is a potential single point of failure.

ControlNet is the only network I’m aware of that provides for redundant cable connections integral to the network adapters. If redundant media is implemented, these adapters can detect a failure and automatically switch to the backup media path.

The implementation of Ethernet in a plant environment is a bit unique from the previously discussed networks, in that it comes in several different flavors, many of which can coexist on the same wire. A properly implemented Ethernet-hardware base potentially can support several different Ethernet protocols, each of which requires hardware that incorporates specific attributes or functionalities in order to operate optimally.

Ethernet also requires active intermediate devices to complete the network connections. These devices, such as switches and routers, are integral active components in the network and require additional planning to minimize the effect of single potential failures. Some newer Ethernet components include an integral switch with two or more ports. This allows for Ethernet installations to be set up in a daisy-chain fashion, which is often less complex and more cost-effective. Should one of these integral switches fail, you probably will lose that component and all components downstream.

To maximize system availability, don’t use less costly, commercially available Ethernet components. Any cost savings will disappear quickly the first time a less-hardened component fails. 

Robert D. Wagner, P.E., is a controls consultant and system integrator in the Cleveland, Ohio area, with more than 30 years of industrial experience.