Factory automation systems are increasingly being integrated with communication networks. Control systems are being implemented on networks for remote monitoring and control of devices, processes, etc. System failures involving the primary mode controller that can shut down the control system are avoided by having a back-up controller readily available in hot/active standby mode to replace the failing primary mode controller.
Controllers such as programmable logic controllers (PLC) have been implemented in duplex or back-up system configurations where downtime of a system cannot be tolerated. Such a control system delivers high reliability through redundancy. Generally, the duplex configuration incorporates a pair of PLC's assembled in a hot or active standby configuration, where one PLC is operating in a primary mode and the other PLC is functioning in a secondary or standby/backup mode. The primary controller runs an application by scanning a user program to control and monitor a remote input/output (I/O) network. The other (secondary) controller acts as the active standby controller. The standby controller does not run the application and does not operate the remote I/O devices. The standby controller is updated by the primary controller with each scan. The standby controller is then ready to assume control of the control system within one scan if the primary controller fails to operate or is removed from operation.
The primary and secondary controllers are interchangeable and can be swapped or switched when desired. Either controller can be placed in the primary state. The active standby configuration requires the non-primary controller to be placed in the standby mode to secure the system's redundancy. The controllers continuously communicate with each other to ensure the operability of the control system. The communication among the controllers is used to determine if a swap of the controllers should be initiated due to a system failure or by election of an operator.
With a redundant system, one programmable logic control should operate in the primary state while the other programmable logic controller should operate in the standby state when the system experiences different operating scenarios. If operating scenarios exist where the programmable logic controllers do assume non-complementary states (e.g., both PLC's attempt to be primary) the redundant system may not function in a desirable fashion.