This invention relates to a method for implementing redundancy, and more particularly, to a method for implementing 1:1 I/O redundancy of a slave processor.
Process Control Systems with backup process controllers such as described and claimed in U.S. Pat. No. 4,133,027, issued to J. A. Hogan on Jan. 2, 1979, and U.S Pat. No. 4,141,066, issued to Y. Keiles on Feb. 20, 1979, include a backup controller having a dedicated Random Access Memory (RAM) and a dedicated Read-Only Memory (ROM). The back-up controller is essentially idle or can be doing some background tasks, but not tasks relating directly to the process control function. Upon detection of a failure of one of the primary process controllers, the data stored in the RAM of the failed controller must be transferred to the RAM of the backup controller to perform the operations of the primary controller. These systems describe a 1:N redundancy system.
Existing systems, such as that described in U.S. patent application, Ser. No. 07/299,859, filed on Jan. 23, 1989, and assigned to Honeywell Inc., the assignee of the present application, now U.S. Pat. No. 4,958,270, provide for a 1:1 redundancy system, whereby the data base of a secondary device (i.e., secondary or backup controller) is updated periodically such that the updating process is transparent to the primary functions and does not tie-up (or penalize) CPU or processor performance and utilizes a minimum amount of time. When a failover condition occurs, there is a period of time when no communications can take place (i.e., an outage) between the primary controller and the remainder of the system. Further, the primary and secondary controllers are in a predefined location, and the software utilized for implementing this redundancy feature (i.e., redundancy software) is not transparent to other layers of software above the redundancy software. For example, if a Universal Station of a plant control network were to interrogate a controller (i.e., a primary controller since the secondary controller cannot be interrogated), of a process controller of a process control system, for a value, during failover the controller is unable to respond and the universal station outputs question marks on the display to the operator.
The present invention provides a method of 1:1 redundancy for any type of slave processor in a master-slave relationship consisting of a master node and a group of user definable slave processors for a set of slave-type processors, in which the redundancy software is transparent to all other software layers above the redundancy software, and in which the failover is essentially simultaneously, there is no period of time in which an outage occurs.