Industrial plants typically include distributed control systems (DCSs), programmable logic controllers (PLCs), safety systems, and other devices that provide 1:1 redundancy to improve the availability of the system when a primary controller fails. While this solution has been a proven model in the field, the cost of installing a DCS with multiple redundant controllers is large because the operator would have to procure a pair of controllers to make the system redundant. When the primary controller fails and the plant is running on the standby controller, the entire operation of the plant runs on a single controller until the root cause of the problem is known, debugged and a solution deployed. This puts the plant at risk until redundancy is re-established. Online migrations and upgrades on controllers also carry the same risk of the plant running on a single controller until both controllers are upgraded and synchronized.
Current designs of DCSs are restricted by the limitations of a redundant pair of controllers, both from an input/output (I/O) capacity and from memory/CPU utilization. The current system designs are not flexible and are hardwired to the field I/Os. Associating devices from one controller to another controller would require re-wiring of the field connections. Resources (e.g., CPU and RAM) are also bound to one set of physical controllers. The user has no option to make use of resources in other controllers even if they are not running at full capacity; instead, the user must bear additional costs of procuring new controllers.
Peer to peer communication in terms of parameters per second for sharing data across multiple controllers is also limited. Load balancing and scheduling options are limited in a 1:1 redundancy model and rely a great deal on manual efforts to compute the optimal load and scheduling for a controller. At some points, a user would need to add additional pairs of controllers to existing systems to avoid breaches of defined scan time and performance degradation.