The present invention relates generally to power supply systems, and more particularly, to a system and method for multiple hosts to redundantly control one or more power systems.
Power supply systems employing remote host control are utilized in a variety of settings. The concept of remote power control (and often reboot) is indicated where convenience of power control and minimizing downtime is important, e.g., for wide-area networked (WAN) environments and other communications applications.
When a piece of local-area networked (LAN), WAN, telecommunications, or other control equipment has xe2x80x9clocked-upxe2x80x9d and is no longer responding to normal methods of communication, it is often necessary to perform a cold boot of the equipment. After the power has been cycled on and off, normal communications with the problem equipment via network can resume.
Such problems may occur, e.g., where WAN environments (e.g., Internet points-of-presence (POPs), or private networks) are centrally controlled, yet servers, routers, and dial-up equipment frequently lock-up and require a reboot. Other scenarios may involve, e.g., satellite control equipment at communication towers, cellular towers or radio equipment. Remote power control may also be appropriate in other AC powered devices, e.g., air conditioners and heaters which may be turned on or off at un-manned stations for climate control. Further applications for remote power control include, e.g., out-of-band management, general data switching applications, and remote site management, such as terminal server and router rebooting and power control, xe2x80x9ccommunications closetxe2x80x9d power management, enterprise-wide power management, timed power management, and uninterrupted power supply (UPS) management.
Accessing equipment remotely to control power supplies may be difficult, if either the site in question is either an un-manned site, or the problem occurs after normal business hours. Even if power control is necessary while personnel are on-site, relying on personnel on-site requires that they be savvy enough not to cycle power to, and not to reboot, the wrong device.
Permitting a system administrator to perform power cycle or remote reboot functions is one means of avoiding potential communication failures. A basic solution known in the art involves employing a remote power control switch that may be controlled by a system administrator to ensure correct booting sequences in the event of system failures. Instead of simply using a switch for remote power control, more elaborate power management capability may be provided remotely, e.g., using a communication interface through which a host can effect power control and monitor power status, including such status items as open/closed state of circuit breakers, bus voltages, and power flow of transmission lines and their frequency. Such a control scheme may involve controlling power remotely via serial commands (e.g., RS-232C or RS-485), thus allowing for power control by means of standard external asynchronous modems, over a network (e.g., via TCP/IP) by using a terminal server or communications server, or locally by using terminal software. ASCII commands sent to a remote power supply system may either query status items of, or control, the power supply system. If the power is controlled using standard commands (e.g., ASCII) and standard modems or network interface devices, only terminal emulation or other appropriate interface software is required to dial up the site (or access the site via network) to control power. Also, such real-time communication with the power supply may provide responses from the power supply after each command has been accomplished. Of course, relying on a human system administrator to control remote power from a remote terminal is not necessarily failsafe, due to human error.
Thus, power control is often achieved using autonomous and semi-autonomous hosts (i.e., hosts requiring only some human interaction) that monitor power supply systems and control them, based on status data received. A monitoring and control host is typically coupled via a network to a communication interface at or on the power supply system. In a typical high-end power system, a communication interface is provided, through which a host can effect power control and monitor power status. In order to allow multiple hosts to access a single power system, the hosts must contend for the communication interface. Traditional arbitration and switching techniques can be applied to resolve this contention but have inherent drawbacks. One such drawback is that only one host can access the power supply at a time. Thus, a method for arbitrating and switching a xe2x80x9cwinnerxe2x80x9d on to the communication channel must be implemented. Further, there is no way of preventing a broken host from locking up the communication channel, thereby preventing access to the power system by another host. Finally, there is no redundancy in such a configuration, i.e., no way to protect the power supply from a single xe2x80x9cderangedxe2x80x9d host falsely issuing a power-off control sequence.
One known implementation comprises a single master host directly connected to the power system, with multiple non-master hosts connected to the master host. The non-master hosts then communicate with the master host to receive access to the power system. In this implementation, the non-master hosts can simply provide controls and commands for the power system to the master host, allowing the master host to resolve any conflicts. This allows the non-master hosts to move on to other tasks. However, if an error occurs within the master host, or on the communication link between the master host and the power supply, the power system would be inaccessible to all of the non-master hosts.
The present invention provides a system and method for multiple hosts to control one or more power systems redundantly. This is accomplished by constructing a power supply system having a plurality of communication interfaces that are physically separate and redundant and that are the same in number as the number of hosts in the system. The communication interfaces are coupled to a software algorithm receiving commands from the hosts via the communication interfaces, to determine whether the power supply system should be on or off at a given point in time. This architecture eliminates the need for arbitration and prevents any single point of failure associated with a host or its communication channel from affecting communication with the other host. The goals of the system and method are to provide physical and logical redundancy, i.e., never to turn off the power system falsely, and to provide power control even when a host or its communication channel has failed.
Such a system allows either host to turn on the power system. However, both hosts agree to turn the power system off, or alternatively, one host may turn off the system only when the other host is not operational. Thus, fully redundant and fault tolerant power system control may be provided.
In an exemplary embodiment, a power control system consistent with the invention comprises at least two hosts, each host comprising a host communications interface; and a power supply system comprising a power supply, control software, and a plurality of power supply system communications interfaces. Each power supply system communications interface corresponds to, and is in communication with, one host communications interface on each host; and the control software is adapted to turn on the power supply when at least one power supply system communications interface receives a xe2x80x9cturn onxe2x80x9d signal from the corresponding host communications interface.
In an exemplary method consistent with the invention, a method for controlling power, in a power control system having at least two hosts and a power supply system comprising a power supply, comprises: determining whether at least one host requires the power supply system to be on; and turning on the power supply based on that determination.