High available HMI systems

Redundancy and fault tolerance for more productivity


As far as the availability of HMI systems is concerned Siemens offers scalable solutions which can be seamlessly integrated into the architecture of highly available systems. While fault-tolerant controllers minimize downtimes of machines and plants, highly available HMI systems ensure their operability at any time. The key to this is the capability to support redundant architectures and communication channels.

The PROFINET interface of the new SIMATIC HMI operator devices e.g. has an integrated 
2-port switch and supports the Media Redundancy Protocol (MRP), a prerequisite to build up a redundant PROFINET communication through ring topology making sure that the failure of a node does not lead to communication breakdown.

SIMATIC IPCs with integrated RAID controllers provide extensive protection against data losses in the case of a hard drive failure. Every write operation to one hard drive of the PC is performed in parallel on a mirror drive, so that identical hard drive contents are available at any one time. The simultaneous failure of both hard drives is rather unlikely. In the case of a problem with one hard drive, the application will continue to run without interruption. The functions of the “productive” drive are assumed by the mirror drive. The user can continue to work until a self-defined service date, at which the faulty hard drive can be replaced.

At the level of process visualization software SIMATIC WinCC as well as SIMATIC WinCC Open Architecture  support the implementation of redundant system architectures ( clients an d server) for a continuous operator control and data integrity. 

Redundancy solutions with SIMATIC WinCC V7

The WinCC/Redundancy option gives the user the opportunity to operate two linked WinCC single-user systems or server PCs in parallel, in order to monitor each other. On failure of one of the servers, the second server assumes control of the entire system. When the failed server resumes operation, the contents of all message and process value archives are copied back to the restored server. The automatic switchover to the redundant partner takes place not only when a server fails, but also in case of disturbed process communication.

Redundancy solutions with SIMATIC WinCC Open Architecture

When short-term breakdowns result in substantial costs and problems, the highest levels of system availability and reliability are necessary. WinCC Open Architecture provides this reliability through its hot standby redundancy and Disaster Recovery System.
If a unit develops a fault, continued operational management is ensured without any disruption. Effective provision is made for the loss of data and the problems associated with it.

Hot standby redundancy
This is a hardware-independent solution consisting of two interconnected server systems. Both servers are continuously in operation and are subject to the same function related load. Only one server is active, while the second server is in standby and reconciles run-time data with the primary unit. If a unit breaks down, an immediate switch occurs in which the previous standby server takes over operational management.

Disaster Recovery System
The Disaster Recovery System extends simple redundancy to a second redundant system, which can be switched to if a serious incident (e.g. fire or explosion in the building where the primary system is located) occurs. This additional local redundancy provides the highest possible levelof reliability.