Tailored redundancy
... with PROFINET periphery

Connecting periphery

PROFINET makes the unilateral interface (normal availability) or the connection via open ring available.

Single-sided connection (normal availability) / System-redundant connection via open ring on base of system redundancy


System redundancy (SR)

Event-controlled synchronization of both stations makes for fast and bumpless switchover in
the event of a fault. The redundant CPU picks up processing at the interruption point without
loss of information and alarms. All components can be replaced during running operation
(hot swapping).

When replacing a CPU is replaced, it is automatically loaded with the latest programs and data.
With the system-redundant connection of I/O devices over PROFINET there is a communication
link between each I/O device and each of the two H-CPUs. This ensures that in the event of a
fault (CPU stop or wire break) the devices can still be reached.

Animation SIMATIC High Availability Systems

Connecting periphery -- Single-sided I/O connection

PROFINET architecture in divided rack - with single-sided I/O connection

With a single-sided connection, the I/O modules are addressed by only one central device via the integrated PROFINET interface.


Fault tolerance

Information that is read in on only one device is available to both central devices via the synchronization as long as the central device that addresses the I/O is working correctly. In the event of a failure of the central device that controls the I/O, the data is maintained so that the controller can start exactly where it stopped once the device has been replaced.

Connecting periphery -- System-redundant I/O connection in open ring - in divided racks

PROFINET architecture in divided rack - with system redundant PROFINET I/O

With a system-redundant connection, the I/O modules are designed with only one channel and are addressed by only one of the two central devices via the integrated PROFINET interface.

High-available communication with standard system bus.

Fault tolerance

The controller function is not interrupted in the event of a fault or failure of a central device or an I/O station or in the case of a wire break.

  • In the event of a failure of the master central device, the second central device takes over control of the I/O modules

  • In the event of a failure of the I/O station or in the case of a wire break, the central devices each control the respective I/O stations that they can reach


Connecting periphery -- PROFINET architecture in seperated rack - with system redundant PROFINET I/O

PROFINET architecture in seperated rack - with system redundant PROFINET I/O

With a system-redundant connection, the I/O modules are designed with only one channel and are addressed by only one of the two central devices via the integrated PROFINET interface.

Fault tolerance

The controller function is not interrupted in the event of a fault or failure of a central device or an I/O station or in the case of a wire break.

  • In the event of a failure of the master central device, the second central device takes over control of the I/O modules

  • In the event of a failure of the I/O station or in the case of a wire break, the central devices each control the respective I/O stations that they can reach

Additional benefit of fault tolerance

Availability can be increased even more if both CPUs are set up completely separate from each other.

The distance between the systems can be up to 10 kilometers (16 miles).

Plant communication

With higher requirements on the availability of an overall plant it is necessary to increase the reliability of the communication, i.e. also set up communication redundantly if required.
Please see below a selection of configurations that can be used.Auch die Kommunikation ist

Plant communication -- High-available communication with plant bus

High-available communication with plant bus

- via one communication processor (CP)

The bus is safely installed and not at risk of failure. Failure of one component per system will be tolerated.

Plant communication -- High-available communication with redundant plant bus

High-available communication with redundant plant bus and redundant CPs

- via redundant communication processors (CP)

The bus and the bus connection are redundantly installed. In this case, failure of the bus and one more component per system will be tolerated.

Plant communication -- High-available communication with plant bus as ring

High-available communication with ring bus

- via one communication processor (CP)

In this configuration, fault tolerance of the bus is achieved using a ring structure. Failure of one additional component can also be tolerated

Plant communication -- High-available communication with plant bus as redundant ring

High-available communication with ring bus

- via two communication processors (CP)

In this configuration, fault tolerance of the bus is achieved using a ring structure. Failure of one
bus and one additional component (CPUs or CPs) can also be tolerated.