High availability and breakdown security are significant factors in automation technology. Even a short downtime can cause considerable costs and safety risks. The Disaster Recovery System secures the availability of the installation and data retention, even in the event of a total failure of the Master Control Center.
This system extends the single redundancy by a second redundant system, to which, in the event of a malfunction (e.g. an emission, a fire or an explosion in the building housing the primary system) one can switch over. This additional local redundancy provides the highest level of availability.
The Disaster Recovery System is designed as a Warm Standby System and consists of two geographically separated Hot Standby Systems, the Master Control Center and the Disaster Recovery Center, connected together by a high-availability dedicated line. In the normal operating condition, the Master Control Center is permanently connected to the periphery. In the event of a total breakdown of the Master Control Center, the geographically separated Disaster Recovery Center automatically takes over all the monitoring and control activities and activates the local periphery drivers of its own accord.
A further characteristic of the Disaster Recovery System is the local archive data retention in the Oracle databases of both Hot Standby Systems. This means that historical data can be accessed at all times. All database queries remain within the local network, thus requiring a narrower bandwidth. In order to secure up-to-date data in both systems, the historical data from both systems, in normal operating mode, are actively written to the specific Oracle database concerned. Synchronization of the data ensures redundant data retention.
The Disaster Recovery System is an extension of today's SCADA redundancy concept and thus reduces the probability of data loss to a minimum, guarantees faultless operation of the entire system and reduces excessive downtimes.