Controllers in the Age of High Availability

September 12, 2022

The emergence of new high availability technologies makes it more economical to implement a redundancy strategy for PLCs, PACs and edge controllers. Darrell Halterman Explain.

A fault-tolerant PROFINET ring network allows both controllers to be in independent communication with all field I/O simultaneously.

As manufacturers look for new ways to maximize the efficiency and profitability of their operations, more emphasis is being placed on control systems technology that helps ensure continuous production and higher plant availability. Traditionally, replacing a faulty device might be considered a reasonable cause of downtime, but in modern manufacturing it is no longer often considered unacceptable. High availability (HA) technology and systems are now increasingly in demand, including industrial automation controllers, which can control a range of critical devices and applications.

HA functionality has been built into distributed control systems for many years, as large process plants depend on it for continuous operation, and any downtime tends to be costly. However, in applications controlled by programmable logic controllers (PLCs) and programmable automation controllers (PACs) – such as machinery and other equipment – HA functionality has typically only been used for the most common instances. reviews.

One of the main reasons for this is that the typical failure rates of PLC, PAC and edge controllers have been considered acceptable for traditional operational availability requirements. Additionally, building and maintaining redundant PLC or edge controller architectures has often been complex and expensive. Therefore, many organizations have considered backing up spares as the most cost-effective way to mitigate a controller failure.

However, today PLCs, PACs and edge controllers play increasingly critical roles, including key functions in the areas of data analysis and communications. Where once a controller failure could take a single machine offline, it can now significantly affect the availability and efficiency of an entire plant or operation. As lightless manufacturing processes become more common in industries such as electronics manufacturing and logistics or warehousing, for example, the need for always-on control solutions is driving increased demand for HA control architectures.

Controller redundancy

Thanks to modern controller technology, it is now possible to implement HA in these automation systems quickly, easily and at a cost roughly equivalent to the traditional spare part model. This new HA approach enables organizations to increase plant uptime, mitigate risk, and support more robust cybersecurity.

Modern PLC, PAC and edge controllers should have the ability to allow paired controllers to supervise systems running in parallel, fully synchronized, with real-time execution and access to the same I/O. The controller therefore ceases to be a single point of failure, as a failure of the primary controller results in a bumpless transfer to the secondary controller within milliseconds. This is accomplished through reflective memory technology, which completely transfers a necessary memory image from an active controller to its coupled standby controller with each individual sweep.

A range of capabilities and conditions are built into the best HA control solutions to provide consistent, deterministic and reliable application control in cost effective and maintainable solutions. To begin with, both controllers should have equal access to all I/O and field devices, and this is best achieved through a fault-tolerant Ethernet ring network. A ring network can often be created with minimal additional materials and effort compared to traditional double line or star networks.

Second, the controllers must communicate with each other over high-performance links designed to support step-by-step, scan-to-scan synchronization. This allows the standby controller to always have the same data set as the active controller. These links enable control switchovers as fast as three milliseconds in a single controller scan. However, the main advantage of these dedicated timing links is that failover time is deterministic and not variable due to side effects of other network devices or events. When other architectures attempt to synchronize the two controllers through I/O networks, interactions with other networked devices can cause command failover lag. In the worst case, the non-deterministic failover of these other architectures could lead to additional system failures or even a total shutdown of the two redundant controllers.

Third, although the two controllers can be installed in the same location, it is best to separate them geographically to prevent them both from being subject to common localized problems, such as power outages, fire or flooding. . The latest HA solutions use dedicated controller-to-controller links and support I/O networks over distances of up to 10 km via fiber optics.

Finally, the latest HA solutions are designed to continue seamless operations even with different versions of software or firmware installed on the paired controllers. If the control software or firmware needs to be updated to deploy a new cybersecurity patch, the primary controller can be updated while the secondary controller is running and vice versa, which means the machine or process does not does not need to be shut down while this critical update is taking place. This can lead to additional economic benefits. Users may be able to perform routine maintenance and even upgrade activities without having to shut down the application. Activities that were once relegated to night and weekend shifts, resulting in costly overtime, can now be performed on day shifts, with no loss of production.


Organizations no longer need to sacrifice performance or cost in order to realize the many benefits of HA control architectures. Modern control system redundancy architectures provide cost-effective HA solutions with fast, deterministic, and consistent failovers. Operational uptime can now be maximized and maintenance costs minimized, leading to greater and faster return on investment. With the added benefit of improved cybersecurity resiliency, it is evident that HA control architectures have become a critical evolution in modern control strategies.

Darrell Halterman is director of PACSystems control products at Emerson.

Contact details and archives…