Automation and Drives
High-available
SIMATIC
SIMATIC S7-400H
The high-available Automation System
�Automation and Drives
Benefits
High-available
SIMATIC
Overview
Overview
Redundancy
features
Avoidance of control system failures due to individual faults
This is attained primarily through a redundant configuration
Switchover
High-availability is required in the following cases:
Synchronization
When processing valuable materials
Self-test
When downtimes or production failures would be expensive
Programming
CIR
When a control system failure would result in high restart
costs
Online repair
In order to enable operation without supervisory or
maintenance personnel
Configuration
Communication
Redundant I/O
A&D AS, 07/2004, Chart 2
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Industries (1)
High-available
SIMATIC
Overview
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Power generation and distribution
(oil, gas, electricity)
Power plants
Pipelines
Offshore
District heating systems
Chemical, electrochemical, petrochemical and
pharmaceutical industries
Mining
Environmental engineering
Water treatment
Refuse incineration
Pulp and paper
Steel and metal
A&D AS, 07/2004, Chart 3
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Industries (2)
High-available
SIMATIC
Overview
Overview
Redundancy
features
Food and beverages
Glass industry
Switchover
Semiconductor industry (utilities)
Synchronization
Self-test
Transport
Programming
CIR
Online repair
Tunnel automation
Marine automation
Airports
Runway lighting
Baggage transport
Configuration
Communication
Redundant I/O
A&D AS, 07/2004, Chart 4
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
System architecture
High-available
SIMATIC
Overview
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Management level
Process level
H CPUs
Hot standby
Communication
Redundant I/O
ET 200M
Field level
Clients
Parallel
redundancy
Server
PC network/terminal busParallel
redundancy
With archivematching
Highavailable
Ethernet
communicatio
Media
n redundancy
Redundant
power supply
SW
redundancy
Warm standby
Redundant
PROFIBUS
Redundant
IM 153
A&D AS, 07/2004, Chart 5
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
System integration
High-available
SIMATIC
Overview
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Hidden redundancy
Transparent programming
(programming same as for nonredundant systems)
Standard system parameterization
Standard handling
All SIMATIC programming
languages can be used without
restriction
Platform for F and
FH systems
Redundant I/O
A&D AS, 07/2004, Chart 6
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Bumpless master-stand-by switchover
High-available
SIMATIC
Overview
Redundancy
Redundancy
features
features
Switchover
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Switchover time
Switchover
time < 100ms
Outputs are retained during switchover
No information or alarm/interrupt is lost
Switchover criteria
Master failure
Power
supply
Rack
Sync
module
Sync cable
CPU
Failure of a DP string or DP slave interface module does
not force a switchover
A&D AS, 07/2004, Chart 7
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Automatic event synchronization
High-available
SIMATIC
Overview
Redundancy
Redundancy
features
features
Switchover
Synchronization
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Customer benefits
Transparent programming
All
standard SIMATIC-S7 programming languages
No command restrictions
Easy porting of the user program
from standard CPU to high-available CPU
Bumpless switchover
No
loss of information
No loss of alarms/interrupts
Because all redundancy-specific functions are handled
by the operating system, the user can feel assured
that he/she has done everything right as far as
redundancy is concerned
A&D AS, 07/2004, Chart 8
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Comprehensive self-test functions
High-available
SIMATIC
Overview
Self-test
Redundancy
Redundancy
features
features
Scope:
Switchover
CPU
Synchronization
Self-test
Self-test
Memory
Programming
CIR
Online repair
Configuration
Synchronization
Organization:
Startup
Communication
Redundant I/O
link
self-test
Complete test
Self-test
in cyclic mode
Executes permanently as
background task
Executes in its entirety within a specifiable amount of
time (default: 90 minutes)
A&D AS, 07/2004, Chart 9
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Online programming
High-available
SIMATIC
Overview
Redundancy
Redundancy
features
features
Online modifications same as for standard system
All
modifications are automatically copied to both
CPUs
Switchover
Synchronization
Connecting a PG
Self-test
At
Programming
Programming
CIR
Online repair
MPI interface
Via bus
Configuration
PROFIBUS/Ethernet
Communication
Redundant I/O
MPI/DP
A&D AS, 07/2004, Chart 10
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Configuration in RUN (CIR)
High-available
SIMATIC
Overview
CPU memory configuration
Redundancy
Redundancy
features
features
Adding or removing:
Switchover
Synchronization
Self-test
Programming
CIR
CIR
Online repair
Configuration
Central
I/O or CP
DP slaves
PA interface and PA slaves
Y-link and slaves
Modules in modular DP slaves
CPU parameter
Communication
Redundant I/O
A&D AS, 07/2004, Chart 11
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Replacing modules in RUN mode
High-available
SIMATIC
Overview
Redundancy
Redundancy
features
features
Switchover
Synchronization
Self-test
Programming
CIR
Online
Onlinerepair
repair
Configuration
Communication
Redundant I/O
Modules which can be removed and inserted in Run
mode
I/O
and CP
Sync module
Redundant IM 153-2
Redundant power supplies
Redundant components which can be replaced with the
power off:
Standard
power supplies
Central IM
CPU
CPU is automatically updated following replacement
(program and data)
A&D AS, 07/2004, Chart 12
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Configuration
Highlights new CPUs
High-available
SIMATIC
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Konfiguration
Communication
Redundant I/O
Performance Increase
Average
Increase
417-4H appr. x 2,5-3
414-4H appr. x 1,2-2,2
More Memory
417-4H from 4 MB to 20MB
414-4H from 768KB to 1,4MB
Higher Reliability
Memory
with automatic Ewrror Detection and
Correction (EDC)
New Feature
Distance
500m)
between the Controller up to 10km (before
A&D AS, 07/2004, Chart 13
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Configuration
Technical specifications for the CPUs
High-available
SIMATIC
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Two CPU types available
CPU
417-4H with
20MB onboard
CPU 414-4H with
1,4MB onboard
General
technical specifications,
e.g. CPU 417-4 or CPU 414-3
Configuration
Configuration
4 integrated interfaces
Communication
Two
Redundant I/O
for the Sync modules
One DP interface
One MPI/DP interface
A&D AS, 07/2004, Chart 14
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Configuration
Redundant link
High-available
SIMATIC
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Replaceable Sync modules
Fiber-optics (FO)
Configuration
Configuration
Communication
Fiber-optics (FO)
Redundant I/O
A&D AS, 07/2004, Chart 15
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
I/O configuration
Switched I/O: mode of operation
High-available
SIMATIC
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Configuration
Communication
Both DP masters are active
and functioning properly
Reading
inputs:
The inputs are read only
from the preferred channel
side (active IM)
Writing
outputs:
The data are accepted by
both channels.
Only the data in the preferred
channel are forwarded to the
outputs.
Redundant I/O
A&D AS, 07/2004, Chart 16
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Redundant I/O
High-available
SIMATIC
Overview
New:
Redundant IO
Redundancy
features
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Redundant
I/O
Redundant Communication
Redundant Controller
PROFIBUS DP
Switchover
Redundant Profibus
Sensor/control
element
Redundant IM
A&D AS, 07/2004, Chart 17
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Redundant I/O
Possible redundancy structures (2)
High-available
SIMATIC
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Distributed switched
I/O modules
H-CPU in single mode
Configuration
Communication
Redundant I/O
Redundant
I/O
A&D AS, 07/2004, Chart 18
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Redundant I/O
Wiring digital inputs
High-available
SIMATIC
With one sensor
Overview
DI
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Redundant
I/O
DI
DI
DI
Redundant Profibus
DI
With two sensors
Master I/O
Both Inputs are read in parallel.
The correct value is selected and processed automatically
Redundant I/O
DI
Since the function is not suitable for all module types, the manual or Internet sh
consulted to find out which modules can currently be used.
A&D AS, 07/2004, Chart 19
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Redundant I/O
Wiring analog inputs
High-available
SIMATIC
Overview
With voltage sensor
AE-U
AE-U
With current sensor With current sensor With 2 sensors
AI-I
AI-I
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Redundant
I/O
AE
4-wire transducers only
AI
Redundant Profibus
Switchover
AE-U
AE
Redundancy
features
AE-U
Master I/O
The CPU reads both inputs. The correct value is selected
and processed automatically
R
Redundant I/O
AI
Since the function is not suitable for every module type, the manual or Internet s
consulted to find out which modules can currently be used.
A&D AS, 07/2004, Chart 20
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Redundant I/O
Wiring digital outputs
High-available
SIMATIC
With diodes *
Overview
DQ
DQ
Without diodes*
DQ
DQ
* Dependant on the
module type
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Redundant
I/O
DO
Redundant Profibus
Master I/O
Both Outputs are set
Actuator
Redundant I/O
DO
Since the function is not suitable for every module type, the manual or Internet s
consulted to find out which modules can currently be used.
A&D AS, 07/2004, Chart 21
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
Redundant I/O
Wiring analog outputs
High-available
SIMATIC
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
Redundant
I/O
Each Output outputs half the value.
When one of the modules fails, the output that is still in
provides the full value
AO
Redundant Profibus
Overview
Master I/O
Both Outputs are set
Actuato
I
Redundant I/O
AO
Since the function is not suitable for all module types, the manual or Internet sh
consulted to find out which modules can currently be used
A&D AS, 07/2004, Chart 22
Siemens AG 2004 - Subject to change without prior
�Automation and Drives
High-available
SIMATIC
Overview
Redundancy
features
Switchover
Synchronization
Self-test
Programming
CIR
Online repair
Configuration
Communication
Redundant I/O
A&D AS, 07/2004, Chart 23
Siemens AG 2004 - Subject to change without prior
