Premium Hot Standby with Unity User Manual
Contents
1. with In rack I O Physical Input ABE7 ACC11 PRIMARY PLC Connection block STANDBY PLC CPU DI l objects are not impacted CPU DI by the database exchange Modules and Y channels and health bits Y health bits phase JN Phase IN Discrete in Driver l Discrete in Driver Memo memory image Y image Copro access Database exchange Wait and including Q objects d Mast First Mast First section peu section MAST Mast Other cycle Mast Other ls sections MSG cycle Output images Not executed are calculated by the program Q Phase OUT Phase OUT memory NJ Discrete Out Discrete Out image Driver memory Driver image CPU DO CPU DO ABE7 ACC10 Connection block ere Output 112 35012068 00 November 2006 Programming Debugging Operation cycle The following graphic displays the operation cycle with Ethernet I O with Ethernet I O Ethernet I O Active device Not active scanner gt U scanner PRIMARY PLC STANDBY PLC SWITCH Y MW Input Y MW Input Phase IN memory Phase IN memory 4 ETY Driver image ETY in Driver image Y Y Database exchange Wait and Copro access including MW objects Cina MORE Mast First mm MAST2. 205 Hardware Failure of a Digital Module 207 Hardware Failure of the SCP card in SCY 210 T INE 213 Hn 229 35012068 00 November 2006 Safety Information P Important Information NOTICE Read these instructions carefully and look at the equipment to become familiar with the device before trying to install operate or maintain it The following special messages may appear throughout this documentation or on the equipment to warn of potential hazards or to call attention to information that clarifies or simplifies a procedure The addition of this symbol to a Danger or Warning safety label indicates A that an electrical hazard exists which will result in personal injury if the instructions are not followed This is the safety alert symbol It is used to alert you to potential personal injury hazards Obey all safety messages that follow this symbol to avoid possible injury or death A DANGER DANGER indicates an imminently hazardous situation which if not avoided will result in death or serious injury A WARNING WARNING indicates a potentially hazardous situation which if not avoided can result in death serious injury or equipment damage A CAUTION CAUTION indicates a potentially hazardous situation which if not avoided can result in injury or equ
3. 188 35012068 00 November 2006 System Detailed Behavior upon Failures In rack Discrete I O state cycle Remote I O state PLC A processed normally e PLC B PLC A output applied at the end of the task PLC A all connections with Ethernet devices open I O scanner is active e PLC B all connections with Ethernet devices closed I O scanner is not active Ethernet I O sganner SCADA SCY DIG DIG IN JOUT PLCB Standby SCY bIG DIG IN JOUT SCP 114 1 PS ETY ETH Port SCP 114 Global status Communication status Customer diagnostic through Ethernet address The process is still active and the HSBY system is still redundant In case of switchover PLC B will become Primary with some Discrete I O in failed mode Both PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics SW61 1000 0000 0000 1110 e The accessed PLC is PLC A primary e The other PLC is PLC B standby SW62 0111 1111 0000 0000 e The other PLC all discrete modules of extended rack in fault 35012068 00 November 2006 189 System Detailed Behavior upon Failures Hardware or Firmware ETY failure ETY Failure on Primary The following table presents ETY failure hardware or firmware on the Primary PLC Before the event In rack Discrete I O state PLC A calculated and applied at t
4. 35012068 00 November 2006 99 Configuring Understanding the Non Transfer Area and Reverse Transfer Words A Non Transfer The Non Transfer Area is the block of Mw that is not transferred from Primary to Area Standby This block is from MWO to Mw99 The size of this block can not be changed Reverse Transfer Four system words SW62 to SW65 are dedicated to transfer data from the Words Standby controller to the Primary These system words can be used by the application program in the first section to register diagnostic information The data coming from the Standby is transferred at each scan and is available to the Primary 100 35012068 00 November 2006 Configuring Understanding the Unity Command Register Setting the Bits in the Command Register System Word SWE0 1 System Word SWE60 2 The Command Register defines the operating parameters of a Hot Standby application for both the Primary and Standby and is located at system word SW60 At each scan the Command Register is replicated and transferred from the Primary to the Standby Transfer occurs only from Primary to Standby Any changes made to the Command Register on the Standby will have no effect because the values transferred from the Primary overwrite the values in the Standby The following illustration identifies the operating options provided by the Command Register Sets Controller to OFFLINE mode 0 Sets C
5. 35012068 00 November 2006 35 Behavior and Performances 36 35012068 00 November 2006 Behavior and Performances 3 1 Behavior of Premium Hot Standby At a Glance Purpose This section describes the Behavior of the Premium Hot Standby system What s in this This section contains the following topics Section Topic Page Premium Hot Standby with IEC Logic 38 Understanding the Premium Hot Standby Data Base Transfer Process 39 Understanding System Scan Time in Premium Hot Standby 40 35012068 00 November 2006 37 Behavior and Performances Premium Hot Standby with IEC Logic Overview Data Transfer and User Data A Premium Hot Standby System requires two backplanes configured with identical hardware software and firmware One of the controllers PLC functions as the Primary controller and the other as a Standby controller e The Primary updates the Standby after every scan e The Primary and Standby communicate constantly monitoring the health of the system e f the Primary fails the Standby takes control within one scan In a Premium Hot Standby System data is transferred from Primary to Standby after every scan The following data transfers after every scan e Located Variables maximum 128 Kilobytes e All Unlocated variables up to 300 Kilobytes on TSX H57 44M e All instances of the DFB and EFB type e SFC variable area e System Bits
6. 146 35012068 00 November 2006 Maintaining Detecting CPU sync Link Failures Important Information Standby Detects a Failure Standby Assumes Control Facts 1 CPU sync link connects the two Copros 2 Using the CPU sync link the Primary controller communicates with the Standby on every Mast cycle 3 Primary sends either 1 Data message 2 Health message Note If both the Primary and Standby do not hear from each other either station can detect a CPU sync link failure At first Step Action Result 1 Standby gets no response from the Primary on the CPU sync link e There is no more data base exchange from primary to standby e The system is no longer redundant as long as the Ethernet copro of the PLC is in failure mode The Standby becomes Primary Step Action Result 1 After the Primary controller goes offline Health message or no answer from the or disappeared Primary 2 Standby controller scans the ETY sync link once 3 If Standby controller gets no response Standby knows that the failure must be on both the Primary Copro and Primary CPU 4 Standby assumes control 35012068 00 November 2006 147 Maintaining Checking for Identical Application Programs Checksum Important Information Standby Checks for Mismatches Please note Fact Result
7. Ring i p Momentum OTB a _ 35012068 00 November 2006 53 Setting up Installing and Cabling The following table describes the items of an architecture example with Redundant I O and SCADA network Items Description Ethernet TCP IP network 1 Ethernet Switch Ethernet TCP IP network 2 and 3 CPU sync Link ConneXium Ethernet Switch with Ring capability Modbus Gateway example TSX ETG 1000 Modbus Monitored ETY co oci 2 Architecture The following graphic shows an architecture example with Mixed Ethernet and example with Modbus Mixed Ethernet and Modbus MONITOR PRO 1 D TEsysU a Premium CPU TA 5__ Ethernet l 1 Eita at 8 Ring 2 1 m TEsysU 4 1 5 1 m Shared B Monitored Vo Monitored means a failure in the ETY or in the link to the first switch hub will cause an automatic switch over 54 35012068 00 November 2006 Setting up Installing and Cabling The following table describes the items of an architecture example with Mixed Ethernet and Modbus Items Description 1 ConneXium Ethernet Switch with Ring capability 2 Modbus RS485 cable 3 CPU sync Link 4 Ethernet I O scanner communications 5 Junction box 35012068 00 November 2006 55 Setting up
8. 35012068 00 November 2006 149 Maintaining Troubleshooting a Hot Standby PLC Troubleshooting To determine which components have failed note PLC s status on CPU LED display Ethernet cable not connected on the PLC and Monitored ETY LED display CPU LEDs Monitored ETY LEDs Failure type Description RUN ERR STS ERR STS No failure Normal state CPU in Primary 0215 0 0 nai No failure Normal state CPU in Standby i CPU faults Serious hardware or firmware fault X e x lt x x Correct operation of the CPU is no longer assured CPU no more Primary nor Standby Copro fault Copro auto tests failed Application Halt instruction watchdog 4 64 x x x x X fault overrun CPU in Offline mode ETY fault Module not configured or Pd x e x x 4 xX configuration in progress ETY fault Serious hardware or firmware fault D 3 e x C e C Correct operation of the ETY is no longer assured CPU is Offline ETY fault Software operation error D eS e S lt e Temporary state causing module re initialization ETY fault e flashes on ETY STS LED the module or Hub side e 4 flashes on ETY STS LED the module IP address is duplicated 150 35012068 00 November 2006 Maintaining LED Description Permanently ON Normal flashing 500 ms ON 500 ms OFF Standby f
9. Failure to follow this instruction can result in injury or equipment damage 88 35012068 00 November 2006 Configuring Monitored ETY Module The monitored ETY module enables the switching of Ethernet services and automatic IP Address swapping between the Primary and Standby TSX ETY controllers The position of the monitored ETY is unrestricted in the Premium configuration in terms of firmware configuration and position both PLCs must be configured identically in terms of material and module position ETY modules are linked either through the same switch or a Ethernet crossover cable By using an Ethernet transceiver an optical connection can be used for long distance To configure the Monitored ETY module in Unity Pro the topology address of the Monitored ETY module should be set in the Hot Standby TAB of the CPU screen The user selects in the combo box from a list of existing ETY card addresses The Monitored ETY Module is used to diagnose the status of the complete Premium Hot Standby configuration and communication with it s peer Standby ETY This is achieved via the ETY sync link It is recommended but not mandatory that the Monitored ETY module be an I O scanner If a fault appears on this module module hardware failure broken wire or cable disconnection there will be automatic switch over If a fault appears on other ETY modules non monitored there is no automatic switch over and the user must
10. eit ee ee reete te pets ERE pep eem p RP ees 65 Configuring a System with the Unity Pro Tabs and Dialogs 67 Ata GlanGe PEDEM ER 67 Introducing Unity Pro eR RR RERO ERR RUE IRE 68 Accessing the Base 69 Using the Overview 70 Using the Configuration Tab 71 Using the Animation Tab and PLC Screen 73 Using the Premium Hot Standby Tab 79 Configuring In rack 81 Configuring the PCMCIA lt 82 Swapping Network Addresses at Switch 84 Configuring TSX ETY 4103 5103 Modules 86 Ata GlanGe toric ete ne tae aed Pe anak e T ea ek 86 Overview of Premium Hot Standby TSX ETY 87 ETY Operating Modes and Premium Hot Standby 90 IP Address 5 0 93 Network Effects of Premium Hot Standby 95 Configuring Registers 99 Ata Glance issue hte be d cane teat Pane dea 99 Understanding the Non Transfer Area and Reverse Transfer Words 100 Understanding the Unity Co
11. Remote O state I O scanner is active PLC A calculated and applied at the end of the task PLC A all connections with Ethernet devices are open e PLC B all connections with Ethernet devices closed I O scanner is not active Ethernet 1 0 scanner 4 SCADA PLCA Switch ju 8 Primary PS CPU ETY ETY i DIG DIG PS CPU ETY ETY B en To HMI IN JOUT HMI IN JOUT m y m i Port 114 Port 114 i 1 Global status Communication status Customer diagnostic through Ethernet address The process is still active but the system is no longer redundant as long as the Ethernet copro of PLC B is in failed mode Both PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics SW61 1000 0000 0000 0110 The accessed PLC is PLC A primary e The other PLC is PLC B offline SWE2 Not significant because one of the two PLC is Offline 198 35012068 00 November 2006 System Detailed Behavior upon Failures CPU sync link failure between Primary and Standby PLCs Primary and Standby CPU sync Failure PLCs The following table presents CPU sync link failure between the Primary and Standby Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state PLC A all connections wit
12. 1and 1 Standby mode 4 Logic Mismatch between PLC and e Value 0 No Peer PLC e lValue 1 Yes 5 PLC Name e Value 0 Unit A e Value 1 Unit B 6 CPU sync link Error e Value 0 No e Value 1 Yes 7 Main Processor OS version Mismatch e Value 0 No e Value 1 Yes 8 Co Processor OS version Mismatch e Value 0 No e Value 1 Yes 9 At least One ETY do not have the e Value 0 No All ETY have the minimum version V4 minimum required version e Value 1 Yes Replace old ETY 10 Monitored ETY OS version Mismatch e Value 0 No e Value 1 Yes 15 Hot Standby Entire System State e Value 0 Off e Value 1 On 35012068 00 November 2006 77 Configuring Viewing the Information Tab in connected mode The following illustration displays Unity Pro Information tab dialog in connected mode PLC Screen Q Task 9 Realtime clock Ji Q Information SYSTEM INFORMATION zal sue IDENTIFICATION MEMORY APPLICATION 1 IDENTIFICATION OPTION HOTSTANDBY MISCELLANEOUS 151413121110 9 8 7654 3 2 1 0 MoS W61 10000010010000 01 bits 1 0 PLC HOT STANDBY STATUS primary standby offline bit 4 LOGIC MISMATCH BETWEEN PLC AND PEER PLC bit5 PLC NAME bit 6 CPU SYNC LINK ERROR bit 7 MAIN PROCESSOR OS VERSION MISMATCH bit8 CO PROCESSOR OS VERSION MISMATCH bit9 AT LEAST ONE ETY DO NOT HAVE THE MINIMUM VERSION V4 bit 10
13. 35012068 00 November 2006 Overview Using Premium Hot Standby CPUs LED indicators Overview The LED indicators are positioned on the Display Block Position of indicators on Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M 1 Display Block with LED indicators 35012068 00 November 2006 23 Overview Interpreting the LED Indicators The LEDs provide information CPUs TSX H57 24M and TSX H57 44M LEDs Color Indicates ACT Yellow Blinking communication activity between Primary and standby controllers STS Yellow e Blinking the system is redundant and data are exchanged from the Primary to Standby controller e Steady on the system is not redundant or the Copro is booting from power on to end of self tests Steady off auto tests failed Note No activity returns the LEDs to the default The Premium Hot Standby CPU uses an embedded coprocessor Copro to provide a dedicated communications link which transfers data between the Primary and Standby controllers The state of the RUN LED depends of the HSBY mode STOP RUN Primary RUN Standby RUN Offline The following illustration displays the CPU status with the LEDs RUN PRIMARY OFF 500ms RUN ous 7 STANBY ON 2 58 BLINKING RUN OFF 2 55 RUN LED OFFLINE BLINKING ON 500ms OFF 500ms STOP RUN LED offline BLINKING ON 500ms 24 3501206
14. A Hot Standby system requires that both stations must have the same application program This requirement prevents the Standby from executing a different application program if transfer of control occurs Checking for identical application programs Step Action Result 1 At each scan the application The Standby validates the new program s instruction checksum checksum CKSM against its existing CKSM is transferred from the checksum CKSM Primary to the Standby along with any other necessary data 2 Standby determines if mismatch 1 Mismatch Standby goes Offline occurs 2 No mismatch system operates normally 3 The controller returns to Online and is the Standby as soon as the application programs are identical 148 35012068 00 November 2006 Maintaining Replacing a Faulty Module Important You may replace a faulty module while a system is running Ensure that the replacement module 1 Installs in the Standby backplane 2 Resides in the same position in both backplanes 3 Is same type of module Same type of module means ETY4103 replaces ETY4103 A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION Follow this informations 1 Perform a switch over if replacing a Primary 2 Do NOT remove a Primary controller with under powerer Hot Swap Failure to follow this instruction can result in death serious injury or equipment damage
15. Global status Communication status Customer diagnostic through Ethernet address 2 No impact on the Hot Standby System The process is still redundant Normal access to PLC A through terminal port and Ethernet link and Modbus link for diagnostics Normal access to PLC B through terminal port and Ethernet link for diagnostics No access through Modbus link SSW61 1000 0000 0000 1110 The accessed PLC is PLC A primary The other PLC is PLC B standby SW62 0000 0000 0110 0000 e Other PLC SCP SCY in fault 212 35012068 00 November 2006 Glossary l IW 9eKW M 9eMW Q QW According to the IEC standard 1 indicates a discrete input type language object According to the IEC standard Iw indicates an analog input type language object According to the IEC standard Kw indicates a constant word type language object According to the IEC standard M indicates a memory bit type language object According to the IEC standard indicates a memory word type language object According to the IEC standard indicates a discrete output type language object According to the IEC standard ow indicates an analog output type language object A ADDR TYPE ANL IN This predefined type is used as output for ADDR function This type is ARRAY O 5 OF Int You can find it in the libset in the same family of the EFs which use it ANL_IN i
16. state PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active PLC A calculated and applied at the end of the task cycle Ethernet I O scanner SCADA SCY DIG 016 PS IN OU Port PLC A Primary Port PLC B Standby DIG DIG IN JOU SCP 114 1 114 Event Power failure on the Primary main rack This is a critical event because an automatic switch over occurs Ethernet I O scanner SCADA PLCA PLC B SCY DIG DIG IN JOU SCP 114 Switch 1 ScYpic DIG PS CPU IN JOU 114 Port After the event In rack Discrete I O state PLC A I O powered off Remote state PLC A ETY powered off e PLC all connections with Ethernet devices are open I O scanner is active PLC B calculated and applied at the end of the task cycle Ethernet I O scanner SCADA Switch PLCA NR 1 PS CPU F DIG IN JOU Port i 1 NR Not Responding NR 1 PLCB Primary PS CPU SCY DIG DIG IN JOU Port d Global status Communication status Customer diagnostic through Ethernet address 184 35012068 00 November 2006 System Detailed Behavior upon Failures The process is still active No access to PLC A CPU SW61 1000 0000 001
17. 161 Overview of Premium Hot Standby OS Upgrade 162 Executing the OS Upgrade Procedure 163 eee ee See ee ee Kd ed dn e e ae n ca 165 Appendices for Premium Hot Standby 165 Additional 1 167 Introductio eiua eet ON C IgE Pr ARRA E qe 167 CPUs TSX H57 24M TSX H57 44M Specifications for Premium Hot Standby 168 35012068 00 November 2006 Appendix B Glossary Index TextlDs E E xor uto ve Io POCO ers E 174 System Detailed Behavior upon Failures 175 Introduction RU abb xe RR RODA nase eS RC ETUR E ROSE PUR a 175 Overview of Failures A y ai RI RR 176 Halt or Stop Events on PLC 2 ete eee 178 Hardware or Firmware CPU Failure 181 Power Failure on the Main Rack 184 Power Failure an Extendable 187 Hardware or Firmware ETY failure 190 Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA 193 Failure on the Ethernet 196 CPU sync link failure between Primary and Standby PLCs 199 Monitored ETY and I O Scanner Disconnection 201 Full Ethernet I O Link
18. ANY ARRAY BOOL ANY ARRAY ANY STRING ANY ARRAY STRING ANY ARRAY ANY DATE ANY ARRAY DATE AND TIME ANY ARRAY DATE ARRAY TIME OF DAY ANY ARRAY EBOOL ANY ARRAY ANY DDT ANY STRUCTURE ANY DDT ANY IODDT ANY FFB ANY EFB ANY DFB 214 35012068 00 November 2006 Glossary ARRAY An ARRAY is a table of elements of the same type The syntax is as follows ARRAY terminals OF Type Example ARRAY 1 2 OF BOOLis a one dimensional table made up of two BOOL type elements ARRAY 1 10 1 20 OF INT is a two dimensional table made up of 10x20 INT type elements B Base 10 literals Base 16 Literals Base 2 Literals Base 8 Literals BCD A literal value in base 10 is used to represent a decimal integer value This value can be preceded by the signs and If the character _ is employed in this literal value it is not significant Example 12 0 123_456 986 A literal value in base 16 is used to represent an integer in hexadecimal The base is determined by the number 16 and the sign The signs and are not allowed For greater clarity when reading you can use the sign between bits Example 16 _ or 16 FF in decimal 255 16 _0 or 16 E0 in decimal 224 A literal value in base 2 is used to represent a binary integer The base is determined by the number 2 and the sign The signs and are not allowed For greater c
19. Installing and Cabling Connecting Two Premium Hot Standby PLCs Required cable connections Twisted Pair Copper crossover cable To work properly the Primary and Standby PLCs have to be linked with e The CPU sync link between the two CPUS e The ETY sync link between the two monitored ETY modules If these two links do not work properly the two PLCs will start as standalone PLCs CAUTION RISK OF EQUIPMENT DAMAGE You must route the two cables as far away as possible to one another to prevent double Primary PLC when the two links are broken Failure to follow this instruction can result in injury or equipment damage The CPU sync link is a point to point connection dedicated to application data exchange and Hot Standby system diagnostic A CAUTION RISK OF EQUIPMENT DAMAGE Do not connect other Ethernet devices on this link This may impact the database exchange between the two PLCs and the switch over time Failure to follow this instruction can result in injury or equipment damage The following cables can be used e A Twisted Pair Copper cable e Fiber cable with optical switches for long distance connections All products of the ConneXium family that are compatible with standard TSX ETY 4103 5103 modules in a non Hot Standby configuration are also compatible with the new Hot Standby ETY version min 4 0 used in a Hot Standby configuration For more details on twis
20. PS CPU SCY DIG DIG IN JOUT IN JOUT E SCP E SCP Port 114 Port 114 Q4 After the event In rack Discrete I O state PLCA calculated and applied at the end of the task cycle e PLC B fallback position Remote I O state PLC A all connections with Ethernet devices open I O scanner is active e PLC B all connections with Ethernet devices closed I O scanner is not active Ethernet 1 0 scanner SCADA EN PLCA Q4 PLCB Primary Offline PS CPU SCY DIS 015 PS CPU SCY DIS DIS IN JOUT IN JOUT H B ETH SCP Port 114 Port 114 1 35012068 00 November 2006 179 System Detailed Behavior upon Failures Global status Communication status Customer diagnostic through Ethernet address The process is still active but the HSBY system is no longer redundant as long as the PLC B is STOP mode Both PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostic 55061 1000 0000 0000 0110 the accessed PLC is PLC A primary e the other PLC is PLC B offline SW62 Not significant because one of the two PLC is Offline 180 35012068 00 November 2006 System Detailed Behavior upon Failures Hardware or Firmware CPU Failure CPU Failure on The following table presents CPU failure on Primary Primary Before the event In rack Discrete I O state
21. Setting up Installing and Cabling 64 35012068 00 November 2006 Configuring Introduction Overview What s in this Chapter This chapter describes configuring the Premium Hot Standby PLCs This chapter contains the following sections Section Topic Page 5 1 Configuring a System with the Unity Pro Tabs and Dialogs 67 5 2 Configuring TSX ETY 4103 5103 Modules 86 5 3 Configuring Registers 99 35012068 00 November 2006 65 Configuring 66 35012068 00 November 2006 Configuring 5 1 Configuring a System with the Unity Pro Tabs and Dialogs At a Glance Purpose This section describes configuring the specific features of the Premium Hot Standby CPUs TSX H57 24M or TSX H57 44M For configuring other standard features refer to the Unity Pro Operating Modes manual What s in this This section contains the following topics Section Topic Page Introducing Unity Pro 68 Accessing the Base Configuration 69 Using the Overview Tab 70 Using the Configuration Tab 71 Using the Animation Tab and PLC Screen Dialogs 73 Using the Premium Hot Standby Tab 79 Configuring In rack I O 81 Configuring the PCMCIA Cards 82 Swapping Network Addresses at Switch over 84 35012068 00 November 2006 67 Configuring Introducing Unity Pro Overview Unity Pro is a Software package for programming Telemecanique Modic
22. of functions and procedures are set to 0 ERP Enterprise Resource Planning ERP systems F FBD FBD is the abbreviation of Function Block Diagram 35012068 00 November 2006 219 Glossary FDR FFB FTB FTM FTP Function Function Block Diagram FBD is a graphic programming language that operates as a logic diagram In addition to the simple logic blocks AND OR etc each function or function block of the program is represented using this graphic form For each block the inputs are located to the left and the outputs to the right The outputs of the blocks can be linked to the inputs of other blocks to form complex expressions Faulty Device Replacement Collective term for EF Elementary Function EFB Elementary Function Block and DFB Derived Function block Temperature base factor Field Terminal Module File Transfer Protocol see EF see FBD GRAY Gray or reflected binary code is used to code a numerical value being developed into a chain of binary configurations that can be differentiated by the change in status of one and only one bit This code can be used for example to avoid the following random event in pure binary the change of the value 0111 to 1000 can produce random numbers between 0 and 1000 as the bits do not change value altogether simultaneously Equivalence between decimal BCD and Gray Decimal 0 1 2 3 4 5 6 7 8 9 BCD 0000 0001 0010 0011 0100 0101 0110 0111 1000
23. section task section MAST Mast Other cycle Mast Other ie sections sections Output images Not executed are calculated by y the program MW Output Phase OUT Phase OUT memory ETY Out Driver Q ETY Out image LB memory Driver image CPU E CPU E T T Y Y SWITCH Active I O adde UT Not Active scanner Scanner Ethernet device 35012068 00 November 2006 113 Programming Debugging Operation cycle As described in the two above graphics the role of each PLC is different according to the Hot Standby mode e PLC in Primary mode e Performs all the application sections comprising the first section Acquires the local input for the in rack modules Updates the local output of the in rack modules Sends the database to the Standby PLC Manage the Ethernet I Os of the dedicated ETY I O scanner table Retrieves diagnostic information from the Standby PLC Manages its own diagnostic information and the information of the Hot Standby Premium system Monitor health of Power Supply CPU and In rack modules e PLC i in Standby mode e Only the first section of the application program is executed e Acquires the local input for the in rack modules e Applies the output images received from the Primary to the output of the local in rack modules e Receives from the Primary the Ethe
24. 1001 Gray 0000 0001 0011 0010 0110 0111 0101 0100 1100 1101 220 35012068 00 November 2006 Glossary H HMI Software based operator interface tool HSBY Hot Standby HTTP Hypertext Transfer Protocol IEC 61131 3 International standard Programmable Logic Controls Part 3 Programming languages IL IL is the abbreviation of Instruction List This language is a series of basic instructions This language is very close to the assembly language used to program processors Each instruction is composed of an instruction code and an operand INF Used to indicate that a number overruns the allowed limits For a number of Integers the value ranges shown in gray are as follows INF z E E INF 3 402824e 38 1 1754944e 38 0 0 1 1754944e 38 3 402824e 38 When a calculation result is e less than 3 402824e 38 the symbol INF for infinite is displayed e greater than 3 402824e 38 the symbol INF for infinite is displayed INT INT is the abbreviation of single integer format coded on 16 bits Integer Literals The lower and upper limits are as follows 2 to the power of 15 1 to 2 to the power of 15 1 Example 32768 32767 241111110001001001 16 9FA4 Integer literal are used to enter integer values in the decimal system The values can have a preceding sign Individual underlines _ between numbers are not significant 35012068 00 November 2006 221 Glossary Example 12 0 123_4
25. Because data must be transferred from Primary to Standby any Premium Hot Standby System always has a higher scan time than a comparable standalone system Note A CHANGE FROM LEGACY In legacy systems PL7 Warm Standby Premium the CPU performed both e application program project processing e communication transfer In a Premium Hot standby in parallel e CPU performs application program processing e Copro performs communication transfer Result Greatly reduced transfer time with Unity Performance A Premium Hot Standby increases the length of a MAST task scan time creating Considerations system overhead Note System Overhead System overhead is the time required to copy the application data to the communication link layer The network scan communication between Primary and Standby copros 1 exchanges data between both controllers 2 runs in parallel with the application program 40 35012068 00 November 2006 Behavior and Performances A Hot Standby system Ta Most of the time the network scan time is included in the MAST scan time 35012068 00 November 2006 41 Behavior and Performances Examples However when processing some application programs additional system overhead may occur Example 1 e Standalone application scan time 80 ms e Data state RAM unlocated variables 100 Kilobytes Example 2 e Standalone application scan ti
26. Database 108 35012068 00 November 2006 Programming Debugging Presentation Overview What s in this Chapter This chapter describes the Programming and the Debugging of a Premium Hot Standby system This chapter contains the following sections Section Topic Page 6 1 Development of an Application 111 6 2 Debug Program 124 35012068 00 November 2006 109 Programming Debugging 110 35012068 00 November 2006 Programming Debugging 6 1 Development of an Application At a Glance Purpose This section describes the rules for developing an application in a Premium Hot Standby system What s in this This section contains the following topics Section Programming Method 112 How to Program a Premium Hot Standby Application 116 Structure of Database 118 Transferring the program in the Primary and the Standby 123 35012068 00 November 2006 111 Programming Debugging Programming Method General points For programming a Premium Hot Standby PLC it is important to show how the main processor performs reading of inputs application program processing updating of outputs and Copro access Operation cycle The following graphic displays the operation cycle with In rack 1 0
27. Empty Terminal Support e 2 e EFB DFB Function Blocks size e EDT Elementary Data Types bool integers date real e DDT Derived Data Types structures e 3 No limit means that the amount of Function Blocks is only dependant on the memory segment per instance of EFB DFB Note EDT and DDT are in the same memory segment There is one memory Application The following table presents the Application Structure of the CPUs Structure Services TSX H57 24M TSX H57 44M Mast task 1 cyclic periodic Fast task 1 periodic Auxiliary tasks 0 Event interrupt tasks IO Event Timer 64 Event IO Events Local IO 0 to 63 e Prior 0 evt0 e Prior 1 evt1 to evt63 Timer interrupt event 0 Number of channels Local I Discrete O 128 O per event Analogl O 16 Other 16 170 35012068 00 November 2006 Additional Information Application The following table presents the Application Language and Embedded Language and communication ports of the CPUs Embedded Services TSX H57 24M TSX H57 44M communication ports Application Languages Function Block FBD Yes Ladder Logic Yes Structured Text Yes Instruction List Yes SFC Yes DFB Yes EF EFB Yes PL7 SFB Not recommended Embedded communication ports Legacy Terminal port Physical One RS 485 layer Speed 19200 baud Protocol Uni Telway M S ASCII USB
28. Information with Step Action Unity Pro 1 Select Tools Viewer from the main menu 35012068 00 November 2006 143 Maintaining Finding More Refer to the following sections Information in T f fail Refer to section this Manual orature Primary CPU and ETY sync link failures See Detecting Primary CPU and ETY sync link failures p 145 Standby CPU and ETY sync link failures See Detecting Standby CPU and ETY sync link failures p 146 CPU sync link failures See Detecting CPU sync Link Failures p 147 Application program checksum failures See Checking for Identical Application Programs Checksum p 148 For more details on failure detection please refer System Detailed Behavior upon Failures p 175 Type of failure Refer to section Halt or Stop Events on PLC See Hardware or Firmware CPU Failure See Hardware or Firmware CPU Failure p 181 Power Failure on the Main Rack See Power Failure on the Main Rack p 184 Power Failure on an Extendable Rack See Power Failure on an Extendable Rack p 187 Hardware or Firmware ETY failure See Hardware or Firmware ETY failure p 190 Hardware or Firmware Failure on ETY See Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA Dedicated to HMI and SCADA p 193 Failure on the Ethernet Copro See Failure on the Ethernet Copro p 196 CPU sync link failure b
29. MONITORED ETY OS VERSION MISMATCH bit 15 HOT STANDBY ENTIRE SYSTEM STATE bits 3 2 PEER PLC HOT STANDBY STATUS primary standby offline undefined Undefined OFFLINE NO UNITA MES NO NO YES Replac OLD ETY YES ON 78 35012068 00 November 2006 Configuring Using the Premium Hot Standby Tab Viewing the Hot standby Note All the ETY modules should be configured Configure Hot Standby values in the Hot Standby tab of the Unity Pro editor 0 0 5 57 24 551 57 2 Hot Standby 768Kb Program with PCMCIA USB Unitelway Overview Configuration Animation Hot Standby objects r Topological address of the monitored Ethernet module Rack Slot Select an ETY topological address The monitored AAGA KAA ICT SEG LEES is able to be th 0 3 Ethernet modules must be monitored tor tailures and switch over by the user application Command Register Y SW60 Standby On Logic Mismatch Offline Online Non Transfer area Start YMW 0 Length 100 35012068 00 November 2006 79 Configuring Hot Standby Tab Description of the Hot Standby tab Description Item Option Description Topological address Rack Slot This combo is filled by the existing of the monitored addresses of ETY cards Ethernet module C
30. PCMIA slot for data storage card Slot B Dedicated port for CPU sync link connection oe 001 50mN 18 35012068 00 November 2006 Overview Note Unity Premium Standby CPUs are equipped with two receptacles A and B in which to install PCMCIA cards PCMCIA is a standard type of memory card Norms and The TSX H57 24M and TSX H57 44M are compliant with the following company classifications standards e Non Maritime e CE ICE UL CSA Hazardous location by CSA aritime BV DNV Lloyd s GL RINA ABS e e 35012068 00 November 2006 19 Overview Premium Hot Standby System Overview System Components MONITOR PRO The following graphic shows a typical architecture example for a Premium Hot Standby System Primary Premium Hot Standby 4 56789 E 1 3 pi Extension modules E 10 Ala Ala INE 3A ASa ASV ASV Ala ASV AAV N Modbus E TCP device Ethernet Scanner Ring XBT G Extension modules ndby The following table describes the items of typical architecture example for a Premium Hot standby Items Description 1 Main rack 2 Power supply 3 PLC processor TSX H57 22M or TSX H57 44M 4 Ethernet modules TSX ETY 4103 5103 with Monitored ETY
31. Result e The PLC A goes to the Non Configuration state e Atthe end of the download PLC A goes in Stop Offline mode RUN command on the PLC A Result The PLC A goes to the Run Standby mode The system is active and redundant A WARNING RISK OF UNINTENDED EQUIPMENT DAMAGE The Offline method has more impact on the process than the Online method e The Hot Standby system is no more redundant during few seconds e When the PLC B restarts in Run Primary mode this is done on a data context that has been re initialized Failure to follow this instruction can result in death serious injury or equipment damage 35012068 00 November 2006 159 Handling application Modification Online Offline application of Modifications For these two kinds of application modifications Unity Pro can be connected to Ethernet or a local terminal port of one of the two PLCs routing capabilities The following illustration displays the connection ETY CPU Unity Pro ETY sync link ETY CPU CPU sync link Unity Pro 160 35012068 00 November 2006 Handling CPU OS Upgrade 10 Introduction Overview In this chapter you will find information regarding the OS upgrade method for a Premium Hot Standby System Upgrading allows you to update the OS for the standby con
32. The following figure displays the behavior when a power supply failure or a main processor crash occur on the Primary PLC PLCA Cycle n 1 Cycle n Power failure Primary m Input drivers write data access Application program program Output drivers Output gt lt a E Write data Full program Offline Fallback mode to 0 module l T Data exchange on redundant link PLC B Standby Copro access Application program Output drivers Input drivers Wait and Switch over Wait Output Full program er Cycle n 1 E Wait Laid Wait and Switch over m m mmm L module Physical output module Note During the switch over the physical output is maintained at the last value received from the Primary PLC When the PLC B starts in Primary mode the l object are refreshed from the physical input parallel cabling The application program calculates the new output values and applies these values on the output 138 35012068 00 November 2006 Operating A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION When an output is set to 1 in the cycle preceding the Event example Power Failure there is a risk of having a pulse to 0 on the Probe To avoid
33. active Event Power failure on the Standby main rack This is not a critical event because there is no switch over After the event In rack Discrete I O state PLC A calculated and applied at the end of the task cycle e PLC B I O powered off PLCA Primary e PLCB Remote I O state PLC A all connections with Ethernet devices open I O scanner is active e PLC B ETY powered off System Detailed Behavior upon Failures Global status Communication status Customer diagnostic through Ethernet address The process is still active but the HSBY System is no longer redundant as long as the PLC B is powered off e Normal access to PLC A through terminal port Modbus link and Ethernet link for diagnostics No access to PLC B CPU System is no longer running SW61 1000 0000 0000 0010 e The accessed PLC is PLC A primary e The other PLC is PLC B not responding SW62 Not significant because one of the two PLC is Not Responding 186 35012068 00 November 2006 System Detailed Behavior upon Failures Power Failure on an Extendable Rack Power Failure on Primary Extendable Rack PLC The following table presents power failure on an extendable rack of the Primary Before the event In rack Discrete I O state PLC A calculated and applied at end of ta
34. and Words Note Forced Bits at Transfer At each scan all forced bits are transferred from the Primary to the Standby 38 35012068 00 November 2006 Behavior and Performances Understanding the Premium Hot Standby Data Base Transfer Process Hot Standby The following illustrates the transfer of data from the Primary to the Standby Transfer Diagram Scann Primary PLC 4 IEC Logic Solve Comm Diag IEC Logic Solve Comm Diag IEC Logic Solve Diag CPU 1 gt User Data State RAM Located Unlocated Data max 128 max 300 kilobytes 428K 428K 428K bytes bytes bytes Copro gt User Data State RAM Located Unlocated Data max 128 max 300 kilobytes Standby PLC Y Y Y 428K 428K 428K bytes bytes bytes Copro User Data State RAM Located Unlocated Data 1st 1 st Diag section Comm Diag Wait section Comm Diag Wait CPU gt gt Scan n 1 Item CPU model Max Data size 1 TSX H57 24M 192 Kilobytes TSX H57 44M 440 Kilobytes 35012068 00 November 2006 39 Behavior and Performances Understanding System Scan Time in Premium Hot Standby Effect on System scan time of any Premium Hot Standby System depends on the amount of data Scan Time transferred
35. and variables Section of DFB add delete change execution order Modify the code of a section Create a new DFB type Delete an unused DFB type Used DDT Create a new DDT type Delete an unused DDT type 35012068 00 November 2006 157 Handling application Modification This kind of modification leads to a partial application download and the PLC doesn t change its execution mode RUN STOP Executing the To make online modifications to an application program logic program or project in Procedure the Primary controller follow these steps Online Step Action 1 Ensure both Primary A and Standby B controllers are in Run Primary and Run Standby mode 2 Modify online the application on the Primary PLC Results e The Standby PLC B goes to Offline mode Logic Mismatch e The Primary PLC A is active on the process The system is no longer operating in redundant mode After tests save the application in the PC 4 Download the saved application to the Standby PLC B Result e During the transfer the PLC B is in Non Configuration state e Atthe end of transfer the PLC goes to the Stop Offline mode 5 Initiate RUN command on the Standby PLC B Result The PLC B goes to Standby mode Note If the Primary PLC A failed during the Online modification the user has to connect Unity Pro to the PLC B and perform a STOP RUN command The PLC B will go in Run Primary mo
36. applications executable program or hardware logical configuration in the Primary and Standby PLOs In this case the Standby PLC is Offline and so the switch over cannot occur Logic mismatch is not supported by a Premium Hot Standby system The following procedure describes how the user can modify the application in the two PLCs of a Premium Hot Standby system with a minimum impact on the process The following table describes the modifications allowed in on line mode Modifications Description General Name of station program section Comment of station configuration program section Documentation summary Animation table Integrated operator screen Functional view Security informations passwords protection attributes Program Sections of program add delete change execution order Modify the code of the section task section SR transition Action DFB sections Modify the code of SFC chart Configuration communication Change I O module parameters Global variables used in animation table or operator screen Symbol on a used variable Topologic address on a used variable Initial value on a used variable Comment on a used variable Create remove or modify unused variables EDT DDT Create remove or modify unused variables FB Used DFB All comments Add a private or public variable Delete or change unused private variable Initial value of parameters
37. e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Ethernet I O scanner SCADA PLCA Primary Switch PLCB Standby Remote I O state e PLC A all connections with Ethernet devices are open il id d ird I O scanner is active e PLC B all connections with Ethernet devices are closed SCP Port 114 Port 114 scanner is not active 1 Event Hardware or firmware failure on the processor This is a critical event because an automatic switch over SUR occurs Primary PS CPU DIG DIG IN Jou Port In rack Discrete I O state e PLC A fallback position Ethernet 1 0 scanner SCADA Primary e PLC calculated and applied at the end of the task cycle ny PS CPU 5 1 DiG DIG DIG mi TFHI OU IN fou m i Port Global status Communication status Customer diagnostic through Ethernet address PLCB Standby DIG DIG IN JOU PLCB Switch i 114 Port i i 114 After the event Remote I O state e PLC A all connections with Ethernet devices are closed I O scanner is not active e PLC B all connections with Ethernet devices are open I O scanner is active i Port i 114 114 1 NR Not responding 35012068 00 November 2006 181 System Detailed Behavior upon Failures The process is still active No
38. exchange from Primary to Standby PLCA a 941 PLCB e n Standby This is an ritical even here is n mati gt sanota Critical event pecausSe Nere EE RO automatic PS CPU TYJETY SCYpolG pic PS cru ETY ETYTSCYTDIG DIG Switch over jou HMI fou ETH SCP ETH SCP Port 114 Port 114 1 After the event In rack Discrete I O state e PLC A calculated and applied at end of the task cycle Ethemet O scanner SCADA e PLC fallback position PLCA a 94 PLCB Primary Offline Remote O state PS CPU TYTETYECY Di6 pic PS CPU ETY ETY SCY DIG DIG e PLC A all connections with Ethernet devices are open I O ou IN oU scanner is active ETH SCP PLC all connections with Ethernet devices are closed Port 114 Port 114 I O scanner is not active Global status Communication status Customer diagnostic through Ethernet address 196 35012068 00 November 2006 System Detailed Behavior upon Failures Before the event The process is still active Both PLCs are accessible through but the system is no terminal ports Modbus links and longer redundant as long Ethernet links for diagnostics as the Ethernet copro of PLC A is in failed mode SW61 0000 0000 0000 0110 The Hot Standby is not active The accessed PLC is PLC A primary The other PLC is PLC B offline SW62 Not signific
39. in the application program The maximum size of this data storage area is 8 Mb and cannot be used to store Hot Standby Status information It is thus not part of the database exchange between Primary and Standby It is only possible to read data using two memory cards 1 card in each PLC having the same contents 106 35012068 00 November 2006 Configuring Using Initialized Data Loading at Cold Unity Premium Hot Standby supports initialized data start Time Initialized data allows you to specify initial values for the data that are to be loaded at cold start time Declare the variables before a cold start Updating Online addition to declaring values before a cold start you can update the initial values Online Updating the initial values online creates a mismatch situation in a redundant system in this case the Standby goes to Offline mode 35012068 00 November 2006 107 Configuring Synchronization of Real Time Clocks Synchronization Each processor in a Unity Premium Hot Standby configuration has a savable Real of Primary and Time Clock hardware component which manages the current Date and Time This Standby Real Date and Time is part of the database that is sent at each Primary PLC cycle to the Time Clocks Standby PLC Prior to switchover the Primary and Standby RTC components are not synchronized They are synchronized at switchover with the transfer of information from the
40. is updated every scan by transferring data from the Primary Programs to the Standby Only the Standby by controller detects a logic mismatch and reports error on Primary The following conditions cause a mismatch in the application program a difference between e Programs e Animation tables e Comments on variables and types Note Animation Tables and Comments Both animation tables and comments on variables and types may be excluded from the mismatch by not being included in the upload information e Exclude by selecting Tools Project Settings Build tabs default In the Upload Information area select without e Inclusion requires downloading the application program When a mismatch exists the Standby Controller goes to Offline and switch over cannot occur Causing a In a Premium Hot Standby System if the user does any of the following the Standby Mismatch will go into Offline mode e Modify edit online an application program in the Standby while the Primary controls the process e Modify online an application program in the Primary while the Primary controls the process e Download an offline modified application program to the Standby 156 35012068 00 November 2006 Handling application Modification Online Offline Modifications to an Application Program Overview Online Mollifications allowed A Hot Standby configuration is no longer redundant when there are different
41. must be in Standby mode Otherwise the second controller is in the default mode which is offline The Ethernet I O and the redundant In rack I O are always controlled by the Primary controller The Primary and the Standby controllers communicate with each other constantly to monitor the functionality of the system e f the Primary controller fails the state of the controllers is switched The Standby controller becomes the Primary executes the application program and controls the Ethernet I O and the ETY e f the Standby controller fails the Primary controller continues to run without redundancy and acts as a stand alone system On power cycle the controller that has the lowest MAC address will become the Primary The second system automatically becomes the Standby In rack I O are supported in a Premium Hot Standby system Required to use for a Premium Hot Standby System e Unity Pro 3 0 or higher 35012068 00 November 2006 17 Overview Premium Hot Standby CPUs Overview Illustration The following figure shows the Premium Hot Standby CPU TSX H57 24M and its components same description for TSX H57 44M Display block with indicator lamps DOS File Memory extract button not used Cold start reset button Uni Telway Terminal port programming tool connection HMI USB Terminal port programming tool connection PCMCIA slot for application memory card extension Slot A
42. organization unit section in which the network is located e With communication expert modules A network is a group of stations which communicate among one another The term network is also used to define a group of interconnected graphic elements This group forms then a part of a program which may be composed of a group of networks Network Time Protocol 35012068 00 November 2006 223 Glossary The NIM is an Input Output module that has 12 input nodes and 8 output nodes P Procedure Procedures are functions view technically The only difference to elementary functions is that procedures can take up more than one output and they support data type VAR IN OUT To the eye procedures no different than elementary functions Procedures are a supplement to IEC 61131 3 R REAL Real type is a coded type in 32 bits The ranges of possible values are illustrated in gray in the following diagram p E E INF 3 402824 38 1 1754944e 38 0 0 1 1754944e 38 3 402824e 38 When a calculation result is e between 1 175494e 38 and 1 175494e 38 it is considered as a DEN e less than 3 402824e 38 the symbol INF for infinite is displayed e greater than 3 402824e 38 the symbol INF for infinite is displayed e undefined square root of a negative number the symbol NAN or NAN is displayed Note The IEC 559 standard defines two classes of NAN quiet NAN ONAN and signaling N
43. request a manual switch over through the application For better performance and more predictable time at switch over other Ethernet services such as Global Data HTTP server FTP TFTP should not be configured in a Monitored ETY module but in other ETYs In case of failure in the Monitored ETY module the CPU sends a state change command to all configured ETY modules present on the X BUS main and extended rack All ETY modules in the Hot Standby PLC then swap IP addresses 35012068 00 November 2006 89 Configuring ETY Operating Modes and Premium Hot Standby Operating Modes Power Up and IP Address Assignment The ETY modes are Primary Mode The Hot Standby state is primary and all client server services are active Standby Mode The Hot Standby state is standby and all server services are active except I O Scanning and Global Data Standalone Mode Occurs when ETY is in a non redundant system or if the CPU module is not present or is not healthy Offline Mode CPU is stopped CPU module is in Offline mode The Premium Hot Standby and the ETY operating modes are synchronized by the conditions described in the following table CPU Module Status HSBY State ETY Operating Mode Not present or unhealthy N A Unassigned Present and Healthy Primary Primary Present and Healthy Standby Standby Present and Healthy Offline Offline Any one of four events will affect the ETY op
44. terminal port One device connector USB V1 0 12Mbytes 35012068 00 November 2006 171 Additional Information MemoryServices The following table presents the Memory Services and Devices of the CPUs and Devices Services TSX H57 24M TSX H57 44M Application Backup No Data storage with Legacy EF Init Read Yes in memory cards Data storage Write Supported SRAM PCMCIA Max application size according to PLC characteristics TSX MRP P 128K TSX MRP P 224K TSX MRP P 384K TSX MRP C 448K TSX MRP C 768K TSX MRP C 001M TSX MRP C 01M7 TSX MRP C 002M TSX MRP C 003M TSX MRP C 007M Supported FLASH PCMCIA Max application size according to PLC characteristics TSX MFP P 128K TSX MFP P 224K TSX MCP C 224K TSX MFP P 384K TSX MFP P 512K TSX MCP C 512K TSX MFP P 001M TSX MFP P 002M TSX MCP C 002M TSX MFP P 004M TSX MRP F 004M TSX MRP F 008M Supported Data storage 172 35012068 00 November 2006 Additional Information OS Download Application Performances System Overhead Miscellaneous Characteristics The following table presents the OS Download Application Performances PCMCIA and System Overhead of the CPUs Services TSX H57 24M TSX H57 44M OS Download CPU OS download Yes Uni Telway terminal port HSBY OS download Yes through Ethernet port only modules OS download No Application performances PCMCIA
45. will find a brief overview of the Premium Hot Standby System the module the CPUs and the indicators What s in this This chapter contains the following topics Chapter Topic Page Overview of the Premium Hot Standby System 16 Premium Hot Standby CPUs Overview 18 Premium Hot Standby System Overview 20 Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M Components 22 Using Premium Hot Standby CPUs LED indicators 23 35012068 00 November 2006 15 Overview Overview of the Premium Hot Standby System Purpose of a Hot Standby System Primary and Standby Controllers Use a Premium Hot Standby System when downtime cannot be tolerated Hot Standby Systems deliver high availability through redundancy A hot standby PLC System consists of single or multi rack configuration The mandatory redundant components are Premium rack with line terminators Hot Standby processor TSX H57 24M or TSX H57 44M Power Supply Module One TCP IP Ethernet communication module TSX ETY 4103 5103 minimum firmware version 4 0 The optional redundant components are e Extension racks with power supply e Bus X remote rackmaster module TSX REY 200 e Other TCP IP Ethernet communication module TSX ETY 4103 5103 minimum firmware version 4 0 e Modbus communication module TSX SCP 114 in TSX SCY 21601 e Discretes Analog input module e Discretes Analog output module The two Hot Standby PLCs are configured with identical h
46. 0 0010 but the HSBY system is no System no longer running The accessed PLC is PLC B primary longer redundant as long Normal access to PLC B e The other PLC is PLC A not responding as the PLC A is powered accessible through terminal 5W62 Not significant because one ofthe off port Modbus and Ethernet two PLC is Not Responding links for diagnostics Power Failure on following table presents power failure on the main rack of the Standby PLC Standby Main Rack Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle PLCA 8 e PLC PLC A output applied at the end of task cycle Primary PS ETY ETH Port PLCA A Primary PS CPU ETY SCY DIG DIG IN JOUT ETH SCP Port 114 Ethernet 1 0 scapner SCADA h NR 1 NR 1 DIG DIG PS CPU ETY SCY DIG DIG IN IN JOUT SCP ETH SCP 114 Port 114 NR 1 1 NR Not Responding 35012068 00 November 2006 185 Ethernet I O scanner SCADA A 1 PLCB Standby scY pic DIG PS CPU ETY SCY DIG DIG IN JOUT IN JOUT SCP ETH SCP 114 Port 114 Ethernet 1 0 scanper SCADA Q4 Qu PLCB Standby PS CPU ETY SCY DIG DIG IN JOUT ETH SCP Port 114 1 Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not
47. 006 System Detailed Behavior upon Failures In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B fallback position Remote I O state PLC A all connections with Ethernet devices open I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA 4 PLC A 1 Primary PS CPU SCY DIS DIS IN JOUT SCP Port 114 1 NR Not responding PLCB PS CPU SCY DIS DIS IN JOUT ETH SCP Port 114 1 Global status Communication status Customer diagnostic through Ethernet address The process is still active but the HSBY System is no longer redundant as long as the PLC B is in ERROR mode Normal access to PLC A through terminal port Noaccess to PLC B CPU no longer running 551161 1000 0000 0000 0010 The accessed PLC is PLC A primary e The other PLC is PLC B not responding SWE62 Not significant because one of the two PLC is Not Responding 35012068 00 November 2006 183 System Detailed Behavior upon Failures Power Failure on the Main Rack Power Failure on Primary Main Rack The following table presents power failure on the main rack of the Primary PLC Before the event In rack Discrete I O state PLC B PLC A output applied at the end of task cycle Remote
48. 100 boolean 19 80 Kins ms 65 boolean 35 num 14 20 Kins ms System overhead Mast task ims Fast task 0 07ms The following table presents the Miscellaneous Characteristics of the CPUs Services TSX H57 24M TSX H57 44M Processor format Double width Microprocessor Pentium 166 Mhz Processor Electrical mA typ 1780 mA consumption on 12V with mA max 2492 mA memory card 5V not used 1 W typ 9 1 W W max 12 7W Default rack TSX RKY 6EX Default Power supply TSX PSY 2600 PCMCIA slots Slot A Typel 5V Slot B Type III 5V Real Time Clock Yes RTC synchronization with dual CPU No 1 max typical consumption x 1 4 35012068 00 November 2006 173 Additional Information TextlDs TextlDs Textlds define the warning messages written in the diagnostic buffer TextlDs switching from Primary to Offline TextID Warning message 13001 System halt 13002 Remote IO failure 13003 ETH device failure 13004 ETH communication problem 13005 Stop PLC command 13007 Offline Command register request TextIDs switching from Standby to Offline TextID Warning message 13008 System halt 13009 Remote IO failure 13010 ETH device failure 13011 ETH communication problem 13012 Stop PLC command 13014 Offline Command register request TextIDs switchin
49. 2 PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics SW61 1000 0000 0000 1110 The accessed PLC is PLC A primary e The other PLC is PLC B standby SW62 0000 0000 0001 1000 Other PLC 2 discrete modules in fault 35012068 00 November 2006 209 System Detailed Behavior upon Failures Hardware Failure of the SCP card in SCY SCP card failure in Primary SCY Primary SCY The following table presents hardware failure or removal of the SCP card in the Before the event In rack Discrete I O state PLC A calculated and applied end of task cycle Ethernet I O scanner SCADA occurs PLC B PLC A output applied end of task cycle PLCA PLCB Primary Standby Remote state PS CPU S CY DIG DIG PLC A all connections with Ethernet devices are open IN fou IN 00 I O scanner is active ETH 5 PLC B all connections with Ethernet devices are closed Port Port n I O scanner is not active On Event Hardware failure or the module is removed from the SCY module of the Modbus SCP card Ethemet lO scanner ES CARA This is not a critical event because no automatic switch over PLCA ead Primary y ETY SCP 114 1 ScYppic DIG PS IN JOU i m 114 Port After the event In rack Discrete I O state PLC A calculated and appl
50. 2002 information lt September 2003 Sun Mon Tue Wed Thu Fri Date Sat 25 09 2203 31123 4 5 PC Date and Time 7 8 9101 D 14 15 16 17 18 19 Thursday 25 September 2003 21 22 23 24 26 2 38 05 PM 28 29 30 1 2 3 Update 5 6 7 8 9 10 PC gt PLC CD Today 9 25 2003 13 Time lt 20 2 36 42 AM 27 Update User PLC Data 74 35012068 00 November 2006 Configuring Realtime Clock Description of the Realtime clock tab Tab Description gt EN BD Descriptio Item Option Description PLC Date and Time Read only Indicates the current PLC date and time PC Date and Time Update PC gt PLC Updates the PLC with the PC system time User Date and Time Update User PLC Updates the PLC with the time set by the user Viewing the Unity Pro Information tab dialog Information Tab PLC Screen P El Task 5 Realtime clock 7 o Information l SYSTEM INFORMATION PLC IDENTIFICATION MEMORY APPLICATION IDENTIFICATION OPTION MISCELLANEOUS HOTSTANDBY 35012068 00 November 2006 75 Configuring Information Tab Description of the Information tab Description Item Option Value Description System PLC Identification PLC Range Only On
51. 21601 It is preferable for the network polarization to be implemented by the Master Modbus equipment The following illustration displays a Modbus Slave link on RS485 two wires TSX SCP 114 us TSX SCA50 J1 d SCA oe L TSX SCP CM 4030 62 35012068 00 November 2006 Setting up Installing and Cabli ng Modbus Master link on RS485 two wires The Modbus Master function is used from the integrated channel of the module TSX SCY 21601 TSX SCY 11601 The link is type RS485 2 wires When the modules are redundant one in each PLC the polarization of the network must be carried out starting from the two channels Because of this changing a module will be possible without disturbing communication The cord to use is the TSX SCY CM 6030 The line can be adapted by positioning the corresponding connector on ON in the TSX SCA 50 boxes at the end of the RS 485 line The following illustration displays the Modbus Master link on RS485 Premium Hot Standby ETY sync link TSX SCY CM 6030 TSX SCY CM 6030 PLCB Third party devices ii immi E E MEN MM RR NCC CUR Fr E The following illustration displays the TSX SCY CM 6030 cord connection J1 4700 211 Green White 5V White Green ERN D A Orange White EMI D B White Orangel B 42 pm Connector on module TSX SCA 050 TSX SCY 21601 35012068 00 November 2006 63
52. 35012068 00 Premium Hot Standby with Unity User Manual November 2006 eng Clipsal Schneider Electric Building a New Electric World 35012068 00 November 2006 Table of Contents Part Chapter 1 Chapter 2 Chapter 3 3 1 3 2 Safety Information 7 About the Book sii es ie ee ee RII eee 9 Introduction 4 usce dub ited xar xe RUP RE eed 13 At a Glance ili sd t e rh RR RU du REY 13 ios AES 15 15 Overview of the Premium Hot Standby System 16 Premium Hot Standby CPUs Overview 18 Premium Hot Standby System Overview 20 Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M Components 22 Using Premium Hot Standby CPUs LED indicators 23 Compatibility Differences and Restrictions 25 iei rd een ES oye toic ide eidem nan Seine 25 Compatibility with Installed PL7 System 26 Understanding System Words and System Bits 27 Understanding Multitasking Restrictions 28 In rack I O and Ethernet I O Restrictions 29 Allowed Module in Premium Hot 30 Understanding USB and Uni Telway Link 33 Understa
53. 56 986 IODDT IODDT is the abbreviation of Input Output Derived Data Type The term IODDT designates a structured data type representing a module or a channel of a PLC module Each application expert module possesses its own IODDTs K Keyword A keyword is a unique combination of characters used as a syntactical programming language element See annex B definition of the IEC standard 61131 3 All the key words used in Unity Pro and of this standard are listed in annex C of the IEC standard 61131 3 These keywords cannot be used as identifiers in your program names of variables sections DFB types etc L LD LD is the abbreviation of Ladder Diagram LD is a programming language representing the instructions to be carried out in the form of graphic diagrams very close to a schematic electrical diagram contacts coils etc Located A located variable is a variable for which it is possible to know its position in the PLC variables memory For example the variable Water pressure is associated withsMw102 Water pressure is said to be localized M MES Manufacturing Execution System Multiple Token Operating mode of an SFC In multitoken mode the SFC may possess several active steps at the same time 222 35012068 00 November 2006 Glossary Naming conventions Identifier NAN Network NTP An identifier is a sequence of letters numbers and underlines beginning with a letter or underline e g name of a
54. 8 00 November 2006 Compatibility Differences and Restrictions 2 Introduction Overview In this chapter you will find an overview of compatibilities for a system that has already been installed differences from a PL7 Warm Standby Premium system and restrictions for the Premium Hot Standby Unity system What s in this This chapter contains the following topics Chapter Topic Page Compatibility with Installed PL7 System 26 Understanding System Words and System Bits 27 Understanding Multitasking Restrictions 28 In rack I O and Ethernet I O Restrictions 29 Allowed Module in Premium Hot Standby 30 Understanding USB and Uni Telway Link Restrictions 33 Understanding Application Restrictions 34 35012068 00 November 2006 25 Compatibility Differences Restrictions Compatibility with Installed PL7 System Unity Premium The Unity Premium HSBY functionality is partially compatible with the PL7 one Legacy Systems because e Compatible FIPIO devices can only be connected to a HSBY Premium system through an Ethernet to Fipio gateway Such a gateway can be programmed using a standalone Premium PLC with a Fipio integrated port and an Ethernet port e Not compatible use of specific DFB for the data exchange Ha db basic Ha db cycle opt Ha db size opt e Not compatible use of specific EF for Grafcet SFC in Unity context exchange PL7 Warm A PL7 Warm Standby applicatio
55. ADA Failure on Primary ETY HMI amp SCADA The following table presents failure hardware or firmware on the Primary ETY dedicated to HMI and SCADA ETY is not the HSBY Monitored ETY Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active scanner is not active e PLC B all connections with Ethernet devices are closed Ethernet I O scanner SCADA Switch PS CPU ETY Em fl DIG DIG CPU DIG DIG HMI IN HMI IN JOU Port 114 Port 114 i 1 Event Hardware or firmware failure on the ETY module that manages SCADA HMI This is a not a critical event because there is no automatic switchover Ethernet 1 0 scanner SCADA PLCA Primary 1 Standby PS CPU ETY Em DIG DIG PS CPU DIG DIG HMI IN HMI IN JOU z Port 114 Port 114 d 1 Switch PLCB After the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open scanner is active I O scanner is not active PLC B all connections with Ethernet dev
56. B4 01 6E E1 The 1 is higher than the MAC2 Second example e MAC1 00 80 F4 01 6E E1 e MAC 00 80 D4 01 6F E1 The 1 is higher than the MAC2 35012068 00 November 2006 131 Operating Stopping the Premium Hot Standby Principle Stopping a Premium Hot Standby System is identical to stopping a simple PLC but respecting the following stop order e Stop the Standby PLC e Stop the Primary PLC If the Standby PLC is not stopped first a switch over would occur when the Primary PLC is stopped 132 35012068 00 November 2006 Operating 7 2 Switchover At a Glance Purpose This section describes the Switchover of the Premium Hot Standby What s in this This section contains the following topics Section Topic Page Operating modes overview 134 Conditions for Switch over 136 35012068 00 November 2006 133 Operating Operating modes overview General points The following state diagram shows a dynamic view of the main Hot Standby states Run and Stop Run and no remote Offline remote Primary PLC Primary PLC Switch over Failure or Incompatible STOP remote Run STOP COMMAND application Standby COMMAND 134 35012068 00 November 2006 Operating At Cold start with the Automatic Start in Run option configured the PLC restarts depending on the remote PLC state local failure state application mismatch state If T
57. Behavior upon Failures The process is still active but the Both PLCs are accessible sSw61 1000 0000 0000 0110 System is no longer redundant through terminal ports The accessed PLC is PLC A primary as long as the CPU sync link Modbus links and Ethernet e The other PLC is PLC B offline between the two PLCs is links for diagnostics 5W62 Not significant because one of the disconnected two PLC is Offline 200 35012068 00 November 2006 System Detailed Behavior upon Failures Monitored ETY and I O Scanner Disconnection Monitored ETY Disconnection on Primary The following table presents Monitored ETY Disconnection on the Primary PLC side the Monitored ETY is managing an I O Scanner Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e all connections with Ethernet devices are closed l O scanner is not active Ethernet 1 0 scanner SCADA PLCA Switch Primary PS ii DIG DIG PS CPU IN Port 114 PLCB Standby SCY DIG DIG IN SCP 114 1 Event Ethernet I O link disconnection on the Primary side There is no more diagnostic dialog between the 2 ETY modules This is a critical event becaus
58. CP 114 Modbus address module Modbus addresses are Primary is PLC A Standby is PLC B at switch over e Primary TSX SCP 114 module A e Standby TSX SCP 114 module B n 1 Ifthe Standby PLC becomes Primary the TSX SCP 114 module Modbus addresses become e TSX SCP 114 module B new Primary n e TSX SCP 114 module A old Primary n 1 Note There is no swap for Channel 0 of TSX SCY21601 and TSX SCP1160 CAUTION RISK OF EQUIPMENT DAMAGE At switchover time it may be possible to lose a message question or answer To prevent this kind of communication fault you must check by application that a station addressed on the modbus link has correctly received a message before sending a new one Failure to follow this instruction can result in injury or equipment damage CAUTION RISK OF EQUIPMENT DAMAGE The possible value for Modbus slave number lie between 1 and 98 If the Primary slave address is configured as 98 the Standby slave address must be configured as 1 address 99 doesn t exist Failure to follow this instruction can result in injury or equipment damage 35012068 00 November 2006 85 Configuring 5 2 Configuring TSX ETY 4103 5103 Modules At a Glance Purpose This material describes configuring TSX ETY 4103 5103 Premium Ethernet modules using Unity Pro For a complete description of the two ETY modules hardware installation fu
59. CPU PCMCIA slot The following table presents the shared modules supported by the Premium Hot standby Designation Reference Function Quantity Advantys STB modules Advantys STB NIM STB NIP 2212 Ethernet TCP IP communicator for ixn Advantys STB Input output modules STB STB input output modules discrete 1 analog Counting module STB EHC 3020 40Khz counter module 1 Advantys FTB FTM modules Input output modules FTB FTM FTB FTM input output modules 1 Momentum modules Ethernet communicator 170 ENT 110 0x Ethernet communicator for Momentum I O 1xn Input output modules 170 A Momentum Input output modules 1 Advantys and Twido modules Ethernet communicator OTB 1E0 DM9LP Ethernet communicator with embedded 1xn Twido I O TWD Twido I O modules 1xn Altivar Variable Speed drives Altivar xx Altivar with Ethernet interface 1 TesysU motor starters over Modbus are compatible with Premium Hot Standby system They have to be used with Telemecanique Ethernet Modbus Gateway one of the following e TSX ETG 100 gateway e TSX ETG 1000 gateway e 174 CEV 30020 gateway ConneXium Ethernet 35012068 00 November 2006 31 Compatibility Differences Restrictions Designation Reference Function Quantity configuration All products of the ConneXium family that are compatible with standard TSX ETY 4103 5103 Ethernet mod
60. IN OUT Switch Qu SCY DIG PS IN JOU 114 Port SCP 114 1 i Port After the event In rack Discrete I O state PLC A calculated and applied at the end of the task cycle e PLC B fallback position Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed l O scanner is not active Ethernet 1 0 scanner SCADA PLC B Offline DIG DIG IN OUT Switch i SCP Port 114 S CY DIG DIG IN OU i 114 1 NR Not Responding 35012068 00 November 2006 191 System Detailed Behavior upon Failures Global status Communication status Customer diagnostic through Ethernet address The process is still active but the system is no longer redundant as long as the PLC B is in failed mode Normal access to PLC A through terminal port or Modbus or ethernet link for diagnostics e Normal access to PLC B through terminal port or Modbus No access to PLC B through Ethernet link SW61 1000 0000 0000 0110 The accessed PLC is PLC A primary e The other PLC is PLC B offline SW62 Not significant because one of the two PLC is Offline 192 35012068 00 November 2006 System Detailed Behavior upon Failures Hardware or Firmware Failure on ETY Dedicated to HMI and SC
61. Open Module The editor appears The Configuration tab is default 4 Choose one of these tabs Overview e Configuration e Animation e Hot Standby l O Objects 35012068 00 November 2006 69 Configuring Using the Overview Tab Viewing The read only Overview tab of the editor displays detailed information about the module s specificati ons 0 0 5 57 24 57 2 Hot Standby 768Kb Program with PCMCIA USB Unitelway E x m Overview Configuration Animation M Hot Standby M O objects HOTSTANDBY TBC modula r PLC with embedded Ethernet SPEFICICATIONS Discrete I O Analog I O Application specific channels Network connections Bus connections AS i Third party Process control VISUAL INDICATORS 1024 80 10 Ll LED Continually lit Flashing Off RUN PLC running in Primary 2 5s ON 500ms OFF PLC not configured gt 70 35012068 00 November 2006 Configuring Using the Configuration Tab Viewing the Change values using the Configuration tab of the editor Configuration tab 0 0 TSX H57 24M ifr xi 57 2 Hot Standby 768Kb Program with PCMCIA USB Unitelway Overview configuration Animation Hot Standby objects r Operation mode Size of global addr
62. PLC B all connections with Ethernet devices closed I O scanner is not active Ethernet I O scanner SCADA SCY DIG DIG PS CPU IN JOUT B Port PLC A Primary lli Port PLCB Standby DIG DIG IN JOUT SCP 114 1 114 Event 35012068 00 November 2006 203 System Detailed Behavior upon Failures over I O scanner disconnection on the I O link The remote I O are no longer visible from both PLCs but the diagnostic dialog between the 2 PLCs is still active This is not a critical event because there is no switch Ethernet I O scanner SCADA En SCY DIG DIG PS CPU IN JOUT B 114 Port PLCA PLCB Standby SCY DIG DIG IN JOUT SCP 114 Primary After the event cycle Remote I O state In rack Discrete I O state calculated and applied at the end of the task PLC B Fall back position PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA PLCA Switch 1 Primary PS CPU scY pic DIG PS CPU IN JOUT fe Port Port PLCB Offline DIG DIG IN JOUT SCP 114 1 Global status Communication status 114 Customer diagnostic through Ethernet address The process is still active on in rack I O b
63. Standby B It s only possible to read data using two memory cards one card in PLC A and one card in PLC B with the same contents The programming of a Hot Standby PLC has to take into account the fact that each sensor and probe is connected in parallel on two input or output modules Both PLCs read the input values in the Phase IN of the Mast cycle at the same time The output values are applied by both PLCs but in a different way e The Primary PLC executes the full application Q objects are modified depending on the program execution The discrete analog output driver applies output values at the end of the Primary Mast cycle The Primary PLC sends the database to the Standby PLC in the Copro access Phase of the Mast cycle e The Standby PLC only executes the first section of the application program mainly for diagnostic purpose The Q objects received from the Primary PLC are applied at the end of the Standby Mast cycle A CAUTION RISK OF EQUIPMENT DAMAGE The output bits that are connected in parallel between the 2 PLCs must not be written in the section 0 of the Standby PLC This leads to affect the output bit values that are sent by the Primary Failure to follow this instruction can result in injury or equipment damage The output modules are connected in parallel to the physical output via a specific connection block The result of an impulse command is based on the time of the impulse and the delay to apply th
64. aN SNaN ONAN is a NAN with the most significant fraction bit set and a SNAN is a NAN with the most significant fraction bit clear Bit number 22 ONANs are allowed to propagate through most arithmetic operations without signaling an exception SNAN generally signal an invalid operation exception whenever they appear as operands in arithmetic operations See SW17 and 96818 224 35012068 00 November 2006 Glossary Real Literals Real Literals with Note when an operand is a DEN Demoralizing number the result is not significant A literal real value is a number expressed in one or more decimals Example 12 0 0 0 0 456 3 14159 26 A literal decimal value can be expressed using standard scientific notation The Exponent representation is as follows mantissa exponential Example 1 34E 120r 1 34e 12 1 0E 6 or1 0e 6 1 234E60r1 234e6 S SCADA Software based operator interface tool SFC SFC is the abbreviation of Sequential Function Chart SFC enables the operation of a sequential automation device to be represented graphically and in a structured manner This graphic description of the sequential behavior of an automation device and the various situations which result from it is performed using simple graphic symbols Single Token Operating mode of an SFC chart for which only a single step can be active at any one time SMTP Simple Mail Transfer Protocol SNMP Simple Network M
65. access to PLC A CPU no swei 1000 0000 0010 0010 but the HSBY system is no longer running e The accessed PLC is PLC B primary longer redundant as long Normal access to PLC B e The other PLC is PLC A not responding as the PLC Ais in ERROR accessible through terminal SW62 Not significant because one of the mode port Modbus and Ethernet two PLC is Not Responding links for diagnostics CPU Failure on The following table presents CPU failure on Standby PLC Standby Before the event In rack Discrete I O state PLC A calculated and applied at the end of the task Ethernet O scanner SCADA cycle n PLCA i Switch PLCB e PLC B PLC A output applied at the end of task cycle primary SCP Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active PLC all connections with Ethernet devices are closed I O scanner is not active Event Standby PS CPU 015 Dis PS CPU SCY IN Port Port Hardware or firmware failure on the processor DIS bis IN SCP 114 This is not a critical event because there is no switchover Ethernet I O scanner SCADA 1 4 Switch PLCB Standby PS CPU SCY DIG DIG IN OUT Port 114 i 1 PLCA Primary PS SCY DIG DIG IN JOUT 4 Port 114 After the event 182 35012068 00 November 2
66. ack I O and Ethernet I O Restrictions General Note the two following restrictions e Only In rack discrete I O and Analog I O can be used with a Premium Hot Standby System These I O are a part of the redundant system e Ethernet I O are not considered part of the redundant system They are shared between the two PLCs e Only the Primary PLC manages the redundant In rack I O and the Ethernet I O 35012068 00 November 2006 29 Compatibility Differences Restrictions Allowed Module in Premium Hot Standby General The following table presents the redundant modules supported by the Premium Hot Standby Designation Reference Function Quantity Remote Bus X remote module TSX REY 200 Connection of racks at a long distance 2xn Communication Ethernet TCP IP communication TSX ETY 4103 5103 Ethernet TCP IP module with transparency 2xn module for redundant Version min 4 0 of addressing for third party devices applications SCADA HMI Modbus communication module TSX SCY 21601 Communication Modbus master and 2xn Version min 2 1 support of PCMCIA TSX SCP 114 Modbus communication module TSX SCY 11601 Communication Modbus Master 2xn Multi protocol card TSX SCP 114 RS Modbus slave communication with 2xn 485 Version min 1 7 transparency of addressing for third party Master devices 1 Discrete inputs outputs modules Discrete inputs modules TSX DEY K Discrete input modu
67. ain Processor OS version mismatch between Primary and Standby e SW61 7 0 means no OS version firmware mismatch e SW61 7 1 means OS version mismatch If OS version mismatch is not allowed in the command register bit 4 0 the system will not work as redundant as soon as the fault is signaled 104 35012068 00 November 2006 Configuring System Word SW61 8 System Word SWE61 9 System Word SW61 10 System Word SW61 15 This bit indicates if there is a COPRO OS version mismatch between Primary and Standby e SW61 8 0 means no COPRO OS version mismatch e SW61 8 1 means COPRO OS version mismatch If OS version mismatch is not allowed in the command register bit 4 2 0 the system will not work as redundant as soon as the fault is signaled This bit indicates if at least one ETY module does not have the minimum version e SW61 9 0 means all the ETY modules have the minimum version e SW61 9 1 means atleast one ETY module doesn t have the minimum version In this case no Primary PLC could start This bit indicates if there is a monitored ETY OS version mismatch between Primary and Standby e SW61 10 0 means no monitored ETY OS version mismatch e SW61 10 1 means monitored ETY OS version mismatch If OS version mismatch is not allowed in the command register bit 4 0 the system will not work as redundant as soon as the fault is signaled If SW 61 15 is set 1 the set
68. anagement Protocol ST ST is the abbreviation of Structured Text language Structured Text language is an elaborated language close to computer programming languages It enables you to structure series of instructions STB Standard Terminal Block STRING A variable of the type sTRING is an ASCII standard character string A character string has a maximum length of 65534 characters 35012068 00 November 2006 225 Glossary T TFTP Trivial File Transfer Protocol TIME The type TIME expresses a duration in milliseconds Coded in 32 bits this type makes it possible to obtain periods from 0 to 2 32 1 milliseconds The units of type TIME are the following the days the hours h the minutes the seconds s and the milliseconds ms A literal value of the type TIME is represented by a combination of previous types preceded by T4 t TIME or timed Examples T 25hi5m t 414 78 TIME 5d10h23m45s3ms Time literals The units of type TIME are the following the days the hours h the minutes m the seconds s and the milliseconds ms A literal value of the type TIME is represented by a combination of previous types preceded by T4 t TIME or timed Examples T 25hi5m t 14 7S TIME 5d10h23m45s3ms TIME_OF_DAY see TOD TOD TOD is the abbreviation of Time of Day The TOD type coded in BCD in 32 bit format contains the following information e the
69. ant because one of the two PLC is Offline Failure on The following table presents failure hardware or firmware on the Ethernet Copro of Standby the Standby PLC Ethernet Copro Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices closed I O scanner is not active Ethernet I O scanner SCADA 94 PLC B PLCA d Priman Standby PS TY ETY SCY DIG DIG PS CPU ETY ETY SCY DIG DIG HMI IN OUT HMI IN JOUT ETH SCP ETH SCP Port 114 Port 114 1 Event Hardware or firmware failure on the ETY copro that manages the Hot Standby CPU sync link There is no more database exchange from Primary to Standby This is not a critical event because there is no switch over PLCA Q Primary PS CPU ETY SCY DIG HMI IN ETH SCP Port 114 Ethernet 1 0 Scanner SCADA Q4 PLC B E Standby PS CPU TY JETY SCY DIG DIG HMI IN JOUT ETH SCP Port 114 Q4 DIG After the event 35012068 00 November 2006 197 System Detailed Behavior upon Failures Before the event In rack Discrete I O state cycle e PLC B Fall back position
70. application event tasks fast inputs 116 35012068 00 November 2006 Programming Debugging Language restrictions Forbidden Legacy function blocks The use of edges is not recommended It is not possible to guarantee that they are taken into account during a switch over The use of the SAVE PARAM function is not recommended in a Hot Standby application This function overwrites the initial value of a module parameter that is stored in the program code area this area being not transferred from the primary to the standby More generally the explicit instructions like READ PARAM WRITE PARAM SAVE PARAM WRITE CMD that generates an exchange between the PLC processor and a module are not compatible with Hot Standby applications but they are allowed there is no control done by Unity Pro Itis not possible to replace the initial values of the declared variables with a save attribute e g DFB variables with the current values gt no use of 3894 No forcing in the Standby PLC The following Legacy function blocks are Not Allowed PL7 Counter PL7 Drum PL7 Monostable PL7 Register 32 PL7 Register 255 PL7 TOF PL7 TON and PL7 TP PL7 3 Timer 35012068 00 November 2006 117 Programming Debugging Structure of Database Principle Illustration Exchange To take control of the process when the Primary PLC leaves the Primary mode the Standby PLC has to know the complete status
71. ardware and software One of the Hot Standby processors TSX H57 24M or TSX H57 44M s acts as the Primary controller and the other acts as the Standby controller The Primary controller executes the application program controls the Ethernet I O and In rack I O and updates the Standby controller after every scan program cycle If the Primary controller fails the Standby controller takes control within one scan To determine if the Primary controller failed note controller s status displayed in the Display block with indicator lamp The Standby controller does not execute the full application program but only the first section and the Standby controller does not control the redundant In rack I O and Ethernet I O but checks the Primary health Note e Redundant In rack I Os are those that are connected in parallel between the 2 PLCs via specific connection blocks e Local In rack I Os are not connected in parallel The Primary and the Standby controllers can manage local In rack I O with some restrictions 16 35012068 00 November 2006 Overview Switchover Capability Monitoring the System Power Cycle Handling In rack yo Software Requirements Either of the two controllers may function as the Primary controller and the other as the Standby controller Primary and Standby states are switchable Therefore if one of the two controllers is functioning as the Primary controller the other
72. as the function In FBD each invocation is denoted by a unique number via the graphic block this number is automatically generated and can not be altered You position and set up these functions in your program in order to carry out your application You can also develop other functions using the SDKC development kit EFB Is the abbreviation for Elementary Function Block This is a block which is used in a program and which performs a predefined software function EFBs have internal statuses and parameters Even where the inputs are identical the output values may be different For example a counter has an output which indicates that the preselection value has been reached This output is set to 1 when the current value is equal to the preselection value Elementary see EF Function EN EN means ENable this is an optional block input When EN is activated an ENO output is automatically drafted If EN 0 the block is not activated its internal program is not executed and ENO its set to 0 If EN 1 the internal program of the block is executed and ENO is set to 1 by the System If an error occurs ENO is set to O ENO ENO means Error NOtification this is the output associated to the optional input EN If ENO is set to 0 caused by EN 0 or in case of an execution error e the outputs of function blocks remain in the status they were in for the last correct executed scanning cycle and e the output s
73. ays displayed but can be omitted at the time of entry DWORD is the abbreviation of Double Word The DWORD type is coded in 32 bit format This table shows the lower upper limits of the bases which can be used Base Lower limit Upper limit Hexadecimal 16 0 16 FFFFFFFF Octal 8 0 8 37777777777 Binary 2 0 2 11111111111111111111111111111111 Representation examples Data content Representation in one of the bases 00000000000010101101110011011110 16 ADCDE 00000000000000010000000000000000 8 200000 00000000000010101011110011011110 2 10101011110011011110 EBOOL EF EBOOL is the abbreviation of Extended Boolean type It can be used to manage rising or falling edges as well as forcing An EBOOL type variable takes up one byte of memory Is the abbreviation of Elementary Function This is a block which is used in a program and which performs a predefined software function 218 35012068 00 November 2006 Glossary A function has no internal status information Multiple invocations of the same function using the same input parameters always supply the same output values Details of the graphic form of the function invocation can be found in the Functional block instance In contrast to the invocation of the function blocks function invocations only have a single unnamed output whose name is the same
74. ce the volume of the generated code DINT is the abbreviation of Double Integer format coded on 32 bits The lower and upper limits are as follows 2 to the power of 31 to 2 to the power of 31 1 Example 2147483648 2147483647 164FFFFFFFF DT is the abbreviation of Date and Time The DT type coded in BCD in 64 bit format contains the following information e The year coded in a 16 bit field the month coded in an 8 bit field the day coded in an 8 bit field the hour coded in a 8 bit field the minutes coded in an 8 bit field the seconds coded in an 8 bit field Note The 8 least significant bits are unused The DT type is entered as follows DT lt Year gt lt Month gt lt Day gt lt Hour gt lt Minutes gt i lt Seconds gt This table shows the lower upper limits in each field Field Limits Comment Year 1990 2099 Year Month 01 12 The left 0 is always displayed but can be omitted at the time of entry 35012068 00 November 2006 217 Glossary DWORD Field Limits Comment Day 01 31 For the months 01 03 05 07 08 10 12 01 30 For the months 04 06 09 1 1 01 29 For the month 02 leap years 01 28 For the month 02 non leap years Hour 00 23 The left 0 is always displayed but can be omitted at the time of entry Minute 00 59 The left 0 is always displayed but can be omitted at the time of entry Second 00 59 The left 0 is alw
75. chover by setting a bit in the primary application command register if there is no fault in the other PLC links for diagnostics links and Ethernet SW61 1000 0000 0000 1110 e The accessed PLC is PLC A primary The other PLC is PLC B standby SW62 0000 0000 0000 0000 e The other PLC no fault Primary PLC error bit 1 x mod err of all the modules in the extended rack set to 1 Power Failure on Standby Extendable Rack PLC The following table presents power failure on an extendable rack of the Standby Before the event In rack Discrete I O state PLC A calculated and applied at the end of the task cycle PLC B PLC A output applied at the end of task cycle Remote O state PLC A all connections with Ethernet devices are open I O scanner is active PLC all connections with Ethernet devices are closed I O scanner is not active PLCA Primary PS ETY ETH Port psp IITTI o Ethernet 1 0 scapner SCADA Standby 941 PS CPU ETY DIG DIG IN Jour SCP ETH 114 Port 114 ps fT tT ft ft PLCB DIG DIG IN JOUT Event Power failure on an extendable rack The status of the Hot Standby system does not change PLC A Ethernet 1 0 scanner SCADA PS ETY ETH Port PLC B DIG DIG IN JOUT DIG DIG IN JOUT SCP 114 SCP 114 After the event
76. coded in an 8 bit field e the day coded in an 8 bit field The DATE type is entered as follows D lt Year gt lt Month gt lt Day gt This table shows the lower upper limits in each field Field Limits Comment Year 1990 2099 Year Month 01 12 The left 0 is always displayed but can be omitted at the time of entry Day 01 31 For the months 01 03 05 07 08 10 12 01 30 For the months 04 06 09 11 01 29 For the month 02 leap years 01 28 For the month 02 non leap years see DT Representation of a Double BCD format double integer The Binary Coded Decimal BCD format is used to represent decimal numbers between 0 and 9 using a group of four bits In this format the four bits used to code the decimal numbers have a range of unused combinations 216 35012068 00 November 2006 Glossary DDT DFB DINT DT Example of DBCD coding e the number 78993016 e iscoded 0111 1000 1001 1001 0011 0000 0001 0110 DDT is the abbreviation of Derived Data Type A derived data type is a set of elements of the same type ARRAY or of various types structure DFB is the abbreviation of Derived Function Block DFB types are function blocks that can be programmed by the user ST IL LD or FBD By using DFB types in an application it is possible to simplify the design and input of the program increase the legibility of the program facilitate the debugging of the program redu
77. d B slot 2 H57 24M 1 Memory configuration of the PCMCIA card 1 Memory configuration of the PCMCIA card 2 82 35012068 00 November 2006 Configuring Step Action 5 Double click or right click either PCMCIA card The New Replace Submodule dialog appears New Replace Submodule Part Number Description OK E SRAM ance C 001M SRAM PCMCIA Prog 1024kb Data 832kb Help t TSX MRP C 002M SRAM PCMCIA Prog 204806 Data 1856kb r TSX 003M SRAM PCMCIA Prog 3072kb Data 2880kb t TSX MRP C 007M SRAM PCMCIA Prog 7168kb Data 6976kb c TSX C 01 7 SRAM PCMCIA Prog 1792kb Data 1600kb TSX C 448K FLASH PCMCIA Prog 448kb Data 352kb TSX MRP C 768K FLASH PCMCIA Prog 768kb Data 576kb r2 TSX MRP P 128K FLASH PCMCIA Prog 128kb 1 TSX MRP P 224K FLASH PCMCIA Prog 224kb 0 s TSX MRP P 384K FLASH PCMCIA Prog 384kb El SRAM Data storage TSX F 004M SRAM PCMCIA Data or Files 4096kb TSX F 008M SRAM PCMCIA Data or Files 8192kb 6 Add or replace the desired memory 35012068 00 November 2006 83 Configuring Swapping Network Addresses at Switch over Overview Handling TCP IP address at
78. d Behavior upon Failures Hardware Failure of a Digital Module Hardware Failure Primary Digital Module The following table presents hardware failure or removal of a digital module in the Primary PLC main or extendable rack Before the event In rack Discrete I O state Remote I O state l O scanner is active closed I O scanner is not active PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle PLC A all connections with Ethernet devices are open PLC B all connections with Ethernet devices are Ethernet I O scanner SCADA 1 PS CPU ETY SCY DIG DIG IN JOU ETH SCP Port 114 Q4 SCY DIG DIG IN SCP 114 Event BUS rack of a digital module over occurs Hardware failure or the module is removed from the X This is not a critical event because no automatic switch Ethernet 1 0 scanner SCADA 1 PS CPU ETY SCY DIG DIG PS CPU ETY SCY DIG DIG IN JOUT IN JOUT ETH SCP ETH SCP Port 114 Port 114 Q4 PLCA PLCB After the event In rack Discrete I O state Remote I O state I O scanner is active closed I O scanner is not active PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle PLC A all connections with Ethernet devices are open PLC B all connections with Ethernet devices are Ethernet 1 0 scan
79. d after the swap the new Primary ETY starts to publish application variables and to receive the subscription variables 35012068 00 November 2006 97 Configuring FTP TFTP Server The File Transfer Protocol Trivial File Transfer Protocol FTP TFTP server is available as soon as the module receives an IP address Any FTP TFTP client can log on to the module Access requires the correct user name and password Premium Hot Standby allows only one active FTP TFTP client session per ETY module When the Hot Standby swap occurs the Primary and Standby ETYs close the FTP TFTP connection If a user sends an FTP TFTP request during the swap the communication is closed Whenever you re open communication you must re enter a user name and a password 98 35012068 00 November 2006 Configuring 5 3 Configuring Registers At a Glance Purpose This material describes configuring a Premium Hot Standby system by selecting options that affect the Hot Standby specific registers You may want to use this method if your system has specific configuration needs What s in this This section contains the following topics Section Topic Page Understanding the Non Transfer Area and Reverse Transfer Words 100 Understanding the Unity Command Register 101 Understanding the Unity Status Register 1038 Transferring User Data 106 Using Initialized Data 107 Synchronization of Real Time Clocks 108
80. d in Standby SCY SCY Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active I O scanner is not active e PLC B all connections with Ethernet devices are closed Ethernetl O scanne SCADA PLCA Primary P5 CPU Pr DIG PS CPU IN JOU i Port SCY SCP 114 1 DIG DIG IN JOU PLCB Standby Event Hardware failure or the module is removed from the SCY module of the Modbus SCP card This is not a critical event because there is no switch over Ethernet I O scanngr SCADA aie i Switch 1 il Ir DIG PS CPU IN JOU i DM Port 114 Port After the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applies at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active scanner is not active e PLC B all connections with Ethernet devices are closed Ethernet I O scanner SCADA PLCA Primary PS CPU lli DIG IN JOU Port 1 NR Not Responding Switch Port 114 PLCB Standby DIG DIG IN JOU 35012068 00 November 2006 211 System Detailed Behavior upon Failures
81. d rack In the example only one MW is used and copied in the reverse register sSw62 The Main rack state is e 5MWx 0 SW62 0 reserved e MWx 1 SW62 1 reserved e MWx 2 SW62 2 reserved e 5MWx 3 SW62 3 discrete input module state by copy of 10 5 mod err e 5MWx 4 SW62 4 discrete output module state by copy of 10 6 mod err e MWx 5 SW62 5 SCY state by copy of 10 4 mod err e MWx 6 SW62 6 SCP in SCY state by copy of 10 4 1 err e 5MWx 7 SW62 7 ETY state by copy of 10 3 mod err The Extended rack state is e 5MWx 8 9W62 8 discrete module state by copy of 11 0 mod err e 5MWx 9 SW62 9 discrete module state by copy of 11 1 mod err e 5MWx 10 SW62 10 discrete module state by copy of 11 2 mod err e 5MWx 11 SW62 11 discrete module state by copy of 11 3 mod err e MWx 12 SW62 12 discrete module state by of 11 4 mod err e MWx 13 SW62 13 discrete module state by copy of 11 5 mod err e 5MWx 14 SW62 14 discrete module state by copy of 11 6 mod err 35012068 00 November 2006 177 System Detailed Behavior upon Failures Halt or Stop Events on PLC Halt or Stop on Primary PLC The following table presents Halt or Stop events on Primary PLC Before the event In rack Discrete I O state PLC A calculated and applied at the end of the task cycle PLC B PLC A output applied at the end of task cycle Rem
82. de Offline Make offline modifications on the Standby PLC if the modifications will require a Modification complete download of the application The following table describes modifications that requires an application download Modifications Description Program Modify the code of EVT sections Configuration Add move remove an I O module communication e Changing memory sizes in configuration screen Global variables Remove a used variable used in animation table or operator Screen Used DFB Type of used DFB e Adda parameter 158 35012068 00 November 2006 Handling application Modification Executing the Procedure Offline To make offline modifications to an application program logic program or project in the Standby controller follow these steps Step Action 1 Ensure both Primary A and Standby B controllers are in Run Primary and Run Standby mode Download of the new application in the standby PLC B Results The Standby PLC B goes to Non Configuration state Atthe end of the download the PLC B goes in Stop Offline mode Stop on the PLC A Result The PLC A goes in Stop Offline mode The system is neither more active nor redundant Run on the PLC B Result The PLC B goes in Run Primary mode The system is active again but not redundant Download of the new application in the PLC A
83. dress Failure to follow this instruction can result in injury or equipment damage 96 35012068 00 November 2006 Configuring Global Data Publish Subscribe Service CAUTION RISK OF EQUIPMENT DAMAGE To prevent a pulse on Scanned I Os when one of the two PLCs fails the user must configure output Ethernet devices with the Hold last value mode For the Ethernet devices that only support the fallback to O position a pulse may appear during a switchover Failure to follow this instruction can result in injury or equipment damage The Hot Standby ETY is one station within a distribution group Distribution groups exchange application variables Exchanging application variables allows the system to coordinate all the stations in the distribution group Every station publishes local application variables in a distribution group for all other stations and can subscribe to remote application variables independent of the location of the producer The communication port has only one multicast address In this network service the Premium Hot Standby controllers are viewed like only one station The Primary ETY publishes the Hot Standby application variables and receives the subscription variables The Standby ETY global data service is in a stopped state When the Hot Standby swap occurs the Primary ETY stops the Global Data service The ETY does not publish the local variable during a swap An
84. e PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA PLC B Primary 1 Standby PS CPU ETYJETY SCY DIG DIG PS ETY ETY SCY DIG DIG HMI IN HMI IN JOU ETH SCP SCP Port 114 114 1 PLCA Event Hardware or firmware failure on the ETY module that manages SCADA HMI This is not a critical event because there is no switchover Ethernet I O scanner SCADA Qt CY DIG DIG PS ETY ETY IN HMI ETH Port 5 SCP 114 PLCA Primary PS CPU ETY ETY HMI ETH Port PLC B Standby SCY DIG DIG IN JOU SCP 114 1 After the event 194 35012068 00 November 2006 System Detailed Behavior upon Failures In rack Discrete I O state PLC A calculated and applied at end of task cycle Ethernet I O scanner SCADA e PLC B PLC A output applied at end of task cycle PLCA PLCB Primary Q 1 Standby Remote I O state PS PS CPU JETYJETY SCY DIG DIG e PLC A all connections with Ethernet devices are open AMI P 00 lii OU I O scanner is active u imi PLC B all connections with Ethernet devices are closed Port Port l O scanner is not active On Global status Communication status Customer dia
85. e e Only diagnostic information in case of exclusive Bus X configuration e Diagnostic information and I O scanning service if Ethernet I O devices are connected on the link e Diagnostic information I O scanning service and other Ethernet services 50 35012068 00 November 2006 Setting up Installing and Cabling Mapping the Backplane Extension Requiring Two backplanes must be configured with identical hardware software and firmware Identical in identical order Then both controllers may function either as a Primary controller Backplanes or as a Standby controller Note INSTALLING CONTROLLERS Schneider Electric recommends referring to Schneider Electric planning and installation guidelines You will find more information in the Premium and Atrium Using Unity Pro User Manual 35006160 and in Grounding and Electromagnetic Comptabilty of PLC System 33002439 Architecture The following graphic shows an architecture example with XBus expansion example with XBus expansion Remote Rack Remote Rack Remote Rack gg oq BRE JE lt lt lt 4 Z lt lt lt lt 5 a 5 Tele E TEE OUT a mI Tele B 5 ar s t IN Z E Remote Rack Remote Rack E 3 gt moo E z oo go 3 m o m H f m m o mz lt lt lt lt 4 lt lt lt lt lt lt Remote Rack XBus system
86. e there is an automatic switch over Ethernet I O scanner SCADA Switch Port PLCA PS SCY DIG DIG IN JOU SCP Port 114 PLC B Standby SCY DIG DIG IN SCP 114 After the event In rack Discrete I O state e PLC A Fallback position e PLC B Calculated and applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open scanner is not active e PLCB allconnections with Ethernet devices are closed I O scanner is active Ethernet 1 0 scanner SCADA PLCB Primary SCY DIG DIG IN PLCA Switch PS CPU scYppic DIG PS IN JOU SCP Port 114 Port SCP 114 Global status Communication status Customer diagnostic through Ethernet address 35012068 00 November 2006 201 System Detailed Behavior upon Failures The process is still active but the System is no longer redundant as long as the Ethernet I O link is disconnected on the PLC A side Normal access to PLC A through terminal port and Modbus link for diagnostics If an HMI SCADA is connected to the switch diagnosis is no longer possible through Ethernet Normal access to PLC B through terminal port Modbus link and Ethernet link for diagnostics SW61 1000 0000 0010 0110 The accessed PLC is PLC B primary e The other PLC is PLC A offline SW62 Not significant because ofthe
87. emium Hot Standby CPUs is called CPU sync link It can be e A Twisted Pair Copper crossover cable e Fiber cable with optical switches for long distance connections 48 35012068 00 November 2006 Setting up Installing and Cabling Establishing the Primary and Standby Controllers Connecting the ETY modules CAUTION RISK OF EQUIPMENT DAMAGE The CPU sync link is a point to point link dedicated to exchange application data from the Primary PLC to the Standby PLC and to provide information on the Hot Standby system status Do not in any case connect other Ethernet devices on this link This may impact the database exchange between the two PLCs and the switchover time Failure to follow this instruction can result in injury or equipment damage The system determines that one of the two Premium Hot Standby CPUS will be the Primary controller and the second controller as the Standby The PLC with the lowest MAC address becomes PLC A Primary The other one becomes PLC B Standby To guarantee which PLC will become the Primary when the two PLCs are powered up simultaneously it is possible to use a time lag relay on the supply of the main rack of one of the two PLCs During this process the PLC that has the time lag relay in its supply cabling will be the Standby PLC Because it is not possible to have a non ambiguous diagnostic of the Premium Hot Standby system with only one link between the tw
88. erating mode These four events occur when the ETY is powered up when an ETY executes a Hot Standby switch over when an ETY goes to offline mode or when a new application is downloaded to the ETY An ETY obtains its IP Address assignment at power up as follows If the HSBY state is Then the IP Address assigned is Standalone ETY configuration table Primary Configured IP address from the ETY configuration table Standby Configured IP address 1 from the ETY configuration table up Not powered up to power The IP address is determined by which controller powers up first after check remote the second ETY takes IP Address 1 or if powered up at the same time by a resolution algorithm e Primary HSBY ETY IP address e Standby HSBY ETY IP address 1 90 35012068 00 November 2006 Configuring Power Up and Ethernet Services Hot Standby Switch over Offline event table HSBY ETY Mode IP address Primary to Offline Configured IP address from the ETY configuration table if the peer controller does not go to Primary state Standby to Offline Configured IP address 1 from the ETY configuration table When the CPU stops the HSBY ETY goes to the Offline mode The IP address is determined by whether or not the other controller is in transition to the Primary state The following table shows how the status of an ETY service is affec
89. es is not recommended Depending on the frequency a certain amount of pulses can be lost at switch over The use of edges is not recommended It is not possible to guarantee that they are taken into account during a switch over The use of the SAVE PARAM function is not possible in a Hot Standby application This function overwrites the initial value of a module parameter that is stored in the program code area this area being not transferred from the primary to the standby The explicit instructions like READ PARAM WRITE PARAM SAVE PARAM WRITE CMD that generates an exchange between the PLC processor and a module are not compatible with Hot Standby applications but they are allowed no control done by Unity Pro It is not possible to replace the initial values of the declared variables with a save attribute e g DFB variables with the current values no use of 594 The following Legacy function blocks are forbidden e PL7 COUNTER PL7 DRUM PL7 MONOSTABLE PL7 REGISTER 32 PL7 REGISTER 255 PL7 TOF PL7 TON PL7 TP PL7 3 TIMER 34 35012068 00 November 2006 Behavior and Performances Introduction Overview What s in this Chapter This chapter provides information about behavior and performances of a Premium Hot Standby System This chapter contains the following sections Section Topic Page 3 1 Behavior of Premium Hot Standby 37 3 2 Performances of Premium Hot Standby 44
90. ess field Run Stop input M 512 MW 1024 96KW 256 Memory protect Automatic start in RUN 968 128 SW 168 Initialize MWi on cold start r Memory cards r A No memory card selected Default values r B No memory card selected Maximum values 35012068 00 November 2006 71 Configuring Description of the Configuration tab Configuration tab Item Option Value Description Operation Mode Run Stop input X Determines the operating Memory protect X condition during Cold Start Automatic start in Run X Initialize MWi on cold X start Memory Cards A N A Displays the configuration in B N A the PCMCIA Slots Default value N A Permits selection of the default value M KW Maximum value N A Permits selection of the maximum number KW Size of global address M 1 Size of the different memory field 9 MW 1 areas Note The values for MW 9 eee 1 has to be divisible by 8 5 2 SW 2 1 Enter the appropriate values All values depend on Hot Standby configuration 2 The values cannot be selected 72 35012068 00 November 2006 Configuring Using the Animation Tab and PLC Screen Dialogs Accessing the To access the Task Realtime clock and Information tabs of the Unity Pro PLC Screen Animation tab Dialogs Step Action 1 Select the Ani
91. etween Primary and See CPU sync link failure between Primary Standby PLCs and Standby PLCs p 199 Scanner Disconnection See Monitored ETY and I O Scanner Disconnection p 201 Full Ethernet I O Link Disconnection See Full Ethernet I O Link Disconnection p 205 Hardware Failure of a Digital Module See Hardware Failure of a Digital Module p 207 Hardware Failure of the SCP card in CPU or See Hardware Failure of the SCP card in SCY SCY p 210 144 35012068 00 November 2006 Maintaining Detecting Primary CPU and ETY sync link failures Non mastered Primary CPU failure Mastered Primary CPU failure Primary ETY sync link failure The following table presents a Non mastered Primary CPU failure Stages Description 1 A communication error occurs in the Standby Copro that manages the CPU sync link Standby Copro reports this error to the Standby CPU Standby CPU sends a message to its local Monitored ETY to get a status of the ETY sync link Because the Primary PLC is not responding the Standby CPU gets a wrong status from its local Monitored ETY The Standby PLC becomes Primary The following table presents a Mastered Primary CPU failure Stages Description 1 The Primary CPU sends a take control message to the Standby CPU through the CPU sync link before entering the Offline mode 2 Standby goes to Primary mode The following tab
92. function block type an instance a variable or a section Letters from national character sets e g 6 6 can be used except in project and DFB names Underlines are significant in identifiers e g A_BCD and AB are interpreted as different identifiers Multiple leading underlines and consecutive underlines are invalid Identifiers cannot contain spaces Not case sensitive e g ABCD and abcd are interpreted as the same identifier According to IEC 61131 3 leading digits are not allowed in identifiers Nevertheless you can use them if you activate in dialog Tools Project settings in tab Language extensions the check box Leading digits Identifiers cannot be keywords Used to indicate that a result of an operation is not a number Not A Number Example calculating the square root of a negative number Note The IEC 559 standard defines two classes of NAN quiet NAN QNAN and signaling NaN SNaN ONAN is a NAN with the most significant fraction bit set and a SNAN is a NAN with the most significant fraction bit clear Bit number 22 ONANS are allowed to propagate through most arithmetic operations without signaling an exception SNAN generally signal an invalid operation exception whenever they appear as operands in arithmetic operations See SW17 and 96818 There are two meanings for Network e In LD A network is a set of interconnected graphic elements The scope of a network is local to the program
93. g from Standby to Primary TextID Warning message 13015 Control command over ETH 13016 Control command over RIO TextlDs switching from Offline to Primary Standby TextID Warning message 13017 Switch from Offline to Primary 13018 Switch from Offline to Standby BY 174 35012068 00 November 2006 System Detailed Behavior upon Failures Introduction Overview What s in this Chapter In this chapter you will find the failures that can occur in Premium Hot Standby system This chapter contains the following topics Topic Page Overview of Failures 176 Halt or Stop Events on PLC 178 Hardware or Firmware CPU Failure 181 Power Failure on the Main Rack 184 Power Failure on an Extendable Rack 187 Hardware or Firmware ETY failure 190 Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA 193 Failure on the Ethernet Copro 196 CPU sync link failure between Primary and Standby PLCs 199 Monitored ETY and I O Scanner Disconnection 201 Full Ethernet I O Link Disconnection 205 Hardware Failure of a Digital Module 207 Hardware Failure of the SCP card in SCY 210 35012068 00 November 2006 175 System Detailed Behavior upon Failures Overview of Failures Introduction Example of Configuration A first level of Hot Standby diagnosis can be done through the status register that is managed locally by each Hot Standby PLC The user can obtain more diagno
94. g the application overrides the process of checking whether the Primary and Standby are configured identically Disable the upgrade without stopping bit as soon as the OS upgrade is finished Failure to follow this instruction can result in injury or equipment damage 162 35012068 00 November 2006 Handling CPU OS Upgrade Executing the OS Upgrade Procedure General How to perform an OS Upgrade Perform an OS upgrade using the installed OSLoader tool Follow these steps Step Action 1 Connect Unity Pro to the Primary PLC through Uni Telway terminal port 2 Access Command Register SW60 set bit 4 to 1 OS version mismatch allowed 3 Stop the Primary Ensure Standby becomes Primary 4 Disconnect Unity Pro 5 Open the OSLoader tool 6 Download the new OS 7 After completing the OS download perform application program transfer 8 Put the PLC in RUN mode Ensure PLC becomes Standby 9 Connect Unity Pro to the other PLC that is the Primary through Uni Telway terminal port 10 Stop the Primary Ensure Standby becomes Primary 11 Disconnect Unity Pro 12 Open the OSLoader tool 13 Download the new OS 14 After completing the OS download perform application program transfer 15 Put the PLC in RUN mode Ensure PLC becomes Standby 16 Perform a switchover or connect Unity Pro to the Primary Ensure Standby becomes Primary 17 Access Command Register SW60 set bit 4 t
95. gnostic through Ethernet address No impact on the e Normal access to PLC A through SW61 1000 0000 0000 1110 Hot Standby terminal port or Modbus or Ethernet e the accessed PLC is PLC A primary running The link for diagnostics the other PLC is PLC B standby process is still Normal access to PLC B through SW62 0000 0000 1000 0000 redundant terminal port or Modbus Noaccessto PLC B through Ethernet link 35012068 00 November 2006 195 System Detailed Behavior upon Failures Failure on the Ethernet Copro Failure on The following table presents failure hardware or firmware on the Ethernet Copro of Primary Ethernet the Primary PLC Copro Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle bna 5 CPU TY ETY SCY DIG DIG HMI IN ETH SCP Port 114 Ethernet I O scanner SCADA PLCB eH Standby PS CPU ETY ETY SCY DIG DIG HMI IN ETH SCP Port 114 Remote state PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active On Event Hardware or firmware failure on the ETY copro that manages the Hot Standby CPU sync link There is no more database Ethernet 0 scanner 4SCADA
96. h Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed scanner is not active Ethernet I O scanner SCADA A PLC A q 941 PLCB Primary Standby PS CPU TY ETY SCY DIG DIG PS CPU ETY ETY SCY DIG DIG HMI IN HMI IN JOU ETH SCP ETH SCP Port 114 Port 114 1 Event CPU sync link disconnection There is no more database exchange from Primary to Standby This is a not a critical event because there is no automatic Switchover Ethernet I O scanner SCADA PLC B d Standby PS CPU ETYJETY SCY DIG 016 HMI IN OU ETH SCP Port 114 1 PLCA Primary PS CPU TY ETY SCY DIG HMI IN OU ETH SCP Port 114 X 1 After the event In rack Discrete I O state calculated and applied at the end of the task cycle e PLC B Fallback position Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet 1 0 scanner SCADA PLCA TY SCY HMI g 9H PS CPU ETY E DIG DIG PS CPU ETYJETY SCY DIG DIG IN JOU HMI IN JOUT ETH SCP ETH SCP Port 114 Port 114 1 X PLC B Communication status Global status Customer diagnostic through Ethernet address 35012068 00 November 2006 199 System Detailed
97. he end of the task cycle PLC B PLC A output applied at the end of task cycle Remote state Ethernet 1 0 Scanner SCADA 1 PLCB Standby occurs ii Diepe PS CPU SCY DIG DIG PLC A all connections with Ethernet devices are open IN Di OU I O scanner is active Ini mr T 4 ii PLC all connections with Ethernet devices are closed 114 Port I O scanner is not active Gu Event Hardware or firmware failure on the Monitored ETY module that manages Ethernet I O or Ethernet I O SCADA HMI Ethernet 10 scamer SCADA This is a critical event because an automatic switch over PLCA Switch Q4 PLCB SCY DIG DIG IN JOU SCPI 114 SCYbIG DIG PS CPU IN JOU SCP 114 After the event In rack Discrete I O state PLC A fallback position PLC calculated and applied at the end of the task cycle Remote state PLC A all connections with Ethernet devices are closed I O scanner is not active PLC B all connections with Ethernet devices are open I O scanner is active Ethernet 1 0 scanner SCADA PLC B Primary Switch S CY bIG DIG IN Jou Q li DIG PS CPU ETY IN JOU ETH SCPI 114 Port 114 S 1 NR Not responding Global status Communication status Customer diagnostic through Ethernet address 2 190 35012068 00 November 2006 System Detailed Behavior upon Failures Nor
98. he states of the local and remote Hot Standby controllers Status of local PLC e SW61 1 0 and SW61 0 1 means local PLC is in OFFLINE mode e SW61 1 1 and SW61 0 0 means local PLC is running in Primary mode e SW61 1 1 and SW61 0 1 means local PLC is running in Standby mode Status of remote PLC 551161 3 0 and SW61 2 1 means remote PLC is in OFFLINE mode e 5W61 3 1 and SW61 2 0 means remote PLC is running in Primary mode e 5W61 3 1 and SW61 2 1 means remote PLC is running in Standby mode e 551161 3 0 and SW61 2 0 means remote PLC is not accessible Power off no communication SW61 4 is set 1 whenever a logic mismatch is detected between the Primary and Standby controllers SW61 5 is set to 0 or 1 depending on the Ethernet MAC address e SW61 5 0 means the PLC with the lowest MAC address becomes PLC A e SW61 5 1 means the PLC with the highest MAC address becomes Note To perform the MAC address comparison the two PLCs have to be connected with the CPU sync link This bit indicates if the CPU sync link between the 2 PLC is valid e SW61 6 0 means the CPU sync link is valid The contents of bit 5 is significant e SW61 6 1 means the CPU sync link is not valid In this case the contents of the bit 5 is not significant because the comparison of the 2 MAC addresses cannot be performed This bit indicates if there is a M
99. hen The remote PLC is Primary the two applications are identical and no local failure The PLC restarts in Run Standby mode The remote PLC is Primary and the two applications are not identical or there is a local failure The PLC restarts in Run Offline mode There is no remote Primary and no local failure The PLC restarts in Run Primary mode There is no remote Primary but there is a local failure The PLC restarts in Run Offline mode A local failure is mainly A power supply failure on the CPU rack An application program fault that generates a HALT state An hardware or firmware failure on the CPU module An hardware or firmware failure on the monitored ETY module A cable disconnection between the monitored ETY and the first hub switch A CPU sync link failure only when PLC is Standby At Warm start the PLC restarts depending on the previous PLC state Stop or Run If Run the PLC restarts depending on the remote PLC state local failure state application mismatch state refer to the above table 35012068 00 November 2006 135 Operating Conditions for Switch over Overview Example of Switch over with PLC Bin Standby mode The manual Switch over is commendable from application program or requests Before the action on Sw60 the status are e The two Bits are at 1 default value set by the system e The PLC A is Primary e The PLC B is Standby due fo
100. her hang or time out Click the Refresh or Reload button Remote Clients Hot Standby swaps affect remote clients An ETY will reset under the following conditions e Remote Connection Request during Hot Standby Swap If a remote client establishes a TCP IP connection during a Hot Standby swap the server closes the connection using a TCP IP reset e Hot Standby Swap during Remote Connection Request If a remote client makes a connection request and a Hot Standby swap occurs during the connection request the Server rejects the TCP IP connection by sending a reset e Outstanding Requests If there is an outstanding request the ETY will not respond to the request but the ETY will reset the connection The ETY will do a Modbus logout if any connection has logged in Local Clients During a swap the ETY will reset all client connections using a TCP IP reset 35012068 00 November 2006 95 Configuring Scanning Service I O Scanning provides the repetitive exchange of data with remote Ethernet I O devices While the PLC is running the Primary ETY sends Modbus Read Write requests to remote I O devices and transfers data to and from the PLC memory In the Standby controller the I O scanning service is stopped When the Hot Standby swap occurs the Primary ETY closes all connections with devices by sending a TCP IP reset The I O scanning service in this ETY is Standby After the swap the new Primary ETY re es
101. hour coded in a 8 bit field e the minutes coded in an 8 bit field e the seconds coded in an 8 bit field Note The 8 least significant bits are unused The Time of Day type is entered as follows TOD lt Hour gt lt Minutes gt lt Seconds gt This table shows the lower upper limits in each field Field Limits Comment Hour 00 23 The left 0 is always displayed but can be omitted at the time of entry Minute 00 59 The left 0 is always displayed but can be omitted at the time of entry Second 00 59 The left 0 is always displayed but can be omitted at the time of entry Example TOD 23 59 45 226 35012068 00 November 2006 Glossary Token TOPO ADDR TY PE An active step of an SFC is known as a token This predefined type is used as output for READ function This type is an ARRAY 0 4 OF Int You can find it in the libset in the same family than the EFs which use it U UDINT UDINT is the abbreviation of Unsigned Double Integer format coded on 32 bits unsigned The lower and upper limits are as follows 0 to 2 to the power of 32 1 Example 0 4294967295 2411111111111111111111111111111111 8437777777711 l64FFFFFFFF UINT UINT is the abbreviation of Unsigned integer format coded on 16 bits The lower and upper limits are as follows 0 to 2 to the power of 16 1 Example 0 65535 2 1111111111111111 8 177777 16 FFFF Unlocated An unlocated variable is a variable for which it is impossible
102. ication the new Primary ETY must have the same Transparency IP Address as the former Primary ETY The IP Address in the Standby ETY an ETY in the Standby state is IP Address 1 The ETYs integrated into the Premium Hot Standby configuration coordinate this IP Address swapping with the management of Ethernet services used CAUTION RISK OF EQUIPMENT DAMAGE Do not use the address IP 1 For a Premium Hot Standby configuration do not use consecutive IP addresses for consecutive ETY modules configured Do not configure the Primary address as nnn nnn nnn 254 which would cause Standby IP address to be nnn nnn nnn 255 Doing that the ETY would then return the diagnostic code Bad IP configuration Failure to follow this instruction can result in injury or equipment damage 94 35012068 00 November 2006 Configuring Network Effects of Premium Hot Standby Overview Premium Hot Standby is a powerful feature of the ETYs a feature that increases the reliability of your installation Hot Standby uses a network and using the Hot Standby feature over a network can affect the behavior of Browsers Remote and Local clients Scanning service Global Data service FTP TFTP server The following are factors you may encounter while using the Premium Hot Standby solution Browsers If a browser requests a page and during the process of downloading that page an IP Address swap occurs the browser will eit
103. ices are closed Ethernet I O scanner SCADA iS PLCB 341 Standby CH il DIG DIG CPU DIG DIG HMI IN HMI IN JOU m Port il Port i Global status Communication status Customer diagnostic through Ethernet address 35012068 00 November 2006 193 System Detailed Behavior upon Failures The process is still redundant but diagnosis is no longer possible through the HMI SCADA link e address 9 not responding If necessary the customer can request switchover by Setting a bit in the command register of the Primary application if there is no fault in the other PLC e Normal access to PLC A through terminal port or Modbus for diagnostics No access to PLC A through Ethernet link Normal access to PLC B through terminal port Modbus or Ethernet links for diagnostics SW61 1000 0000 0000 1110 e The accessed PLC is PLC A primary e The other PLC is PLC B standby SW62 0000 000 0000 0000 e The other PLC no fault Failure on Standby ETY HMI amp SCADA The following table presents failure hardware or firmware on the Standby ETY dedicated to HMI and SCADA ETY is not the HSBY Monitored ETY Before the event In rack Discrete I O state PLC A calculated and applied at the end of the task cycle PLC B PLC A output applied at the end of task cycle Remote stat
104. ied end of task cycle PLC B PLC A output applied at end of task cycle Remote state PLC A all connections with Ethernet devices are open I O scanner is active PLC all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA DIG DIG IN JOU Switch PS CPU S CY DIG DIG IN JOU SCP Port 114 Q4 PLCA Primary ETY S CY DIG DIG IN OUT i 1 NR Not Responding Global status Communication status Customer diagnostic through Ethernet address 210 35012068 00 November 2006 System Detailed Behavior upon Failures No impact on the Hot e Normal access to PLC A Standby system The through terminal port and process is still redundant If Ethernet link for needed the customer can diagnostics No access request a switch over by through Modbus link setting a bit in the command e Normal access to PLC B register of the Primary through terminal port application if there is no fault Ethernet link and Modbus in the other PLC link for diagnostics SW61 1000 0000 0000 1110 The accessed PLC is PLC A primary The other PLC is PLC standby SW62 0000 0000 0000 0000 Other PLC no fault Primary PLC error bit of SCP modules 10 0 1 err 10 4 1 err set to 1 Hardware Failure following table presents hardware failure or removal of the SCP card in the of SCP car
105. ing Debugging 126 35012068 00 November 2006 Operating Introduction Overview What s in this Chapter This chapter provides information about Operating the Premium Hot Standby System This chapter contains the following sections Section Topic Page 7 1 Start Stop System 129 7 2 Switchover 133 35012068 00 November 2006 127 Operating 128 35012068 00 November 2006 Operating 7 1 Start Stop System At a Glance Purpose This section describes how to start or stop a Premium Hot Standby System What s in this This section contains the following topics Section Topic Page Starting the two PLCs 130 Stopping the Premium Hot Standby 132 35012068 00 November 2006 129 Operating Starting the two PLCs Invalid The PLCs do not have a valid application When the PLCs are made live and they applications are waiting for an application transfer there is no Primary A Standby B selection The first PLC receiving the application will become the Primary PLC after a RUN command the other will be the Standby PLC after receiving the same application and a RUN command Note To start properly after receiving the application the two PLCs have to be linked with e The CPU sync link between the two CPUS e The ETY sync link between the two monitored ETYs Valid The use of a time lag relay on the main rack sup
106. ipment damage 35012068 00 November 2006 Safety Information PLEASE NOTE Electrical equipment should be installed operated serviced and maintained only by qualified personnel No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this material 2006 Schneider Electric All Rights Reserved 35012068 00 November 2006 About the Book A At a Glance Document Scope This guide describes the Premium Hot Standby System consisting of the Unity Pro software the Premium Hot Standby processor TSX H57 24M or TSX H57 44M power supplies Ethernet I O and TCP IP Ethernet communication module TSX ETY 4103 5103 This guide describes how to build a Premium Hot Standby System Users of PL7 Warm Standby Premium systems should note that significant differences exist between Unity and PL7 systems and where important this guide identifies those differences Note Software Requirements Required to use a Premium Hot Standby e Unity Pro 3 0 or higher version e ETY 4103 5103 V4 0 or higher version Note Who should use this document Anyone who uses a Hot Standby system or needs fault tolerant availability through redundancy in an automation system You should have knowledge of programmable logic controllers PLCs You should possess a working knowledge of the Unity Pro software 35012068 00 November 2006 About the Book Validi
107. is impulse in the Standby The different situations are illustrated below the pulse is modified in the same way 35012068 00 November 2006 119 Programming Debugging For an impulse command to positive logic with the delay less than Tpulse Timpulsion lt gt On Primary PLC delay Timpulsion eG On Standby PLC Timpulsion delay Result OR logic of outputs 120 35012068 00 November 2006 Programming Debugging For an impulse command to positive logic with the delay more than Tpulse Tpulse On Primary PLC On Standby PLC Result OR logic of outputs For an impulse command to negative logic with the delay less than Tpulse Tpulse On Primary PLC j gt delay po Tpulse On Standby PLC c 1 Result Tpulse OR logic of outputs i delay 35012068 00 November 2006 121 Programming Debugging Local I O management For an impulse command to negative logic with the delay more than Tpulse Tpulse On Primary PLC c 3 bl T delay lt lt l Tpulse On Standby PLC Result OR logic of outputs Itis possible to manage actuators locally in both PLC In this case actuators are not connected in parallel on two output modules but directly to one output module in each PLC They may be written with different values at the same time depending on the application
108. ity Pro Since the Primary and ETY Standby controllers must have an identical configuration the configured IP Addresses will be the same The ETY s IP Address is either the configured IP Address or the configured IP Address 1 The IP Address is determined by the current local Hot Standby state In the Offline state the IP Address is determined by whether or not the other controller is in transition to the Primary state Note For a Premium Hot Standby the two IP Addresses will be consecutive The following table shows the IP Address assignments Hot Standby State IP Address Primary Configured IP Address Standby Configured IP Address 1 Transition from Primary to Offline Configured IP Address if peer controller does not go to Primary Transition from Standby to Offline Configured IP Address 1 Note Offline Results depend on whether or not the other controller is detected to be in transition into the primary state If current IP is the configured IP address and the other PLC is in transition to Primary then IP address changes to IP address 1 IP Address Restriction Note Configuring ETY Do not use either broadcast IP Address or broadcast IP Address 1 to configure a ETY The Primary ETY and the Standby ETY IP addresses must be in the same network and subnetwork 35012068 00 November 2006 93 Configuring IP Address For continued Ethernet commun
109. larity when reading you can use the sign between bits Example 241111 11110r2411111111 in decimal 255 2 1110_0000 or 2 11100000 in decimal 224 A literal value in base 8 is used to represent an octal integer The base is determined by the number 8 and the sign The signs and are not allowed For greater clarity when reading you can use the sign between bits Example 843 770r 84377 in decimal 255 8 34_0 or 84340 in decimal 224 BCD is the abbreviation of Binary Coded Decimal format BCD is used to represent decimal numbers between 0 and 9 using a group of four bits half byte In this format the four bits used to code the decimal numbers have a range of unused combinations 35012068 00 November 2006 215 Glossary Example of BCD coding e the number 2450 e iscoded 0010 0100 0101 0000 BOOL BOOL is the abbreviation of Boolean type This is the elementary data item in computing A type variable has a value of either 0 FALSE or 1 TRUE A BOOL type word extract bit for example MW10 4 BYTE When 8 bits are put together this is called a BYTE A BYTE is either entered in binary or in base 8 The BYTE type is coded in an 8 bit format which in hexadecimal ranges from 16400 to 164FF D DATE The DATE type coded in BCD in 32 bit format contains the following information DATE AND TIM E DBCD e the year coded in a 16 bit field e the month
110. lashing 2 5 s ON 500 ms OFF Offline flashing 2 5 s OFF 500 ms ON OFF 2 0 No significant 35012068 00 November 2006 151 Maintaining 152 35012068 00 November 2006 Modifying and Upgrading At a Glance Purpose This part describes Modifying and Upgrading in a Premium Hot Standby System e Handling application Modification e Handling CPU OS Upgrade What s in this This part contains the following chapters 2 Parts Chapter Chapter Name Page 9 Handling Application Modification 155 10 Handling CPU OS Upgrade 161 35012068 00 November 2006 153 Modifying and Upgrading 154 35012068 00 November 2006 Handling Application Modification 9 Introduction Overview This chapter provides information about application modification in a Premium Hot Standby system What s in this This chapter contains the following topics 2 Chapter Topic Page Understanding Premium Hot Standby Logic Mismatch 156 Online Offline Modifications to an Application Program 157 35012068 00 November 2006 155 Handling application Modification Understanding Premium Hot Standby Logic Mismatch Needing In a fault tolerant redundant system and under normal operating conditions both Identical controllers must load the identical application program also called a logic program Application The application program
111. le presents a Primary ETY sync link failure Stages Description 1 The Primary CPU checks every scan the Monitored ETY status 2 After receiving a wrong status the Primary CPU sends a take control message to the Standby CPU through the CPU sync link before entering the Offline mode 3 Standby goes to Primary mode 35012068 00 November 2006 145 Maintaining Detecting Standby CPU and ETY sync link failures Standby CPU failure Standby ETY sync link failure The following table presents a Standby CPU failure Stage Description 1 A communication error occurs in the Primary Copro that manages the CPU sync link 2 The Primary Copro reports this error to the Primary CPU 3 The Primary CPU stays Primary and update the remote station status to Offline or Undefined into its status register The following table presents a Standby CPU failure Primary CPU is assumed to work fine Stage Description 1 A communication error occurs in the Standby monitored ETY that manages the ETY sync link 2 The Standby ETY reports error to the Standby CPU 3 The Standby CPU sends a message to the Primary CPU through the CPU sync link 4 If the Status is OK Primary stays acting as Primary and the Standby will go to Offline because disconnection on Standby side If the status is not OK it will send a take control to the Standby before entering Offline mode
112. les with HE10 2xn connectors Discrete outputs modules TSX DSY K Discrete output modules with HE10 2xn connectors Discrete inputs outputs modules TSX DMY K Discrete event reflex input output 2xn modules with HE10 connectors Discrete inputs modules TSX DEY Discrete input modules with screw terminal 2xn block Discrete outputs modules TSX DSY Discrete output modules with screw 2xn terminal block Preventa Safety modules TSX PAY Safety modules with screw terminal block 2xn and SUB D 16 channel modularity input ABE7 ACC11 Facilitate the wiring for the redundant 1 connection bases discrete input modules 16 channel modularity output ABE7 ACC10 Facilitate the wiring for the redundant 1xn connection bases discrete output modules Analog inputs outputs modules Analog inputs modules TSX AEY Analog inputs modules with screw terminal 2xn block or SUB D 30 35012068 00 November 2006 Compatibility Differences Restrictions Designation Reference Function Quantity Analog outputs modules TSX ASY Analog outputs modules with screw terminal block or SUB D 2xn CAUTION RISK OF EQUIPMENT DAMAGE The HSBY system operation is not guaranteed if other in rack redundant modules than the listed ones are used Failure to follow this instruction can result in injury or equipment damage 1 This card is accepted in the SCY PCMCIA slot and not in the
113. line Information available Processor name Processor version Hardware ID Network address PLC Memory Application Identification Name Creation Product Date Modification Product Date Version Signature Application Option Upload Information Comments Animation Table Section Protection Application Diagnostic Application Miscellaneous Forced Bits Hot Standby PLC Hot Standby Status Peer PLC Hot Standby Status Logic Mismatch between PLC and Peer PLC PLC Name CPU Sync Link Error Main Processor OS version Mismatch Co Processor OS version Mismatch Atleast One ETY do not have the minimum version V4 Monitored ETY OS version Mismatch Hot Standby Entire System State 76 35012068 00 November 2006 Configuring The following table presents the values in the Information Tab Bits Line Title String Displayed 1 and 0 PLC Hot Standby Status Values 0 and 1 Offline mode 1 and 0 PLC Hot Standby Status Values 1 and 0 Primary mode 1 and 0 PLC Hot Standby Status Values 1 and 1 Standby mode 3 and 2 Peer PLC Hot Standby Status Values 0 and 0 Undefined mode 3 and 2 Peer PLC Hot Standby Status Values 0 and 1 Offline mode 3 and 2 Peer PLC Hot Standby Status Values 1 and 0 Primary mode 3 and 2 Peer PLC Hot Standby Status Values
114. ling Analog Output module cabling For a analog input a signal duplicator can be used The following illustration displays an example of sensor cabling Primary Standby i gags XX ne Ala Ald Ald fl Signal Duplicator For analog output two low level switching interfaces can be used Telemecanique ABR 2EB312B The following illustration displays an example of actuator cabling A Primary B Standby E 1 TM ALJ ALJ ALJ ASV ASG ALJ ALJ ALS ASV ASG Operating inputs of the lt i switching interfaces Only one PLC acts on the operating input of the two low level switching interfaces PLC A in the above illustration In Primary mode the output bit is set to 1 In Standby mode the output bit is reset to 0 35012068 00 November 2006 59 Setting up Installing and Cabling The output bit must be managed in the section 0 of both PLC in the following way if bits 1 and 0 of SW61 are set to 1 and 0 this PLC running in Primary status e Then Output bit on DSY module set to 1 Analog Output of PLC B switched on actuator e Else Output bit on DSY module reset to 0 Analog Output of PLC A switched on actuator Note The DSY module has to be configured in fallback to 0 WARNING RISK OF UNINTENDED EQUIPMENT OPERATION AND EQUIPMENT DAMAGE Because the same ap
115. mal access to PLC A through terminal port or Modbus No access to PLC A through Ethernet link Normal access to PLC B through terminal port Modbus or Ethernet links for diagnostics The process is still active but the system is no longer redundant as long as the ETY module of the PLC A is in failed mode 551161 1000 0000 0010 0110 e The accessed PLC is PLC B primary e The other PLC is PLC A offline SW62 Not significant because one of the two PLC is Offline ETY Failure on Standby PLC The following table presents ETY failure hardware or firmware on the Standby Before the event In rack Discrete I O state PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed scanner is not active PLCB Standby DIG DIG IN JOU Ethernet 1 0 Scanner SCADA PLCA Primary PS CPU SCY DIG DIG PS IN OU Port Port SCP 114 1 114 Event Hardware or firmware failure on the Monitored ETY module that can manage Ethernet I O or Ethernet I O SCADA HMI This is not a critical event because there is no switch over Ethernet I O ad SCADA PLCA Primary PS il PLCB Standby DIG DIG
116. mation tab 2 The PLC screen tab appears automatically Note The dialogs illustrated here are depicted in offline mode When Unity Pro is connected to a PLC the information displayed in these tabs changes Viewing the Task Unity Pro Task tab dialog Tab PLC Screen TN ns DM Realtime clock Information Events Start reS tart Output Fallback State Warm restart Applied O utputs Disable all Number Cold start Output Fallback r Last Stop 35012068 00 November 2006 73 Configuring Task Tab Description Viewing the Realtime Clock Tab Description of the Task tab Item Option Value Description Events State Status information of events available Online Number XXX N A Activate or Disable all Click button Button to control the events Start reStart Warm Start Click button To initialize Warm Start Cold Start Click button To initialize Cold Start Output fallback Applied Outputs N A To Stop the Fallback mode Output Fallback N A To switch the outputs into Fallback mode Last Stop Read only e Day Indicates the day DD MM YY _ date time and cause e Time of the last controller stop Unity Pro Realtime clock tab dialog Be Q Task PLC Date and Time User Date and Time 12 00 00 AM Tuesday 01 J anuary
117. me 80 ms e Data state RAM unlocated variables 300 Kilobytes The following illustration displays the example 1 we runi Result mss e o 30 No impact on scan time data exchange 30 80 ms Note Input and Output driver scan time depends on type of I O and number of I O It s immaterial compared to the total scan time 42 35012068 00 November 2006 Behavior and Performances The following illustration displays the example 2 Result HSBY impacton scan time 40 ms 40 ms 1S uA JO aur UES 35012068 00 November 2006 43 Behavior and Performances 3 2 Performances of Premium Hot Standby Address Swap Times Description The following table details what the time for an Address swap comprises such as the time to close connections time to swap IP addresses or time to establish connections The following table shows the swap time for each of the Ethernet services Service Typical Swap Time Maximum Swap Time Swap IP Addresses 6 ms 500 ms Scanning 1 initial cycle of I O scanning 500 ms 1 initial cycle of I O scanning Global Data For swap times please see 500 ms 1 CPU scan the 840USE11600 Premium and Atrium using Unity Pro Ethernet Network Modules User Manual 35006192 Ox Client Messaging 1 CPU scan 500 ms 1 CPU scan Server Messaging 1 CPU sca
118. mmand Register 101 Understanding the Unity Status Register 103 Transferring User Data 106 Using Initialized 107 Synchronization of Real Time Clocks 108 Programming Debugging 109 Presentations cox set uos t ear ua Fe RARE aue EATER os 109 Development of an Application 111 Glance 4s cunctus siters eos Ere uU reus Vra eon 111 Programming Method 112 How to Program a Premium Hot Standby Application 116 35012068 00 November 2006 6 2 Chapter 7 7 1 7 2 Chapter 8 Part Ill Chapter 9 Chapter 10 Appendices Appendix A Siructure of Database 2 il o EX RYE Yer eee 118 Transferring the program in the Primary and the Standby 123 Be ASEM Bey et Pe RE ERE ES 124 Debugging eae DR ce REA 124 Operands seer oOINecubls ue eines 127 INtFOGUCHON usce s dde OL A ae iki ie pw CE Bas 127 Start Stop 129 Ata Glance Su ctae veis acteur DECRE ER 129 Starting the two 130 Stopping the P
119. n the time of the 500 ms the time of the client client reestablishment reestablishment connection connection FTP TFTP Server The time of the client 500 ms the time of the client reestablishment connection reestablishment connection SNMP 1 CPU scan 500 ms 1 CPU scan HTTP Server The time of the client 500 ms the time of the client reestablishment connection reestablishment connection 44 35012068 00 November 2006 Maintaining At a Glance Purpose This part describes five important processes in using a Premium Hot Standby System e Setting up Installing and Cabling e Configuring e Programming Debugging e Operating e Maintaining What s in this This part contains the following chapters 2 Part Chapter Chapter Name Page 4 Setting up Installing and Cabling 47 5 Configuring 65 6 Programming Debugging 109 7 Operating 127 8 Maintaining 141 35012068 00 November 2006 45 Maintaining 46 35012068 00 November 2006 Setting up Installing and Cabling 4 Introduction Overview What s in this Chapter This chapter provides an overview of setting up installing and cabling a Premium Hot Standby System This chapter contains the following topics Topic Page Setting Up the Premium Hot Standby 48 Mapping the Backplane Extension 51 Connecting Two Premium Hot Standby PLCs 56 Connecting In rack I O 58 Connecting E
120. n I O scanner is active e PLC B all connections with Ethernet devices closed I O scanner is not active Ethernet I O scanner SCADA PLCA Switch PLCB Primary i PS SCY DIG DIG IN JOUT Bis SCP Port 114 PS SCY DIG DIG IN Bs SCP Port 114 Global status Communication status Customer diagnostic through Ethernet address The process is still active butthe system is no longer redundant as long as the Ethernet I O link is disconnected on the PLC B side Normal access to PLC A through terminal port and Modbus link for diagnostics Normal access to PLC B through terminal port and Modbus link and Ethernet link for diagnostics If an HMI SCADA is connected to the switch diagnosis is no longer possible through Ethernet 551161 1000 0000 0000 0110 e The accessed PLC is PLC A primary e The other PLC is PLC B offline SW62 Not significant because one of the two PLC is Offline Scanner Disconnection on I O link The following table presents I O Scanner Disconnection on the I O link side the Monitored ETY is managing an I O Scanner Before the event In rack Discrete I O state e PLCA calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active e
121. n will be accepted by the PL7 Unity Pro converter Standby The features that are not supported by the Premium HSBY PLC will not be conversion converted errors signaled by the converter but the rest of the application will be converted After conversion the new Unity Pro application will require important modifications to fit to the Ethernet I O and new Premium HSBY features 26 35012068 00 November 2006 Compatibility Differences Restrictions Understanding System Words and System Bits Overview System Word SW60 System Word SW61 System Word SW62 63 64 65 In accordance with IEC standards Unity uses global objects called system Bits and system Words These Bits and Words are used to manage the states of the two PLCs System Word SW60 can be used to read from and to write to the Premium Hot Standby Command Register Note SW60 is described using the IEC convention System Word SW61 be used to read the contents of the Premium Hot Standby Status Register Note 551161 is described using the IEC convention System Words 5w62 63 64 65 are reverse registers reserved by the Reverse Transfer process These four reverse registers can be written to the application program first section of the Standby controller and are transferred at each scan to the Primary controller 35012068 00 November 2006 27 Compatibility Differences Restrictions U
122. nctions configuration programming Ethernet language objects see the Premium and Atrium using Unity Pro Ethernet Network User Manual 35006192 What s in this This section contains the following topics Section Topic Page Overview of Premium Hot Standby TSX ETY 87 ETY Operating Modes and Premium Hot Standby 90 IP Address Assignment 93 Network Effects of Premium Hot Standby 95 86 35012068 00 November 2006 Configuring Overview of Premium Hot Standby TSX ETY Please note Description of the Hot Standby Solution Because the user can configure several ETY modules in each PLC the Monitored ETY modules that are dedicated to the ETY sync link only one ETY module in each PLC have to be configured in Unity Pro The Monitored ETY is the ETY module that manages the ETY sync link ETY Hot Standby allows automatic IP address swapping The TSX ETYs coordinate the swapping of IP addresses After closing both the client and the server connections each TSX ETY sends a swap UDP message to its peer TSX ETY The sending TSX ETY then waits for a specified time out 50 ms for the peer swap of UDP messages Either after receiving the messages or after a time out the TSX ETY changes its IP address CAUTION RISK OF EQUIPMENT DAMAGE TSX ETYs must communicate with each other in order to swap IP Addresses You must connect the Primary and Standby TSX ETYs to the same switch because e Communicati
123. nderstanding Multitasking Restrictions General MAST TASK Asynchronous Events FAST TASK In a Premium Hot Standby the Standby controller is ready to assume the role of the Primary controller by having the same application loaded in the Standby and by receiving from the Primary once per scan a copy of the Primary s data During the scan there is a tight synchronization between the Primary and Standby Schneider Electric recommends using only MAST task to execute the application Program Using MAST task is consistent with the fact that data transfer is synchronized with the MAST task Using a Premium Hot Standby in a multitasking environment may cause data to change between scans Because in a multi tasking system events may occur asynchronously to the normal scan Those events may happen at a faster rate the same rate or at a slower rate The result is that data modified by these events can be changed during a transfer CAUTION RISK OF EQUIPMENT DAMAGE The use of a Fasttask driving dedicated outputs is not recommended because the output values are transmitted from the Primary to the Standby at the Mast task frequency Ensure that you both analyze your system needs and account for problems that may arise if you use Fast Failure to follow this instruction can result in injury or equipment damage 28 35012068 00 November 2006 Compatibility Differences Restrictions In r
124. nding Application Restrictions 34 Behavior and Performances 35 35 Behavior of Premium Hot Standby 37 Aba dae esae o cuta ete ES et eft 37 Premium Hot Standby with IEC 38 Understanding the Premium Hot Standby Data Base Transfer Process 39 Understanding System Scan Time in Premium Hot Standby 40 Performances of Premium Hot 44 Address Swap Times 44 35012068 00 November 2006 Part Il Chapter 4 Chapter 5 5 1 5 2 5 3 Chapter 6 6 1 Maintaining suas aka ia Gna tee ee 45 Ata Glance cible echoes ve Lodo i o a 45 Setting up Installing and Cabling 47 Introduction nee Eur Db perm eee eee heri 47 Setting Up the Premium Hot Standby 48 Mapping the Backplane 5 51 Connecting Two Premium Hot Standby lt 56 Connecting In rack VO z maai a gra ana nnne 58 Connecting Ethernet O 61 Connecting Modbus sssssseseeee een 62 Configuring RES 65 Introduction
125. ner SCADA PLCA Standby Ty PS Pu Er ScvppiG bic PS pu DIG DIG IN IN ou ETH SCP ETH SCPI Port 114 Port 114 G 7 Qu PLCB ETY Global status Communication status Customer diagnostic through Ethernet address 35012068 00 November 2006 207 System Detailed Behavior upon Failures No impact on the Hot Standby The 2 PLCs are System The process is still accessible through redundant If needed the customer terminal ports can request a switch over by setting Modbus links and a bit in the command register of the Ethernet links for Primary application if there is no diagnostics fault in the other PLC 951161 1000 0000 0000 1110 The accessed PLC is PLC A primary The other PLC is PLC B standby SW62 0000 0000 0000 0000 e Other PLC no fault Primary PLC error bit Y l0 x mod err of the 2 discrete modules set to 1 Hardware The following table presents hardware failure or removal of a digital module in the Failure Standby Standby PLC main or extendable rack Digital Module Before the event In rack Discrete I O state PLC A calculated and applied at end of task cycle PLC B PLC A output applied at end of task cycle Remote state I O scanner is active e PLC B all connections with Ethernet devices closed I O scanner is not active PLC A all connecti
126. nformation in this document is subject to change without notice and should not be construed as a commitment by Schneider Electric Title of Documentation Reference Number Premium and Atrium Using Unity Pro User Manual Available on Unity Pro documentation CD Telemecanique com web site 10 35012068 00 November 2006 About the Book Product Related Warnings User Comments Title of Documentation Reference Number Grounding and Electromagnetic Compatibility of PLC System Available on Unity Pro documentation CD Telemecanique com web site We welcome your comments about this document You can reach us by e mail at techpub schneider electric com 35012068 00 November 2006 11 About the Book 12 35012068 00 November 2006 Introduction At a Glance Purpose What s in this Part This part introduces the Premium Hot Standby System The content describes the hardware available the compatibility of Premium Hot Standby with PL7 systems and using IEC logic and Unity This part contains the following chapters Chapter Chapter Name Page 1 Overview 15 2 Compatibility Differences and Restrictions 25 3 Behavior and Performances 35 35012068 00 November 2006 13 Introduction 14 35012068 00 November 2006 Overview Introduction Overview In this chapter you
127. o 0 OS version mismatch not allowed 35012068 00 November 2006 163 Handling CPU OS Upgrade 164 35012068 00 November 2006 Appendices Appendices for Premium Hot Standby At a Glance The appendices for the Premium Hot Standby are included here What s in this The appendix contains the following chapters ix Appendix Chapter Chapter Name Page A Additional Information 167 B System Detailed Behavior upon Failures 175 35012068 00 November 2006 165 Appendices 166 35012068 00 November 2006 Additional Information Introduction Overview What s in this Chapter This chapter describes the design specifications and error codes This chapter contains the following topics Topic Page CPUs TSX H57 24M TSX H57 44M Specifications for Premium Hot Standby 168 TextlDs 174 35012068 00 November 2006 167 Additional Information CPUs TSX H57 24M TSX H57 44M Specifications for Premium Hot Standby Maximum configuration The following table presents the maximum configuration of the CPUs Services TSX H57 24M TSX H57 44M Local racks 12EX 4 6 8EX 8 16 Discrete I Os modules 1024 2048 Analog 1 05 modules 80 256 Experts modules 1 0 Ethernet modules 2 4 Other Networks modules 2 0 Open Field Bus modules Interbus Profibus 0 Sensor Bus modules As i 0 P
128. o PLCs CPU sync link it is mandatory to configure one Ethernet module in each PLC the two ETY modules must to be linked with an Ethernet cable with or without switches 35012068 00 November 2006 49 Setting up Installing and Cabling The following illustration displays a very simple Premium Hot Standby configuration Connection Connection block block PLC Primary A PLC Standby B J I e e A n Ave 1 2 3 4 5 6 7 CPU sync link ETY sync link Premium rack with line terminators Power supply Hot Standby processor TSX H57 24M or TSX H57 44M Communication module TSX SCY 21601 with Modbus PCMCIA TSX SCP 114 Discrete output module example TSX DSY 64T2K Discrete input module example TSX DEY 64D2K Hot Standby Ethernet module TSX ETY 4103 5103 Example ocn5oNvzo2 In case of power failure on the Primary PLC the Standby PLC will identify a communication error on the CPU sync link But this same communication error will also occur in the case of CPU sync link disconnection To distinguish between these two cases the Standby CPU requests from its local ETY module the status of the counterpart ETY module In case of fault the Standby diagnoses that the Primary is offline and becomes Primary The link between the two ETYs modules is called ETY sync link The two ETYs are called monitored ETYs The Monitored ETY modules can manag
129. of the Hot Standby configuration This status is given by The values of the Primary In rack output modules The input output values of all the remote devices The user application data located and unlocated and system data of the Primary PLC All instances of DFB and EFB data SFC states Some system bits and words To do this the two PLCs have to share a Database that is built automatically by the Primary PLC The following illustration displays information worked out by the Primary PLC Database EKO o i PLC A PLC B Primary Standby The Database is built automatically by the Primary PLC Operating System and sent at each Primary PLC cycle to the Standby PLC This exchange is performed via the embedded Ethernet coprocessor of the two HSBY PLCs The size of database is TSX H57 24M 180 kilobytes TSX H57 44M 428 kilobytes 118 35012068 00 November 2006 Programming Debugging Storage In rack I O management Three types of memory card are offered in Unity Premium range e Application e Application and data storage e Data storage The data storage area is a memory zone that can be used to backup and restore data in the memory card using specific EF in the application program The maximum size of this area is 8 MByte with TSX F 008M This memory zone is not part of the database exchange between the Primary A and the
130. ommand Register Standby On Logic The Standby On Logic Mismatch is only Mismatch in Offline Non transfer area Start AMW MWO to 99 Data are not transferred Length 80 35012068 00 November 2006 Configuring Configuring In rack I O Howto configure For configuring In rack I O discretes and analog refer to the following Unity Pro In rack I O user manuals e Premium and Atrium using Unity Pro Discretes I O modules user manual e Premium and Atrium using Unity Pro Analog Input Output user manual CAUTION RISK OF EQUIPMENT DAMAGE To prevent the freeze of discrete output bits when one on the two PLCs fails you must configure output modules in fallback mode to 0 This configuration mode is mandatory when output modules are cabled in parallel with ABE7 ACC1x connection blocks Failure to follow this instruction can result in injury or equipment damage 35012068 00 November 2006 81 Configuring Configuring the PCMCIA Cards Configuring with Unity Pro Allocating memory to the memory card Step Action 1 If not opened open the X Bus configuration editor 2 Go to the local bus in the Structural View of the Project Browser 3 Bus and executing right click Open A graphical representation of the local bus appears Open the local bus either by double clicking on the X Bus or by selecting the X Point to and select either PC Card A slot 1 or PC Car
131. on Premium Modicon Quantum Modicon M340 and Modicon Atrium PLCs It provides several tools for application development including Project browser Configuration tool Data editor Program editor The configuration tool is used to Create modify and save the elements used to configure the PLC station Set up the application specific modules including the station Diagnose the modules configured in the station Control the number of application specific channels configured in relation to the capacities of the processor declared in the configuration e Assess processor memory usage 68 35012068 00 November 2006 Configuring Accessing the Base Configuration Accessing with Unity Pro After starting Unity Pro go to the X Bus in the Structural View of the Project Browser Step Action 1 Open the X Bus configuration editor either by double clicking on the X Bus or by selecting the X Bus and executing right click Open A graphical representation of the local bus appears in the configuration editor 2 Select the Premium Hot Standby CPU module and right click The context menu appears Bus 0 TSX H57 24M v Cut Copy Paste Delete Module Open Module Move Module Replace Processor Power Supply and IO Budget 3 Select
132. on failures between the TSX ETYs increases the time to swap e Connecting two TSX ETYs to the same switch minimizes the probability of a communication failure Failure to follow this instruction can result in injury or equipment damage Note Schneider Electric recommends that a switch not a hub is used to connect the TSX ETYs to each other or to the network Schneider Electric offers the ConneXium range of Industrial Ethernet switches please contact a local sales office for more information The TSX ETY waits for either a change in the controller s Hot Standby state or the swap of UDP messages Then the TSX ETY performs one of two Hot Standby actions If the TSX ETY 1 Detects that the new Hot Standby state is either primary or standby The TSX ETY changes the IP address 2 Receives a swap UDP message The TSX ETY transmits a Swap UDP message and swaps the IP address 35012068 00 November 2006 87 Configuring All client server services I O Scanner Global Data Messaging FTP SNMP and HTTP continue to run after the switch over from the old to the new Primary TSX ETY Note Failure of the Monitored ETY is a condition for the Primary system to leave the Primary state Failure of anon Monitored ETY is not a condition for the Primary system to leave the Primary state A CAUTION RISK OF EQUIPMENT DAMAGE Failure of a non Monitored ETY has to be managed by the application program
133. ons with Ethernet devices are open Ethernet 1 0 Scanner SCADA PLCA Qu PLCB Primary Standby PS CPU ETY SCY DIG DIG PS CPU ETY SCY DIG DIG IN JOU IN JOUT ETH SCP ETH SCP Port 114 Port 114 Q4 Event Hardware failure or the module is removed from the X BUS rack of a digital module This is not a critical event because there is no switchover Ethernet I O SCADA PLCA Qu PLC B Primary Standby PS CPU ETY DIG es CPU TETY DIG IN IN Jour ETH SCP ETH SCP Port 114 Port 14 1 After the event In rack Discrete I O state PLC A calculated and applied at end of task cycle e PLC B PLC A output applies at end of task cycle Remote state I O scanner is active e PLC B all connections with Ethernet devices closed I O scanner is not active PLC A all connections with Ethernet devices are open Ethernet I O scanner n SCADA PLCA g 9H PLCB Primary Standby PS CPU ETY SCY DIG DIG PS ETY SCY DIG DIG A il OUT a OUT ETH SCP ETH SCP Port 114 Port 114 1 208 35012068 00 November 2006 System Detailed Behavior upon Failures Before the event Global status Communication status Customer diagnostic through Ethernet address No impact on the Hot Standby System The process is still redundant The
134. ontroller A to RUN mode 1 Sets Controller B to OFFLINE mode 0 _ Sets Controller B to RUN mode 1 OS versions Mismatch 5x 3133 2 10 MES 6050 4 EM 2 1 0 Controller A OFFLINE RUN mode e 551160 1 1 Controller A goes to Run mode e 5W60 1 0 Controller A goes to Offline mode Controller B OFFLINE RUN mode e 551160 2 1 Controller B goes to Run mode e 5W60 2 0 Controller B goes to Offline mode 35012068 00 November 2006 101 Configuring System Word SWE60 4 OS Versions Mismatch e SW60 4 1 If OS Versions Mismatch with Primary PLC Standby stays in standby mode e 5W60 4 0 If OS Versions Mismatch with Primary Standby goes to Offline mode Firmware OS Mismatch This relate to main processor OS version embedded OS version monitored ETY OS version and enables e a Hot Standby system to operate with different versions of the OS running on the Primary and Standby 102 35012068 00 November 2006 Configuring Understanding the Unity Status Register Bits in the Hot The Hot Standby Status Register is a readable register located at system word Standby Status SWE61 and is used to monitor the current machine status of the Primary and Register Standby Both the Primary and the Standby Offline have their own copy of the Status register The Status register is not tran
135. ors 160 254 Breakpoint One single Bkpt One single Bkpt Step by step Into over and out Yes Yes Variable animation e End of Mast e Watch Point e End of Mast e Watch Point Link animation Yes Yes Debugging the application must be carried out on one PLC automatically Primary This PLC is 124 35012068 00 November 2006 Programming Debugging Debugging the Debugging the application must be carried out with the Premium Hot Standby redundancy part System The debugging tools proposed by Unity Pro must not be used example the step by step They may introduce malfunctions into the Premium Hot Standby architecture We advise you to proceed as follows e Static verification Check that e The application restrictions have been applied e The MAST task characteristics have been configured properly e Dynamic verification After each PLC has been made live application already transferred check that the redundancy function is correctly performed in each PLC the bit SW61 X15 is equal to 1 The Hot Standby Premium being in the nominal functioning mode confirm that e All the sections are executed on the Primary PLC e Only the first section is executed in the Standby PLC Non Transfer A fixed size of MW is transferred from the Primary to the Standby These MW Area are from offset O to offset 99 35012068 00 November 2006 125 Programm
136. ote I O state PLC A all connections with ethernet devices are open I O scanner is active PLC all connections with ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA PLCA Primary PS ETY SCY DIS pis JPS CPU ETY IN JOUT ETH SCP ETH Port 114 Port Qu PLCB Standby SCY DIS 015 IN JOUT SCP 114 Q4 Event HALT instruction Watch dog overflow Program execution error division by 0 overflow etc with 96878 1 e STOP command This is a critical event because an automatic switch over occurs Ethernet 1 0 scanner SCADA PLCA Q Qu PLCB Primary Standby PS CPU ETY SCY DIS DIS PS CPU ETY SCY DIS DIS IN JOUT IN ETH SCP ETH SCP Port 114 Port 114 1 After the event In rack Discrete I O state PLC A fallback position PLC B calculated and applied at the end of the task cycle Remote state PLC A all connections with Ethernet devices are closed I O scanner is not active PLC B all connections with Ethernet devices are open I O scanner is active Ethernet I O scanner SCADA SCY DIs Dis IN Jour DIS DIS PS CPU ETY IN JOUT SCP ETH SCP 114 Port 114 PLCB Primary PLCA Qu Offline Communication status Global status Customer diagnostic through Ethernet addres
137. other If the Standby does not receive a message on either link the Standby will try to determine the cause of the failure and assumes control if necessary If the Primary does not receive a valid response from the Standby the Primary will operate as if there was no back up available as if the Primary were a standalone The system automatically performs two kinds of confidence tests on the Premium Hot Standby CPU e Startup tests e Runtime tests Startup confidence testing on the Premium Hot Standby PLC with Unity Copro attempt to detect hardware errors in the module before the application is allowed to run If the module fails any of its tests it will remain offline and will not communicate with the other Premium Hot Standby PLC Run time tests are related to the interface between the main processor and the Ethernet embedded coprocessor of the Premium Hot Standby CPU If the coprocessor fails the Premium Hot Standby CPU remains Offline and will not communicate with the other CPU 142 35012068 00 November 2006 Maintaining Detecting and Diagnosing Failures in a Premium Hot Standby Important Please note information It Then Component of Primary fails Control shifts to Standby Component of Standby fails Standby goes offline CPU sync link fails Standby goes offline Finding Errors and switch overs are logged in the diagnostic buffer To view the log Diagnostic
138. plication is running in both PLCs the above sequence is the same in PLC A and PLC B You must execute at each PLC cycle in Standby mode first section If not the Output bit of the Standby PLC reset to 0 in the above example will be forced to 1 that is the value coming from the Primary PLC Failure to follow this instruction can result in death serious injury or equipment damage 60 35012068 00 November 2006 Setting up Installing and Cabling Connecting Ethernet I O Ethernet I O cabling As described before the link between the two monitored ETY modules ETY sync link is used to transfer information to diagnose the Hot Standby system It can also be used to manage Ethernet I O devices by configuring an Ethernet I O scanner in each monitored ETY The following I O scanner architectures can be used e Low level architecture a standard Ethernet switch connected to the Ethernet I O devices e High level architecture several Ethernet ring switches connected to the Ethernet devices For using hubs or switches in different network topologies like star tree or ring refer to ConneXium catalog and Transparent Ready technical publications 35012068 00 November 2006 61 Setting up Installing and Cabling Connecting Modbus Modbus Slave link on RS485 two wires The Modbus Slave function is used from the card PCMCIA TSX SCP 114 This may be located only in the module TSX SCY
139. ply of one of the PLCs makes it applications possible to guarantee which PLC will be the Primary PLC when the two PLCs are made live simultaneously During this process the PLC which has the time lag relay in its supply cabling will be the Standby PLC If there is no time lag relay the choice of Primary Standby depends on the copro MAC address The PLC with the lowest MAC address becomes the Primary PLC A The other one becomes the Standby PLC B A CAUTION RISK OF EQUIPMENT DAMAGE In case of CPU replacement the identification A B of the 2 PLCs can be inverted Respect this specially if the application requires a strong link between the geographical position of each PLC and its identification Failure to follow this instruction can result in injury or equipment damage 130 35012068 00 November 2006 Operating MAC Address Examples of two MAC Addresses The MAC address visible on the front panel of the PLC is a 48 bit number written in hexadecimal notation 6 pairs of 2 digits The digits used to represent numbers using hexadecimal notation are 0 1 2 3 4 5 6 7 8 9 A B C D E and F Rules to compare two MAC addresses e The two MAC addresses must be compared from left to right e As soon as there are different digits in the same position in each MAC address the higher MAC address is the one where the digit is higher First example e MAC1 00 80 F4 01 6E E1 e MAC 00 80
140. program processing CAUTION RISK OF EQUIPMENT DAMAGE When actuators are managed locally in each PLC the output values must be evaluated in the section 0 at each PLC scan If not the Standby output value will be erased by the value coming from the Primary PLC Failure to follow this instruction can result in injury or equipment damage 122 35012068 00 November 2006 Programming Debugging Transferring the program in the Primary and the Standby Transferring the Transfer the program to the Primary CPU program e Connect the PC to USB plug or Uni Telway e Use the Unity Pro command PLC Transfer program to PLC Transfer the program to the Standby CPU e Connect the PC to USB plug or Uni Telway e Use the Unity Pro command PLC Transfer program to PLC 35012068 00 November 2006 123 Programming Debugging 6 2 Debug Program Debugging Introduction Debug and Diagnostic Debug the control command of the procedure An application for a Premium Hot Standby PLC integrates the control command part of the procedure like a non Hot Standby PLC It doesn t integrate any specific function blocks relating to the redundancy The following table presents Debug and Diagnostic operations on CPUs Diagnostic TSX H57 24M TSX H57 44M Diagnostic Function Block Yes Yes Diagnostic Buffer Yes Yes Diag buffer Max buffer 16K8 25K8 characteristics size Max err
141. r example to a hardware or firmware failure on the Monitored ETY module When one of the following actions is done on the command register sw60 bits 1 and 2 it generates a change of state of the two PLCs as it is shown in the right part of the following illustration 9699W60 1 5 60 2 0 0 0 1 1 0 1 1 HSBY status after action on SW60 PLCB Standby Primary PLCA PLCB Offline Standby Primary PLC A PLC B Primary Offline PLC A PLC B Primary Standby When the action is done the two bits are automatically set to 1 by the system 136 35012068 00 November 2006 Operating Example of Before the action SW60 the status are Switch over with e The two Bits are at 1 default value set by the system PLC B in Offline e The PLC Ais Primary mode e The PLC B is Offline The following illustration is an example of Switch over with the PLC B in Offline mode PLCA PLCB Primary Offline PLCA PLCB 96SW60 1 96SW60 2 Offline Offline 0 0 0 1 HSBY status after 1 0 action on SW60 1 1 rd PLCA PLCB Primary Offline PLCA PLCB Primary Offline When the action is done the two bits are automatically set to 1 by the system 35012068 00 November 2006 137 Operating Switch over on Primary failure
142. remium Hot Standby 132 Switchover vios svlu cl dee oe ba ee ae Pee ae ee ed 133 AtaGlance PELLIT 133 Operating modes 134 Conditions for Switch 136 Maintaining 141 INtrOOUCTION be cct ere eL eee citet 141 Verifying the Health of a Premium Hot Standby 142 Detecting and Diagnosing Failures in a Premium Hot Standby 143 Detecting Primary CPU and ETY sync link 145 Detecting Standby CPU and ETY sync link failures 146 Detecting CPU sync Link 147 Checking for Identical Application Programs Checksum 148 Replacing a Faulty Module 149 Troubleshooting a Hot Standby 150 Modifying and Upgrading 153 Ata Glance Rp ee UE REX RE UP EUR Ed 153 Handling Application Modification 155 INTRODUCTION N e 155 Understanding Premium Hot Standby Logic Mismatch 156 Online Offline Modifications to an Application Program 157 Handling CPU OS Upgrade 161 Introduction s isn ci p Ged EAD Ree
143. rnet I O images e Retrieves diagnostic information from the Primary PLC e Manages own diagnostic information and the information from the Hot Standby Premium system e Monitors health of Power Supply CPU and In rack modules The PLC in Offline mode does not perform application program and I O management Offline is mainly a fault state when the PLC can t be neither a Standby nor a Primary PLC The first section section 0 is executed by both Primary and Standby PLC At the beginning of the first section it is recommended to test the state of the PLC by checking the SW61 status register bits 0 and 1 When the PLC is in Standby mode it is recommended to check the In rack modules health informations by using implicit objects for example lx y mod err and explicit objects This health information can be summarized in the four reverse registers that are transferred at each scan to the Primary CAUTION RISK OF EQUIPMENT DAMAGE Actuators that are connected in parallel on two output modules are only managed by the Primary PLC refer to the Programming Method section for more details They must not be written in the section 0 of the Standby PLC Failure to follow this instruction can result in injury or equipment damage 114 35012068 00 November 2006 Programming Debugging It is also possible to manage actuators locally in both PLC In this case actuators are not connected in parallel on two output module
144. rocess channels 10 20 Process loops 30 60 e 1 motion weighing counting stepper e 2 Modbus Fipway For Premium Atrium this is the maximum number of channel supported Note The Ethernet port for the CPU sync link is a point to point connection dedicated to the Premium Hot Standby database exchange 168 35012068 00 November 2006 Additional Information Program and The following table presents the Programme and Data Memory capacity of the Data Memory CPUS capacity Services TSX H57 24M TSX H57 44M Maximum application size in Internal SRAM 192 kilobytes 440 kilobytes Program data Ets 1 symbols OLC Maximum application size in Program 768 kilobytes 2048 kilobytes PCMCIA Ets symb in PCMCIA Max On 256 kilobytes 512 kilobytes line modif area PLC Data in 192 kilobytes 440 kilobytes internal SRAM Maximum data storage size Legacy 8 Mbytes 16 Mbytes only in PCMCIA EFs DOS Files Not available Not available SRAM Located data MW Max 32464 Default 1024 Min 0 Located data M Max 8056 32634 Default 512 Min 0 Located data KW Max 32760 Default 256 Min 0 Located data SW 168 Located data S 128 Unlocated data max size 2 No limit 3 e EDT DDT e EFB DFB 35012068 00 November 2006 169 Additional Information Services TSX H57 24M TSX H57 44M e 1
145. s 178 35012068 00 November 2006 System Detailed Behavior upon Failures Both PLCs are accessible through terminal ports Modbus and Ethernet links for diagnostics The process is still active but the HSBY system is no longer redundant as long asthe PLC Ais in HALT or STOP mode SW61 1000 0000 0010 0110 e the accessed PLC is PLC B primary e the other PLC is PLC A offline SW62 Not significant because one of the two PLC is Offline or Not Responding Halt or Stop on Standby PLC The following table presents Halt or Stop events on Standby PLC Before the event In rack Discrete I O state e PLCA calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state PLC A all connections with ethernet devices are open I O scanner is active e PLC B all connections with ethernet devices closed I O scanner is not active Ethernet I O scanner SCADA PLCB PS CPU SCY DIS DIS IN JOUT fe SCP Port 114 PLC A SCY DIS DIS IN JOUT 114 Event e HALT instruction e Watch dog overflow Program execution error division by 0 overflow etc with 96878 1 e STOP command This is not a critical event because there is not switch over Ethernet I O scanner SCADA 4 Switch PLCA PLCB Primary Standby PS CPU SCY DIG 016
146. s but directly to one output module in each PLC CAUTION RISK OF EQUIPMENT DAMAGE When actuators are managed locally in each PLC the output values must be evaluated in the section 0 at each PLC scan If this is not done the Standby output value will be erased by the value coming from the Primary PLC Failure to follow this instruction can result in injury or equipment damage 35012068 00 November 2006 115 Programming Debugging How to Program a Premium Hot Standby Application Processor The MAST task must be defined in the Periodic Cycle configuration The period should take into account the requirement time for redundancy The following table presents the characteristic MAST tasks on Processor Characteristics TSX H57 24M TSX H57 44M Max period ms 255 Default period ms 20 Min period ms 1 0 to cyclic Period increment ms 1 Period Time Base 1 10ms 10 Period Time Unit 20 Max Watchdog ms 1500 Default Watchdog ms 250 Min Watchdog ms 10 Watchdog increment ms 10 WD Time Base ms 1 WD Time Unit 250 Event and Ethernet I O counting modules are compatible with a Hot Standby configuration but counting they have to be used carefully It is impossible to guarantee that counting pulses are restrictions taken into account mainly at switch over time More generally events management is not recommended in a Hot standby
147. s the abbreviation of Analog Input data type and is used when processing analog values The 1w adresses for the configured analog input module which were specified in the I O component list are automatically assigned data types and should therefore only be occupied with Unlocated Variables 35012068 00 November 2006 213 Glossary ANL OUT ANL OUT is the abbreviation of Analog Output data type and is used when processing analog values The Mw adresses for the configured analog input module which were specified in the I O component list are automatically assigned data types and should therefore only be occupied with Unlocated Variables ANY There is a hierarchy between the different types of data In the DFB it is sometimes possible to declare which variables can contain several types of values Here we use ANY xxx types The following diagram shows the hierarchically ordered structure ANY ANY ELEMENTARY ANY MAGNITUDE OR BIT ANY MAGNITUDE ANY NUM ANY REAL REAL ANY INT DINT INT UDINT UINT TIME ANY BIT DWORD WORD BYTE BOOL ANY STRING STRING ANY DATE DATE AND TIME DATE TIME OF DAY EBOOL ANY DERIVED ANY ARRAY ANY ARRAY EDT ANY ARRAY ANY MAGNITUDE ANY ARRAY ANY NUM NY ARRAY ANY REAL ANY ARRAY REAL NY ARRAY ANY INT ANY ARRAY DINT ANY ARRAY INT ANY ARRAY UDINT ANNY ARRAY UINT ANY ARRAY TIME ANY ARRAY ANY BIT ANY ARRAY DWORD ANY ARRAY WORD ANY ARRAY BYTE
148. sferred from Primary to Standby Each PLC must maintain its local Status Register based on the regular communication between the two controllers The following illustration identifies the operating options provided by the Status Register This PLC in Offline status 0 1 This PLC running in Primary status 1 0 This PLC running in Standby status 1 1 Peer PLC in undefined mode 0 0 Peer PLC in Offline mode 0 1 Peer PLC running in Primary mode 1 0 Peer PLC running in Standby mode 1 1 No logic Mismatch between PLC and Peer PLC 0 Logic Mismatch between PLC and Peer PLC 1 This PLC set as Unit A 0 This PLC set as Unit 17 CPU sync link OK 0 CPU sync link NOK 1 No main processor OS version Mismatch 0 Main processor OS version Mismatch 17 No Copro OS version Mismatch 0 Copro OS version Mismatch 17 15 14 13 121111109 87 6 5 4 3 2 1 0 0 All ETY have the minimum version 1 Atleast one ETY do not have minimum version 0 No Monitored ETY OS version Mismatch 1 Monitored ETY OS version Mismatch 0 The Hot Standby has not been activated 1 The Hot Standby is active 35012068 00 November 2006 103 Configuring System Words SW61 0 to SW61 3 System Word SW61 4 System Word SW61 5 System Word SW61 6 System Word SW61 7 These four bits display t
149. sk cycle e PLC B PLC A output applied at end of task cycle Remote I O state I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active PLC A all connections with Ethernet devices are open Ethernet I O scanner SCADA PLCA PLCB Primary Standby PS CPU ETY SC JDIG DIG PS F DIG Y JOU IN JOU ETH SC i4 Port i pL LL D DI gg Event Power failure on an extendable rack The status of the Hot Standby system does not change Ethernet 1 0 scanner SCADA PLCB Standby PS CPU li DIG IN JOU fe Port ll PLC A Primary i Port Switch S CY DIG DIG IN JOU a After the event In rack Discrete I O state e PLCA main rack processed normally e PLC A ext rack powered off e PLC B PLC A output applied Remote I O state I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active PLC A all connections with Ethernet devices are open PLC A Primary Communication status Global status Customer diagnostic through Ethernet address 35012068 00 November 2006 187 System Detailed Behavior upon Failures Both PLCs are accessible through terminal ports Modbus The process is still active but with some Discrete I O that is not processed If needed the customer can request a swit
150. stic information by managing PLC states module bits in the first section of his application depending on the process requirements This diagnostic information can be stored in non transfer Mw area To report this diagnostic information from the Standby to the Primary PLC it can be copied to the reverse transfer registers sSw62 SW65 The following pages describe different cases of failures that can occur in a Hot Standby system with an example of configuration The referenced configuration is e PLC A and PLC B with the following modules Power supply PS Hot standby processor in slot 0 Monitored ETY module in slot 2 Ethernet communication in slot 3 Modbus communication SCY with SCP 114 in slot 4 In rack Discrete module DIS IN and DIS OUT in slot 5 and 6 e Only one switch for simplified schema to insure connection between Ethernet O scanner and SCADA or HMI e CPU sync link between the two CPU 176 35012068 00 November 2006 System Detailed Behavior upon Failures Standby Reverse Register The following illustration displays an example of configuration PLCA PLCB e 1 5 1 l CPU sync link ___ ees Modbus link san Moo a HMI Scada I O scanning link 10 scanning ink ETV sync link m Ethernet devices Extended rack Extende
151. switch over PLCA Primary PS fk DIG DIG IN JOU i Port 114 Ethernet I O scanner SCADA ETT 1 PLCB Standby IN JOU PS m DIG SCP Port 114 After the event In rack Discrete I O state e PLC A Fallback position e PLC B Calculated and applied at end of task cycle Remote I O state PLC A all connections with Ethernet devices are open scanner is not active e PLC B all connections with Ethernet devices are closed I O scanner is active PLC A Offline PS CPU ii DIG DIG IN JOU Port 114 Ethernet I O scanner SCADA PLC B Primary IN PS DIG SCP Port 114 OU Global status Communication status Customer diagnostic through Ethernet address 35012068 00 November 2006 205 System Detailed Behavior upon Failures Before the event The process is no longer active and the Hot Standby system is no longer redundant as long as the switch remains failed The 2 PLCs are accessible through terminal ports and Modbus links for diagnostics If an HMI SCADA is connected to the failed switch diagnosis is no longer possible through Ethernet SW61 1000 0000 0010 0110 e The accessed PLC is PLC B primary e The other PLC is PLC A offline SW62 Not significant because one of the two PLC is Offline 206 35012068 00 November 2006 System Detaile
152. switch over The following material describes handling network addresses at Switch over When used in a Premium Hot Standby System the Ethernet TCP IP network modules TSX ETY 4103 5103 support address swapping at switch over The HSBY ETY module configured to I O scan shared Ethernet I O supports IP Address swapping of SCADA HMI systems Ethernet I O read write diagnostics and PLC switch over Note IP Address nnn nnn nnn 255 reserved to broadcast messages The user must not configure the Primary address as nnn nnn nnn 254 which would cause Standby IP address to be nnn nnn nnn 255 If this occurs the ETY will return the diagnostic code Bad IP configuration Prior to a switch over event the Primary and Standby HSBY ETYs must be represented by one unique IP Address The following table presents the unique IP Address IP address for System A in Primary mode System B in Standby mode System A in Standby mode System B in Primary mode Before Switch over After Switch over HSBY ETY 1 IP1 IP1 1 IP1 1 IP1 HSBY ETY 2 IP2 IP2 1 IP2 1 IP2 HSBY ETY 3 IP3 IP3 1 IP3 1 IP3 HSBY ETY 4 IP4 IP4 1 4 1 IP4 Note All the ETY modules that are present in a Hot Standby PLC will swap the IP address at switch over 84 35012068 00 November 2006 Configuring Handling When a Premium Hot Standby configuration is in a nominal mode the TSX S
153. tablishes the connection with each I O devices It restarts the repeat exchange of data with these re connections The TSX ETY 4103 5103 provides the I O scanning feature Configure using Unity Pro software CAUTION SCANNING AND SWITCH OVER WITH CRITICAL APPLICATIONS The Ethernet output devices must be configured with the Hold last value state to guarantee the continuity of the control during a switch over This configuration has to be done with the configuration tool that is provided with the Ethernet device The following Ethernet I O scanning considerations during a switch over e Ifa communication function block is used for TCP IP the block will not complete its transaction e While the ETY is in the process of performing the transaction a new communication function block may become active e The input states of the scanned I Os will follow the state defined in the last value option configured in the I O scanning table of the ETY module in Unity Pro software These two states are either e Setto 0 e Hold last will be set in the I O scanner For the Ethernet output devices that only support the set to zero position a pulse may appear during the switch over Failure to follow this instruction can result in injury or equipment damage CAUTION RISK OF EQUIPMENT DAMAGE To guarantee a proper operation in the system do not configure multiple ETY module to I O scan the same I O device or IP ad
154. ted by the Premium Hot Standby state than before the Stop HSBY State Status of ETY Services Client Services Client Server Services Server Services I O Scanner Global Data Modbus FTP SNMP HTTP Messaging Not powered Run Run Run Run Run Run up to power up Primary Run Run Run Run Run Run Standby Stop Stop Run Run Run Run Offline Stop Stop Run Run Run Run The following steps describe how ETYs coordinate the Hot Standby switch over PLC ETY A is the Primary and the PLC ETY B is the Standby Step Action 1 A switch over event occurs System A CPU commands HSBY ETY A to switch to the Offline mode 2 System A CPU informs System B CPU that a switch over event has occurred and it is to become the Primary System B CPU commands HSBY ETY B to become the new Primary System A HSBY ETY initiates an exchange of UDP messages with System B HSBY ETY to coordinate the IP address switch over 35012068 00 November 2006 91 Configuring Hot Standby The following illustration displays a switch over event Switch over p Illustration 4 C E C E PIT P T U Y U Y 1 3 UDP Msgs C System A System B 92 35012068 00 November 2006 Configuring IP Address Assignment Configuring the The ETY TCP IP address has to be configured in Un
155. ted pair cables refer to the ConneXium catalog and technical publications 56 35012068 00 November 2006 Setting up Installing and Cabling Fiber cable For more details on fiber optic cables refer to the ConneXium catalog and technical publications 35012068 00 November 2006 57 Setting up Installing and Cabling Connecting In rack I O Sensor Actuators cabled to modules in the rack Each sensor and actuator is connected in parallel on two input or output modules The following illustration displays the Sensor Actuators cabled Input module Input module Output module Output module PLCA PLCB PLCA PLCB TELEFAST connection block TELEFAST connection block 11 accio 1 connection E 3 connection block block Sensors Actuators 1 ABF H20H008 0 08 m 3 15 in 2 TLX 053 or TLX CDP 03 The cabling for the sensor or actuator is standard and is used according to the TELEFAST terminal block selected The terminal blocks ABE7 ACC10 and ABE7 ACC11 have a modularity of 16 channels They are completely passive and equipped with anti return diodes on each of the channels The following illustration displays the terminal block ABE7 ACC1X The authorized input output modules are modules with positive logic equipped with HE 10 connectors 58 35012068 00 November 2006 Setting up Installing and Cabling Analog Input module cab
156. that use in rack I O for applications that can support this kind of pulse Failure to follow this instruction can result in death serious injury or equipment damage 35012068 00 November 2006 139 Operating 140 35012068 00 November 2006 Maintaining Introduction Overview This chapter provides information about Maintaining a Premium Hot Standby System What s in this This chapter contains the following topics Chapter Topic Page Verifying the Health of a Premium Hot Standby 142 Detecting and Diagnosing Failures in a Premium Hot Standby 143 Detecting Primary CPU and ETY sync link failures 145 Detecting Standby CPU and ETY sync link failures 146 Detecting CPU sync Link Failures 147 Checking for Identical Application Programs Checksum 148 Replacing a Faulty Module 149 Troubleshooting a Hot Standby PLC 150 35012068 00 November 2006 141 Maintaining Verifying the Health of a Premium Hot Standby Generating and Sending Health Messages Performing Automatic Confidence Tests Conducting Startup Tests Conducting Run Time Tests Health messages are exchanged between the Primary PLC and the Standby PLC If the Primary has an error the Standby is notified and assumes the Primary role If the Standby has an error the Primary continues to operate as a standalone The Monitored ETY modules periodically verify communication with one an
157. that manages an I O scanner ring 5 Discrete Input module example TSX DEY 64D2K Discrete Output module example TSX DSY 64T2K 7 Analog Input module example Low level isolated Inputs termocouples temperature probes TSX AEY 414 8 Analog Output module example Isolated Output s TSX ASY 410 20 35012068 00 November 2006 Overview Modbus components Items Description 9 Communication module TSX SCY 21601 with Modbus PCMCIA TSX SCP 114 10 XBus 11 Ethernet Switch 12 Ethernet and SCADA Bus 2 13 Ethernet and SCADA Bus 1 14 CPU sync Link 15 Ethernet Ring Switch 16 Modbus RS485 cable 17 Modbus Gateway example TSX ETG 1000 A Modbus TCP device can be e STB e OTB e Momentum I O e ATV61 e XBTG e XBT GT e Premium A Modbus slave can be STB OTB ATV31 TEsysU 35012068 00 November 2006 21 Overview Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M Components Display Block Memory extract button Cold start Reset Button The display Block provides the following informations e ERR faults relating to the processor module e RUN program execution states and Hot Standby mode e faults on another station module or configuration fault e TER activity on the Terminal port The following illustration presents the Display block This button is not used This button forces a cold start of the PLC 22
158. thernet I O 61 Connecting Modbus 62 35012068 00 November 2006 47 Setting up Installing and Cabling Setting Up the Premium Hot Standby Overview Mapping the Backplane Extensions Connecting Two Standby CPUs Schneider Electric is a leader in fault tolerant redundant systems Hot Standby Setting up a Premium Hot Standby System involves a number of processes summarized in the following paragraphs here and explained in detail in other chapters of this document A Premium Hot Standby System requires two backplanes You must map the two backplanes in an identical manner with e Mandatory module e Premium rack with line terminators e Hot Standby processor TSX H57 24M or TSX H57 44M e Power Supply Module e One TCP IP Ethernet communication module TSX ETY 4103 5103 e Optional module e Extension racks with power supply e Bus Xremote rack master module TSX REY 200 e Other TCP IP Ethernet communication module TSX ETY 4103 5103 configured as Monitored ETY e Modbus communication module TSX SCP 114 in TSX SCY 21601 e Discrete Analog input module e Discrete Analog output module Note The sequence of the modules on the backplane is not predefined but the sequence of the modules on the backplanes of the Primary and the Standby must be identical Otherwise a Premium Hot Standby System will not be redundant because the standby will go to Offline The link between the two Pr
159. ting indicates that Ethernet device is set up correctly and working 35012068 00 November 2006 105 Configuring Transferring User Data General Transferred Hot Standby Status Information Database Data storage To enable the Standby to take over control from the Primary the Hot Standby configuration status is sent from the Primary to the Standby via a database The Hot Standby status information that will be transferred includes e Primary in rack output module values including forcing values e Input output values of all remote devices e User application data located and unlocated e System data of the Primary PLC e All instances of DFB and EFB data e SFC states e System Bits and Words The Database is built automatically by the Primary PLC Operating system transparent to the customer application no use of specific language instruction for database exchange and sent at each Primary PLC cycle to the Standby PLC This exchange is performed via the embedded Ethernet coprocessor of the two Hot Standby PLCs and the CPU sync link The size of the database is approximately e 180 kilobytes on TSX H57 24M e 428 kilobytes on TSX H57 44M The Unity Premium range offers three types of memory card e Application e Application and data storage e Data storage The data storage area is a memory zone that can be used to backup restore data in the memory card using specific EF
160. to know its position in variable the PLC memory A variable which have no address assigned is said to be unlocated V Variable Memory entity of the type BOOL WORD DWORD etc whose contents can be modified by the program during execution WORD The WORD type is coded in 16 bit format and is used to carry out processing on bit strings This table shows the lower upper limits of the bases which can be used Base Lower limit Upper limit Hexadecimal 1640 16 35012068 00 November 2006 227 Glossary Base Lower limit Upper limit Octal 840 8477777 Binary 230 2 1111111111111111 Representation examples Data content Representation in one of the bases 000000001 101001 1 16 D3 1010101010101010 8 125252 000000001 101001 1 2311010011 228 35012068 00 November 2006 Index Symbols 96SW60 27 SWE1 27 104 96S W62 27 96S W6S 27 SWE4 27 SWES 27 A addresses 104 application programs 148 B backplanes 51 mapping 48 blinking indicators 24 clocks Real Time Clocks 108 cold starts 74 107 D data transfers 38 40 diagrams MAST scans 41 transfer 39 E events 74 F failures types 144 H health messages 142 identical programs 156 indicators blinking 24 status 150 steady off 24 steady on 24 In rack I O 17 L LED 24 logic mismatches 104 messages
161. troller while the process is still being controlled by the primary controller What s in this This chapter contains the following topics 2 Chapter Topic Page Overview of Premium Hot Standby OS Upgrade 162 Executing the OS Upgrade Procedure 163 35012068 00 November 2006 161 Handling CPU OS Upgrade Overview of Premium Hot Standby OS Upgrade Upgrading while Executive Upgrade feature allows the Standby controller OS to be upgraded Process is while the Primary controller continues to control the process However during the Running upgrade the system can no longer be considered redundant That is there is no Standby available to assume control if the Primary should fail before the Standby upgrade is complete Upgrading OS Under normal operating conditions both controllers in a redundant system must without Stopping have the same versions of firmware In fact there are checks by the controllers to detect if there is a mismatch in firmware Normally when a mismatch exists performing a switchover would not be possible because the Standby controller would not be allowed to go online However to allow an OS Upgrade without stopping the application overriding is possible by setting the Command Register system bit SW60 4 Note IMPORTANT INFORMATION OS upgrade is possible only with compatible firmware CAUTION RISK OF EQUIPMENT DAMAGE Enabling OS upgrade without stoppin
162. two PLC is Offline Monitored ETY Disconnection on Standby The following table presents Monitored ETY Disconnection on the Standby PLC side the Monitored ETY is managing an I O Scanner Before the event In rack Discrete I O state PLC A calculated and applied at the end of the task Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active PLC B all connections with Ethernet devices are closed I O scanner is not active cycle PLCA PLC B PLC A output applied at the end of task Primary cycle PS CPU SCY DIG DIG IN OUT fe Port 114 Ethernet I O scanner SCADA Port PLCB Standby SCY DIG DIG IN JOUT Event Ethernet I O link disconnection on the Standby side There is no more diagnostic dialog between the two ETY modules This is not a critical event because there is no switch over PLC A Primary Ethernet 1 0 SCADA Port Switch CPU SCY DIG DIG IN JOUT SCP Port 114 PLCB Standby SCY DIG DIG IN OUT SCP 114 Q4 After the event 202 35012068 00 November 2006 System Detailed Behavior upon Failures In rack Discrete I O state PLCA calculated and applied at the end of the task cycle e PLC B Fall back position Remote I O state PLC A all connections with Ethernet devices ope
163. ty Note Related Documents Note Terminology This guide uses the following terminology e Application program a project or logic program e Controller a Unity Programmable Logic Controller PLC module which contains both 1 A CPU 2 A Copro e CPU Central Processing Unit a microprocessor in the controller which processes the application program e a microprocessor in the controller which communicates between two controllers e Modify to edit or to change an application program e Module any unit either a controller ETY DEY DSY AEY ASY SCY e Scan program cycle Because Premium Hot Standby delivers fault tolerant availability through redundancy use a Premium Hot Standby when downtime cannot be tolerated Redundancy means that two backplanes are configured identically A Premium Hot Standby must have identical configurations Identical Hot Standby processor TSX H57 24M or TSX H57 44M Identical TCP IP Ethernet communication module TSX ETY 4103 5103 Identical versions of the CPU Copro and ETY firmware Identical power supplies Identical In rack I O if they are used Identical cabling and cabling systems Identical sequential placement on the backplane Identical application Identical cartridge The data and illustrations found in this book are not binding We reserve the right to modify our products in line with our policy of continuous product development The i
164. ules in a non Hot Standby configuration are also compatible with the new Hot Standby ETY modules in a Hot Standby These ConneXium products be used in different Ethernet topology tree ring With the 499NxS27100 or TCSESMOX3F2CUO switches it is possible to share Ethernet devices on a redundant optical ring or a redundant copper ring RTU modules TSX ETW 320 330 Wade RTU modules 32 35012068 00 November 2006 Compatibility Differences Restrictions Understanding USB and Uni Telway Link Restrictions No address The USB and Uni Telway terminal ports are only point to point connections that swapping on cannot be used for transparent access to the Primary controller USB and Uni e In Master mode default mode the Uni Telway terminal port is a point to point connection allowing Unity Pro to communicate with its local controller e In Slave mode the Uni Telway terminal port does not support address swapping at switch over Telway link 35012068 00 November 2006 33 Compatibility Differences Restrictions Understanding Application Restrictions Application The application restrictions are restrictions e The use of events tasks is not recommended An event can be lost if it occurs just before or during a switch over The use of a FAST tasks driving dedicated outputs is not recommended Some change of state on the outputs can be lost at switch over The use of counting modul
165. ut the System is no longer redundant as long as the Ethernet I O link is disconnected on the I O link side The 2 PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics SW61 1000 0000 0000 0110 The accessed PLC is PLC A primary e The other PLC is PLC B offline SW62 Not significant because one of the two PLC is Offline The other PLC no fault 204 35012068 00 November 2006 System Detailed Behavior upon Failures Full Ethernet I O Link Disconnection Full Ethernet I O following table presents Full Ethernet I O Link Disconnection for example Link switch failure Disconnection Before the event In rack Discrete I O state PLC A calculated and applied at nd of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed scanner is not active PLC A Primary PS CPU DIG DIG IN 6 Port 114 Ethernet 1 0 scanner SCADA Switch Qu i Port li SCP 114 Q4 PLCB Standby IN OU illii DIG Event Full Ethernet link disconnection The remote I O are no longer visible from both PLCs and the dialog between the two PLCs is no longer active This is a critical event because there is an automatic
166. warning 174 35012068 00 November 2006 229 Index modifications offline 159 online 158 modules replacing 149 multitasking restrictions 28 OS upgrades 162 OSLoader 163 overhead system 40 P PCMCIA cards 82 Premium Hot Standby 16 Primary controller 16 R Real Time Clocks RTC 108 registers command 101 S scan times 39 40 101 148 setup methods Hot Standby System 48 Standby controller 16 Standby controllers Real Time Clocks 108 state RAM 39 status registers 103 steady off indicators 24 steady on indicators 24 System bits 27 101 System words 27 101 T tests confidence 142 run time 142 startup 142 textids 174 times address swaps 44 transfer 40 U updating offline 107 upgrades 162 V values initial 107 warm starts 74 230 35012068 00 November 2006
167. xBus Expanded system p p 35012068 00 November 2006 51 Setting up Installing and Cabling The following table describes the items of an architecture example with XBus expansion Items Description 1 Ethernet Switch 2 CPU sync Link 3 100 m 328 feet XBus 4 250 m 820 feet XBus 5 Ethernet link for I O scanner Architecture The following graphic shows an architecture example with Multiple I O scanning example with ETY Multiple scanning ETY MONITOR PRO Shared I Os ATV61 Redundant In rack I Os Tele i m E Monitored means a failure in the ETY or in the link to the first switch hub will cause an automatic switch over 52 35012068 00 November 2006 Setting up Installing and Cabling The following table describes the items of an architecture example with Multiple I O scanning ETY Items Description 1 Ethernet Switch 2 Ethernet TCP IP 3 CPU sync Link 4 Ethernet I O Scanner 1 5 Ethernet I O Scanner 2 Architecture The following graphic shows an architecture example with Redundant I O and example with SCADA network Redundant I O and SCADA network MONITOR PRO STB Pru 8 j Ethernet Scanner
Download Pdf Manuals
Related Search