Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: High Availability

High Availability 8 years 1 month ago #8051

And I'm back and continuing...

The simplest case: the HMI workstation

In this case, the simplest mechanism is to have a physically redundant system that is:
1. Available (doesn't share any of the dead or dying systems infrastructure, so is unlikely to be compromised by the offending failure. Ideally it has separate power and networking infrastructure.)
2. Operating (power is applied, it can be logged into, but not necessarily running the client application or showing the application data)
3. Recognition that, given the conditions above, a human will take a few "moments" (this could be seconds to minutes, and possibly longer if the human in question isn't diligent) to recognize the failure, move to the alternate system, authenticate, and then begin operation on that redundant system.

This means that I have to be able to access the data twice.
I also need to be able to authenticate on both machines at the same time.
We don't know if the process node is aware that the first HMI workstation failed.
We also don't want to change the status of the HMI workstation until we can assure and orderly shut-down of the process (if needed).
Only after we have access to the second workstation and have reviewed the situation can we decide to take the first offline. Ideally, we can isolate the first machine an commence recovery while the second operates.

I think this is achievable now based on my readings.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 8.388 seconds