Premium Hot Standby with Unity User Manual
Contents
1. Connection block eae Output T CPU DI l objects are not impacted CPU DI by the database exchange Ly Modules and channels Modules and Y health bits v inne Phase IN Phase IN ea DIS Discrete in Driver l Discrete in Driver A y memory memory image image Copro access Database exchange warang including Q objects ORO eee Mast First i section MAST econ task Mast Other cycle Mast Other sections sections Output images Not executed are calculated by the program Q Phase OUT Phase OUT memory Discrete Out Q Discrete Out image Driver memory Driver image CPU DOJ CPU DOJ ABE7 ACC10 MAST task cycle 126 35012068 02 september 2007 Programming Debugging Operation cycle with Ethernet I O The following graphic displays the operation cycle with Ethernet I O SWITCH Active I O P scanner Not Active I O scanner Ethernet I O device Ethernet I O Active device Not active O scanner we scanner PRIMARY PLC STANDBY PLC SWITCH CPU E CPU E T E Y Y MW Input MW Input Phase IN memory Phase IN memory yf ETY in Driver image ETY in Driver image y y Database exchange2. TextIDs TextIDs Textlds define the warning messages written in the diagnostic buffer TextIDs switching from Primary to Offline TextID Warning message 13001 System halt 13002 Remote IO failure 13003 ETH device failure 13004 ETH communication problem 13005 Stop PLC command 13007 Offline Command register request TextIDs switching from Standby to Offline TextID Warning message 13008 System halt 13009 Remote IO failure 13010 ETH device failure 13011 ETH communication problem 13012 Stop PLC command 13014 Offline Command register request TextIDs switching from Standby to Primary TextID Warning message 13015 Control command over ETH 13016 Control command over RIO TextIDs switching from Offline to Primary Standby TextID Warning message 13017 Switch from Offline to Primary 13018 Switch from Offline to Standby BY 198 35012068 02 september 2007 System Detailed Behavior upon Failures Introduction Overview What s in this Chapter In this chapter you will find the failures that can occur in Premium Hot Standby system This chapter contains the following topics Topic Page Overview of Failures 200 Halt or Stop Events on PLC 203 Hardware or Firmware CPU Failure 206 Power Failure on the Main Rack 209 Power Failure on an Extendable Rack 213 Hardware or Firmware ETY failure 217 Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA 220 Fa
3. PLCA Switch PLC B Primary Standby PS CPU ETYJETY SCY DIG DIG JPS CPU ETYJETY SCY DIG DIG HMI IN JOU HMI IN JOU ETH SCP ETH SCP Port 114 Port 114 1 Event Hardware or firmware failure on the ETY module that manages SCADA HMI This is not a critical event because there is no switchover Ethernet 1 0 scanner SCADA a 1 PLCA p p Switch Switch PLC B Primary switch ETE Standby PS CPU ETYJETY SCY DIG DIG JPS CPU ETYJETY SCY DIG DIG HMI IN JOU HMI IN JOU ETH SCP ETH SCP Port 114 Port 114 1 After the event Remote 1 0 state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Ethernet 1 0 scanner SCADA a 1 PLC A PLC B Primary Standby SCY DIG DIG IN JOU SCP 114 PS CPU ETY ETY PS CPU ETYJETY SCY DIG DIG HMI HMI IN JOU ETH ETH SCP Port Port 114 H Global status Communication status Customer diagnostic through Ethernet address No impact on the Hot Standby e Normal access to PLC A through terminal port or Modbus or Ethernet SW61 1000 0000 0000 1110 the accessed PLC is PLC A primary running The l
4. Standby ALS ALS Monitored means a failure in the ETY or in the link to the first switch hub will cause an automatic switch over The following table describes the items of an architecture example with Multiple I O scanning ETY Items Description 1 Ethernet Switch 2 Ethernet TCP IP 3 CPU sync Link 4 Ethernet I O Scanner 1 5 Ethernet I O Scanner 2 35012068 02 september 2007 57 Setting up Installing and Cabling Architecture The following graphic shows an architecture example with Redundant I O and example with SCADA network Redundant I O and SCADA network MONITOR PRO i ins Primary ai J z wE vle l mim 5 Qg 5 l E 5 E a E LJ 5 2 aL Ethernet H 1 0 Scanner Vanni Ring a EA 5 1 my m w a Momentum H OTB E 1 0 The following table describes the items of an architecture example with Redundant I O and SCADA network D 3 a Description Ethernet TCP IP network 1 Ethernet Switch Ethernet TCP IP network 2 and 3 CPU sync Link ConneXium Ethernet Switch with Ring capability Modbus Gateway example TSX ETG 1000 Modbus Monitored ETY INI oO BR wo ny 58 35012068 02 september 2007 Setting up Installing and Cabling Architecture The following graphic shows an a
5. After the event In rack Discrete I O state e PLC A calculated and applied end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLCB all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA h Switch Switch j F SCP Port 114 l PLC A Primary PS CPU ii DIG DIG IN JOU fe Port i 1 NR Not Responding PLC B Standb DIG DIG IN JOU Global status Communication status Customer diagnostic through Ethernet address No impact on the Hot e Normal access to PLC A SW61 1000 0000 0000 1110 Standby system The through terminal port and The accessed PLC is PLC A primary process is still redundant If Ethernet link for e The other PLC is PLC B standby needed the customer can diagnostics No access 4 SW62 0000 0000 0000 0000 request a switch over by through Modbus link e Other PLC no fault setting a bit in the command e Normal access to PLC B register of the Primary through terminal port Primary PLC error bit of SCP SCY modules application if there is no fault Ethernet link and Modbus 7 0 4 mod err l0 4 1 err set to 1 in the other PLC link for diagnostics 240 35012068 02 september 2007 System Detailed Behavior upon Failures Hardware Failure of SCP card
6. The following table presents Debug and Diagnostic operations on CPUs Diagnostic TSX H57 24M TSX H57 44M Diagnostic Function Block Yes Yes Diagnostic Buffer Yes Yes Diag buffer characteristics Max buffer size 16K8 25K8 Max errors 160 254 Breakpoint One single Bkpt One single Bkpt Step by step Into over and out Yes Yes Variable animation e End of Mast e Watch Point e End of Mast e Watch Point Link animation Yes Yes Debugging the application must be carried out on one PLC This PLC is automatically Primary Note For programming debugging an application in a Hot Standby PLC it is recommended e To use a Standalone PLC e To use PLC A if 2 PLCs are connected with PLC B in Non Conf state For debugging the first section in the Standby PLC the following points have to be taken into account e only the MW0 to MW99 are not transferred from the Primary to the Standby All the other application data are coming from the Primary As a result the value of all variables that are displayed in a Standby animation table are those coming from the Primary excepted for MW0 to MW99 e animation tables can be synchronized with watch points This is the best way to animate data in synchronization with the code execution 35012068 02 september 2007 141 Programming Debugging Debugging the redundancy part Non Tra
7. Update User gt PLC user Updates the PLC with the time set by the 80 35012068 02 september 2007 Configuring Viewing the Unity Pro Information tab dialog Information Tab PLC Screen 35012068 02 september 2007 81 Configuring Information Tab Description Description of the Information tab Item Option Value Description System Information PLC Identification PLC Range Only Online Processor name available Processor version Hardware ID Network address PLC Memory RAM CPU size Application Identification Name Creation Product Date Modification Product Date Version Signature Application Option Upload Information Comments Animation Table Section Protection Application Diagnostic Application Miscellaneous Forced Bits 82 35012068 02 september 2007 Configuring Item Option Value Description System Hot Standby PLC Hot Standby Status Only Online Information available Peer PLC Hot Standby Status Logic Mismatch between PLC and Peer PLC PLC Name CPU Sync Link Error Main Processor OS version Mismatch Co Processor OS version Mismatch At least One ETY do not have the minimum version V4 Mismatch Monitored ETY OS version TCP IP and MODBUS Addresses Ho
8. H HEA PECE Primary Standby PS CPU ETY SCY DIG JDIG PS CPU ETY SCY DIG DIG IN JOU IN JOUT ETH SCP ETH SCP Port 114 Port 114 Pst II Global status Communication status Customer diagnostic through Ethernet address The process is still active and the HSBY system is still redundant In case of switchover PLC B will become Primary with some Discrete Analog 1 Os in failed mode Both PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics SWE1 1000 0000 0000 1110 e The accessed PLC is PLC A primary e The other PLC is PLC B standby SWE62 0111 1111 0000 0000 e The other PLC all discrete modules of extended rack in fault 216 35012068 02 september 2007 System Detailed Behavior upon Failures Hardware or Firmware ETY failure ETY Failure on The following table presents ETY failure hardware or firmware on the Primary PLC Primary Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLCB all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA oO 2 Switch PLC B PS CPU fh DIG DIG IN JOU i r Porti 114 Eve
9. Note Terminology This guide uses the following terminology e Application program a project or logic program e Controller a Unity Programmable Logic Controller PLC module which contains both 1 ACPU 2 A Copro e CPU Central Processing Unit a microprocessor in the controller which processes the application program e Copro a microprocessor in the controller which communicates between two controllers e Modify to edit or to change an application program e Module any unit either a controller ETY DEY DSY AEY ASY SCY e Scan program cycle Because Premium Hot Standby delivers fault tolerant availability through redundancy use a Premium Hot Standby when downtime cannot be tolerated Redundancy means that two backplanes are configured identically A Premium Hot Standby must have identical configurations Identical Hot Standby processor TSX H57 24M or TSX H57 44M Identical TCP IP Ethernet communication module TSX ETY 4103 5103 Identical versions of the CPU Copro and ETY firmware Identical power supplies Identical In rack I O if they are used Identical cabling and cabling systems Identical sequential placement on the backplane Identical application Identical cartridge The data and illustrations found in this book are not binding We reserve the right to modify our products in line with our policy of continuous product development The information in this document is subject to change without
10. Example of Switch over with PLC B in Standby mode The manual Switch over is commendable from application program or requests Before the action on SW6O the status are e The two Bits are at 1 default value set by the system e The PLC A is Primary e The PLC B is Standby When one of the following actions is done on the command register SW60 in the Primary PLC bits 1 and 2 it generates a change of state of the two PLCs as it is shown in the right part of the following illustration HSBY status after action on SW60 PLC A PLC B Standby Primary PLC A PLC B SWE0 1 SW60 2 ae Offiine Standby o 9 Primary 1 0 1 1 sll PLC A PLC B Primary Offline PLC A PLC B Primary Standby When the action is done the two bits are automatically set to 1 by the system 158 35012068 02 september 2007 Operating Example of Switch over with PLC B in Offline mode Before the action on SW6O the status are e The two Bits are at 1 default value set by the system e The PLC A is Primary e The PLC B is Offline due for example to a hardware or firmware failure in the monitored ETY The following illustration is an example of Switch over with the PLC B in Offline HSBY status after action on SW60 mode PLC A PLC B Primary Offline PLC A PLC B SWE60 1 SWE60
11. Modbus Master link on RS485 two wires The Modbus Master function is used from the integrated channel of the module TSX SCY 21601 TSX SCY 11601 The link is type RS485 2 wires When the modules are redundant one in each PLC the polarization of the network must be carried out starting from the two channels Because of this changing a module will be possible without disturbing communication The cord to use is the TSX SCY CM 6030 The line can be adapted by positioning the corresponding connector on ON in the TSX SCA 50 boxes at the end of the RS 485 line The following illustration displays the Modbus Master link on RS485 Premium Hot Standby ETY sync link 1 Third i l ird party devices TSXSCYCM6030 pigg TSX SCY CM 6030 AEN PLCA HN HN DRS mon o TSX SCA 050 Connector on module TSX SCY 21601 68 35012068 02 september 2007 Configuring Introduction Overview What s in this Chapter This chapter describes configuring the Premium Hot Standby PLCs This chapter contains the following sections Section Topic Page 5 1 Configuring a System with the Unity Pro Tabs and Dialogs 73 5 2 Configuring TSX ETY 4103 5103 Modules 94 5 3 Configuring Registers 107 35012068 02 september 2007 71 Configuring 72 35012068 02 september 2007 Configuring 5 1 Configur
12. e With communication expert modules A network is a group of stations which communicate among one another The term network is also used to define a group of interconnected graphic elements This group forms then a part of a program which may be composed of a group of networks Network Time Protocol 35012068 02 september 2007 263 Glossary O OTB The OTB NIM is an Input Output module that has 12 input nodes and 8 output nodes P Procedure Procedures are functions view technically The only difference to elementary functions is that procedures can take up more than one output and they support data type VAR_IN_OUT To the eye procedures are no different than elementary functions Procedures are a supplement to IEC 61131 3 R REAL Real type is a coded type in 32 bits The ranges of possible values are illustrated in gray in the following diagram pa E i E INF 3 402824e 38 1 1754944e 38 0 0 1 1754944e 38 3 402824e 38 When a calculation result is e between 1 175494e 38 and 1 175494e 38 it is considered as a DEN e less than 3 402824e 38 the symbol INF for infinite is displayed e greater than 3 402824e 38 the symbol INF for infinite is displayed e undefined square root of a negative number the symbol NAN or NAN is displayed Note The IEC 559 standard defines two classes of NAN quiet NAN QNAN and signaling NaN SNaN ONAN is a NAN with the most significant fraction bit set an
13. For using a communication function block i e WRITE_VAR you are advised to e locate the management parameters in the MW from 0 to 99 those that are not transferred from Primary to Standby e initialize the Length parameter each time the function block is started e use an external Timer function block as a replacement of the Timeout parameter If the management parameters cannot be located in the MW from 0 to 99 and in the case of a switchover when a function block is active then the activity bit must be reset to 0 by the application before restarting the function block in the new Primary 35012068 02 september 2007 131 Programming Debugging Detecting Cold Start and Warm Start ina Premium Hot Standby PLC In a Premium Hot Standby PLC only the system word SW10 and the system bit S1 can be used to detect respectively a cold start and a warm start e SW10 If the value of the current task bit is set to 0 this means that the task is performing its first cycle after a cold start e SW10 0 assigned to the MAST task e SW10 1 assigned to the FAST task At the end of the first cycle of the Mast task the system sets each bit of the word SW10 to 1 e S1 Normally at 0 this bit is set to 1 by a power restoral with data save It is reset to 0 by the system at the end of the first complete cycle and before the outputs are updated In the event of cold start or warm restart if you want the application to be
14. If this occurs the ETY will return the diagnostic code Bad IP configuration Prior to a switch over event the Primary and Standby HSBY ETYs must be represented by one unique IP Address The following table presents the unique IP Address IP address for System A in System B in System A in System B in Primary mode Standby mode Standby mode Primary mode Before Switch over After Switch over HSBY ETY 1 IP1 IP1 1 IP1 1 IP1 HSBY ETY 2 IP2 IP2 1 IP2 1 IP2 HSBY ETY 3 IP3 IP3 1 IP3 1 IP3 HSBY ETY 4 IP4 IP4 1 IP4 1 IP4 Note All the ETY modules that are present in a Hot Standby PLC will swap the IP address at switch over 90 35012068 02 september 2007 Configuring A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION To prevent duplicate IP address error when several ETY modules are present in a Hot Standby PLC the user must not configure these ETY modules with consecutive IP addresses Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 91 Configuring Handling Modbus address at switch over When a Premium Hot Standby configuration is ina nominal mode the TSX SCP 114 module Modbus addresses are Primary is PLC A Standby is PLC B e Primary TSX SCP 114 module A n e Standby TSX SCP 114 module B n 1 If the Standby PLC becomes Primary the TSX SCP 114 module Modbus addresses become e TSX SCP 114 module B n
15. Off e Value 1 On The following illustration displays Unity Pro Information tab dialog in connected mode PLC Screen Be Task Realtime clock Information B SYSTEM INFORMATION BitNumber IEC 151413121110 9 8 7 6 5 4 3 2 1 0 f PLC 561 10000010010000 01 A i IDENTIFICATION bits 1 0 PLC HOT STANDBY STATUS primary standby offline OFFLINE i MEMORY bits 3 2 PEER PLC HOT STANDBY STATUS primary standby offline undefined Undefined APPLICATION bit 4 LOGIC MISMATCH BETWEEN PLC AND PEER PLC NO bit5 PLC NAME UNITA IDENTIFICATION fbit 6 CPU SYNC LINK ERROR YES i i bit 7 MAIN PROCESSOR OS VERSION MISMATCH NO i SENON bit8 CO PROCESSOR OS VERSION MISMATCH NO i MISCELLANEOUS fbit 9 AT LEAST ONE ETY DO NOT HAVE THE MINIMUM VERSION V4 YES Replace OLD ETY Secon OTSA PIE bit 10 MONITORED ETY OS VERSION MISMATCH YES bit 13 TCP IP AND MODBUS ADDRESSES Configured Addresses bit 15 HOT STANDBY ENTIRE SYSTEM STATE ON 84 35012068 02 september 2007 Configuring Using the Premium Hot Standby Tab Viewing the Hot SaDa tee Note All the ETY modules should be configured Configure Hot Standby values in the Hot Standby tab of the Unity Pro editor 0 0 TSX H57 24M ioi x 57 2 Hot Standby 768Kb Program with PCMCIA USB Unitelway Overview Configuration Animation Hot
16. The Ethernet links for diagnostics process is still redundant SWE61 1000 0000 0000 1110 e The accessed PLC is PLC A primary e The other PLC is PLC B standby SWE62 0000 0000 0001 1000 e Other PLC 2 discrete modules in fault 238 35012068 02 september 2007 System Detailed Behavior upon Failures Hardware Failure of the SCP card in SCY SCP card failure The following table presents hardware failure or removal of the SCP card in the in Primary SCY Primary SCY Before the event In rack Discrete I O state e PLC A calculated and applied end of task cycle Ethernet O scanner SCADA e PLC B PLC A output applied end of task cycle k 1 Switch Switch Remote I O state e PLC A all connections with Ethernet devices are open fP gt PY FPI PERRE Psje E pepee I O scanner is active e PLC B all connections with Ethernet devices are closed ETH SCP ETH SCP Port 114 Port 114 I O scanner is not active Event Hardware failure or the module is removed from the SCY module of the Modbus SCP card Ethemet 1 0 scanner SCADA This is not a critical event because no automatic switch over RAN _ F H nicer Switch occurs Primary PS ETY ETH SCP Port 114 Standby PS CPU ETY SCY DIG DIG IN JOU ETH SCP Port 114 DIG DIG IN JOU 35012068 02 september 2007 239 System Detailed Behavior upon Failures
17. all connections with ethernet devices are open I O scanner is active e PLC B all connections with ethernet devices are closed I O scanner is not active SCP 114 1 PS CPU SCY DIS DIS PS CPU DIS DIS IN JOUT IN JOUT Pe al fe Port 114 Port Event e HALT instruction e Watch dog overflow Ethernet V0 scanner SCADA e Program execution error division by 0 overflow sie eH sie etc with S78 1 Primary swin suich Standby e STOP command This is not a critical event because there is not switch over PS CPU SCY DIG DIG PS CPU SCY DIG DIG IN JOUT IN JOUT fe i fe SCP Port 114 Port 114 1 After the event In rack Discrete I O state e PLC A calculated and applied at the end of the task Ethernet Wo scanner SCADA sy eye N PLC A Switch Switch PLC B e PLC B fallback position Primary Offline PS CPU SCY pols Dis Ps cPU SCY Dis JIS Remote I O state IN JOUT IN JOUT e PLC A all connections with Ethernet devices are open I O scanner is active fe a fe il e PLCB all connections with Ethernet devices are po Ch a ic closed I O scanner is not active 7 Global status Communication status Customer diagnostic through Ethernet address The process is still active Both PLCs are accessible SW61 1000 0000 0000 0110 but the HSBY system is no through terminal ports e the accessed PLC is PLC A
18. processed in a particular way you must write the corresponding program conditional on the test that SW10 0 is reset to 0 or S1 is set to 1 at the start of the master task program SW10 and S1 are significant in Primary and Standby mode 132 35012068 02 september 2007 Programming Debugging Structure of Database Principle To take control of the process when the Primary PLC leaves the Primary mode the Standby PLC has to know the complete status of the Hot Standby configuration This status is given by The values of the Primary In rack output modules Q and QW objects The values of command words and adjustment parameters MWr m c objects The values of discrete input and output forcing The input output values of all the remote devices The user application data located and unlocated and system data of the Primary PLC All instances of DFB and EFB data SFC states e Some system bits and words 830 S31 S38 S50 S59 S93 S94 SSWO SW1 SWB SW9 SW49 SW53 SW5Y SWEO SW70 SW108 SD18 and SD20 are only exchanged at switch over To do this the two PLCs have to share a Database that is built automatically by the Primary PLC Note To make possible a local diagnostic of I O modules in the standard PLC the following objects are not transferred from Primary to Standby e The values of the Primary In rack input modules l and IW objects e The values of status parameters
19. 16 Other 16 194 35012068 02 september 2007 Additional Information Application The following table presents the Application Language and Embedded Language and communication ports of the CPUs Embedded A Services TSX H57 24M TSX H57 44M communication ports Application Languages Function Block FBD Yes Ladder Logic Yes Structured Text Yes Instruction List Yes SFC Yes DFB Yes EF EFB Yes PL7 SFB Not recommended Embedded communication ports Legacy Terminal port Physical One RS 485 layer Speed 19200 baud Protocol Uni Telway M S ASCII USB terminal port One device connector USB V1 0 12Mbytes 35012068 02 september 2007 195 Additional Information Memory Services The following table presents the Memory Services and Devices of the CPUs and Devices Services TSX H57 24M TSX H57 44M Application Backup No Data storage with Legacy EF Init Read Yes in memory cards Data storage Write Supported SRAM PCMCIA Max application size according to PLC characteristics TSX MRP P 128K TSX MRP P 224K TSX MRP P 384K TSX MRP C 448K TSX MRP C 768K TSX MRP C 001M TSX MRP C 01M7 TSX MRP C 002M TSX MRP C 003M TSX MRP C 007M Supported FLASH PCMCIA Max application size according to PLC characteristics TSX MFP P 128K TSX MFP P 224K TSX MCP C 224K TSX MFP P 384K TSX MFP P 512K TSX MCP C 512K TSX MFP P 001M TSX MFP P 002M TSX
20. 255 2 1110_0000 or 2 11100000 in decimal 224 A literal value in base 8 is used to represent an octal integer The base is determined by the number 8 and the sign The signs and are not allowed For greater clarity when reading you can use the sign _ between bits Example 8 3_77 or 8 377 in decimal 255 8 34_0 or 8 340 in decimal 224 BCD is the abbreviation of Binary Coded Decimal format BCD is used to represent decimal numbers between 0 and 9 using a group of four bits half byte In this format the four bits used to code the decimal numbers have a range of unused combinations 35012068 02 september 2007 255 Glossary Example of BCD coding e the number 2450 e iscoded 0010 0100 0101 0000 BOOL BOOL is the abbreviation of Boolean type This is the elementary data item in computing A BOOL type variable has a value of either O FALSE or 1 TRUE A BOOL type word extract bit for example sMW10 4 BYTE When 8 bits are put together this is called a BYTE A BYTE is either entered in binary or in base 8 The BYTE type is coded in an 8 bit format which in hexadecimal ranges from 16 00 to L6 FF D DATE The DATE type coded in BCD in 32 bit format contains the following information DATE_AND_TIM E e the year coded in a 16 bit field e the month coded in an 8 bit field e the day coded in an 8 bit field The DATE type is entered as follows D lt Year gt l
21. 260 35012068 02 september 2007 Glossary HMI HSBY HTTP Software based operator interface tool Hot Standby Hypertext Transfer Protocol IEC 61131 3 INF INT Integer Literals International standard Programmable Logic Controls Part 3 Programming languages IL is the abbreviation of Instruction List This language is a series of basic instructions This language is very close to the assembly language used to program processors Each instruction is composed of an instruction code and an operand Used to indicate that a number overruns the allowed limits For a number of Integers the value ranges shown in gray are as follows Ss E i 7 E INF 3 402824e 38 1 1754944e 38 0 0 1 1754944e 38 3 402824e 38 When a calculation result is e less than 3 402824e 38 the symbol INF for infinite is displayed e greater than 3 402824e 38 the symbol INF for infinite is displayed INT is the abbreviation of single integer format coded on 16 bits The lower and upper limits are as follows 2 to the power of 15 1 to 2 to the power of 15 1 Example 32768 32767 2 1111110001001001 16 9FA4 Integer literal are used to enter integer values in the decimal system The values can have a preceding sign Individual underlines _ between numbers are not significant 35012068 02 september 2007 261 Glossary Example 12 0 123_456 986 IODDT IODDT is the abbreviation
22. 9 Introduction Overview What s in this Chapter This chapter provides information about application modification in a Premium Hot Standby system This chapter contains the following topics Topic Page Understanding Premium Hot Standby Logic Mismatch 178 Online Offline Modifications to an Application Program 179 35012068 02 september 2007 177 Handling application Modification Understanding Premium Hot Standby Logic Mismatch Needing Identical Application Programs Causing a Mismatch In a fault tolerant redundant system and under normal operating conditions both controllers must load the identical application program also called a logic program The application program is updated every scan by transferring data from the Primary to the Standby Only the Standby by controller detects a logic mismatch and reports error on Primary The following conditions cause a mismatch in the application program a difference between e Programs e Animation tables e Comments on variables and types Note Animation Tables and Comments Both animation tables and comments on variables and types may be excluded from the mismatch by not being included in the upload information e Exclude by selecting Tools Project Settings Build tabs default In the Upload Information area select without e Inclusion requires downloading the application program When a mismatch e
23. A Displays the configuration in B N A the PCMCIA Slots Default value N A Permits selection of the default value M KW Maximum value N A Permits selection of the maximum number M KW Size of global address M 1 Size of the different memory field SMW 1 areas KW 1 Note The values for MW i has to be divisible by 8 S 2 SW 2 1 Enter the appropriate values All values depend on Hot Standby configuration 2 The values cannot be selected 78 35012068 02 september 2007 Configuring Using the Animation Tab and PLC Screen Dialogs Accessing the To access the Task Realtime clock and Information tabs of the Unity Pro Animation PLC Screen tab Dialogs Step Action 1 Select the Animation tab 2 The PLC screen tab appears automatically Note The dialogs illustrated here are depicted when Unity Pro is not connected to the PLC When Unity Pro is connected to a PLC the information displayed in these tabs changes Viewing the Task Unity Pro Task tab dialog Tab PLC Screen oe Task ogy Realtime clock Information Events Start reStart Output Fallback Adivate OF State Warm restart Applied Outputs Disable all Number Cold start Output Fallback r Last Stop 35012068 02 september 2007 79 Configuring Task Tab Description Viewing the
24. After the event In rack Discrete I O state e PLC A fallback position e PLC B calculated and applied at the end of the task cycle Remote I O state e PLC A all connections with Ethernet devices are closed I O scanner is not active e PLC B all connections with Ethernet devices are open I O scanner is active Ethernet NOs scanner SCADA H h PLCA Switch Switch Primary NR 1 PS CPU DIG JDIG IN JOU Fe SCP Port 114 PLC B Global status Communication status PS CPU ai DIG IN Jou i r Port 114 Customer diagnostic through Ethernet address The process is still active but the HSBY system is no longer redundant as long as the PLC Ais in ERROR mode e No access to PLC A CPU no longer running e Normal access to PLC B accessible through terminal port Modbus and Ethernet links for diagnostics 1 NR Not responding SWE61 1000 0000 0110 0010 e The accessed PLC is PLC B primary The other PLC is PLC A undefined SWE2 Not significant because one of the two PLC is Not Responding 35012068 02 september 2007 207 System Detailed Behavior upon Failures CPU Failure on Standby The following table presents CPU failure on Standby PLC Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote
25. I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA PLCA PLC B Primary Switch Standby PS CPU SCY DIS DIS PS CPU SCY DIS DIS IN JOUT IN JOUT Pe al fe SCP Port 114 Port 114 1 Event Hardware or firmware failure on the processor This is not a critical event because there is no switchover Ethernet I O scanner SCADA k Switch al PLC A Primary PS CPU SCY DIG JDIG IN JOUT fe 7 Port 114 PLC B Standby PS CPU SCY DIG DIG IN JOUT fe SCP Port 114 After the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B fallback position Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet 10s scanner SCADA PS JCPU SCYJDIS DIS IN JOUT fe Port 1 Switch iy i SCY DIS JDIS IN JOUT P Port i a 114 Global status Communication status i 1 NR Not responding Customer diagnostic through Ethernet address e Normal access to PLC A through terminal port e No access to PLC B CPU no longer running The process is still active but t
26. I O state I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active e PLC A all connections with Ethernet devices are open Ethernet 0 scanner SCADA oo k l PLC A Switch PLC B Primary Standby PS CPU B DIG DIG PS CPU SCY DIG DIG IN fou IN JOU P z is SCP Port 114 Port 114 1 Event Hardware failure or the module is removed from the X BUS rack of a digital module This is not a critical event because there is no switchover Ethernet I O scanner SCADA EE T Switch PLC B PS ii ii DIG DIG IN JOUT h i Port 114 PS i SCY DIG DIG IN JOUT SCP Port 114 1 After the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applies at end of task cycle Remote O state I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active e PLC A all connections with Ethernet devices are open Standby Ethernet I O scanner SCADA h H PLCA Switch PLC B Primary Standby PS i ETY i DIG DIG PS i SCY DIG DIG IN JOUT IN JOUT H i SCP Port 114 Port 114 1 Customer diagnostic through Ethernet address Global status Communication status No impact on the The 2 PLCs are accessible through Hot Standby terminal ports Modbus links and system
27. In rack Discrete I O state e PLC A fallback position cycle Remote I O state e PLC B calculated and applied at the end of the task PLC A all connections with Ethernet devices are closed I O scanner is not active PLC B all connections with Ethernet devices are open I O scanner is active Ethernet I O scanner SCADA en L PLC B oe PS CPU ETY SCYJDIS DIS JPS CPU ETY SCY DIS DIS IN JOUT ETH SCP ETH SCP Port 114 Port 114 PLC A Global status Communication status IN Jour Customer diagnostic through Ethernet address The process is still active but the HSBY system is no longer redundant as long as the PLC A is in HALT or STOP mode Both PLCs are accessible through terminal ports Modbus and Ethernet links for diagnostics SW61 1000 0000 0010 0110 e the accessed PLC is PLC B primary e the other PLC is PLC A offline SWE2 Not significant because one of the two PLC is Offline or Not Responding 204 35012068 02 september 2007 System Detailed Behavior upon Failures Halt or Stop on The following table presents Halt or Stop events on Standby PLC Standby PLC Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task Ethemet O scanner SCADA cycle tar i 2 EEA PLCB e PLC B PLC A output applied at the end of task Primary ull Standby cycle Remote I O state e PLC A
28. MCP C 002M TSX MFP P 004M TSX MRP F 004M TSX MRP F 008M Supported Data storage 196 35012068 02 september 2007 Additional Information OS Download Application Performances System Overhead Miscellaneous Characteristics The following table presents the OS Download Application Performances PCMCIA and System Overhead of the CPUs Services TSX H57 24M TSX H57 44M OS Download CPU OS download Yes Uni Telway terminal port HSBY OS download Yes through Ethernet port only I O modules OS download No Application performances PCMCIA 100 boolean 15 5 Kins ms 65 boolean 35 num 11 4 Kins ms System overhead Mast task ims Fast task 0 08 ms The following table presents the Miscellaneous Characteristics of the CPUs Services TSX H57 24M TSX H57 44M Processor format Double width Microprocessor Pentium 166 Mhz Processor Electrical mA typ 1780 mA consumption on 12V with one mA max 2492 mA memory card 5V not used 1 W typ 9 1 W W max 12 7W Default rack TSX RKY 6EX Default Power supply TSX PSY 2600 PCMCIA slots Slot A Type I 5V Slot B Type III 5V Real Time Clock Yes RTC synchronization with dual CPU No 1 max typical consumption x 1 4 35012068 02 september 2007 197 Additional Information
29. MWr m c objects For more details on language objects and IODDTs for discrete and analog functions refer to the Application language objects chapter of the Discrete I O modules and Analog I O modules documentations 35012068 02 september 2007 133 Programming Debugging Illustration The following illustration displays information worked out by the Primary PLC Database i p T 2 O O PLC A PLC B Primary Standby Exchange The Database is built automatically by the Primary PLC Operating System and sent at each Primary PLC cycle to the Standby PLC This exchange is performed via the embedded Ethernet coprocessor of the two HSBY PLCs The size of database is e TSX H57 24M 180 kilobytes e TSX H57 44M 428 kilobytes Storage Three types of memory card are offered in Unity Premium range e Application e Application and data storage e Data storage The data storage area is a memory zone that can be used to backup and restore data in the memory card using specific EF in the application program The maximum size of this area is 8 MByte with TSX MRP F 008M This memory zone is not part of the database exchange between the Primary A and the Standby B It s only possible to read data using two memory cards one card in PLC A and one card in PLC B with the same contents 134 35012068 02 september 2007 Programming Debugging In rack I O manage
30. Responding Global status Communication status Customer diagnostic through Ethernet address The process is still redundant but diagnosis is no longer possible through the HMI SCADA link address not responding If necessary the customer can request a switchover by setting a bit in the command register of the Primary application if there is no fault in the other PLC e Normal access to PLC A through terminal port or Modbus for diagnostics e No access to PLC A through Ethernet link e Normal access to PLC B through terminal port Modbus or Ethernet links for diagnostics SWE1 1000 0000 0000 1110 e The accessed PLC is PLC A primary The other PLC is PLC B standby SWE62 0000 000 0000 0000 e The other PLC no fault 35012068 02 september 2007 221 System Detailed Behavior upon Failures Failure on Standby ETY HMI amp SCADA The following table presents failure hardware or firmware on the Standby ETY dedicated to HMI and SCADA ETY is not the HSBY Monitored ETY Before the event In rack Discrete I O state Remote I O state I O scanner is active e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle e PLC A all connections with Ethernet devices are open e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet 1 0 scanner SCADA
31. active e PLC B all connections with Ethernet devices are closed I O scanner is not active e PLC A all connections with Ethernet devices are open Ethernet I O scanner SCADA amp h PLCA PLC B Primary Standby PS CPU ETY SCY DIG DIG PS CPU ETY SCY DIG DIG IN JOU IN JOU ETH SCP ETH SCPI Port 114 Port 114 A OF Communication status Global status Customer diagnostic through Ethernet address The 2 PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics No impact on the Hot Standby system The process is still redundant If needed the customer can request a switch over by setting a bit in the command register of the Primary application if there is no fault in the other PLC SWE1 1000 0000 0000 1110 e The accessed PLC is PLC A primary e The other PLC is PLC B standby SWE62 0000 0000 0000 0000 e Other PLC no fault Primary PLC error bit I0 x mod err of the 2 discrete modules set to 1 35012068 02 september 2007 237 System Detailed Behavior upon Failures Hardware The following table presents hardware failure or removal of a digital module in the Failure Standby Standby PLC main or extendable rack Digital Module Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote
32. bits The lower and upper limits are as follows 2 to the power of 31 to 2 to the power of 31 1 Example 2147483648 2147483647 16 FFFFFFFF DT is the abbreviation of Date and Time The DT type coded in BCD in 64 bit format contains the following information The year coded in a 16 bit field the month coded in an 8 bit field the day coded in an 8 bit field the hour coded in a 8 bit field the minutes coded in an 8 bit field the seconds coded in an 8 bit field Note The 8 least significant bits are unused The DT type is entered as follows DT lt Year gt lt Month gt lt Day gt lt Hour gt lt Minutes gt lt Seconds gt This table shows the lower upper limits in each field Field Limits Comment Year 1990 20 Year 99 Month 01 12 The left 0 is always displayed but can be omitted at the time of entry 35012068 02 september 2007 257 Glossary DWORD Field Limits Comment Day 01 31 For the months 01 03 05 07 08 10 12 01 30 For the months 04 06 09 1 1 01 29 For the month 02 leap years 01 28 For the month 02 non leap years Hour 00 23 The left 0 is always displayed but can be omitted at the time of entry Minute 00 59 The left 0 is always displayed but can be omitted at the time of entry Second 00 59 The left 0 is always displayed but can be omitted at the time o
33. cut on the 48 35012068 02 september 2007 Maintaining At a Glance Purpose This part describes five important processes in using a Premium Hot Standby System e Setting up Installing and Cabling e Configuring e Programming Debugging e Operating e Maintaining What s in this This part contains the following chapters part Chapter Chapter Name Page 4 Setting up Installing and Cabling 51 5 Configuring 71 6 Programming Debugging 123 7 Operating 149 8 Maintaining 163 35012068 02 september 2007 49 Maintaining 50 35012068 02 september 2007 Setting up Installing and Cabling 4 Introduction Overview This chapter provides an overview of setting up installing and cabling a Premium Hot Standby System What s in this This chapter contains the following topics Chapter Topic Page Setting Up the Premium Hot Standby 52 Mapping the Backplane Extension 56 Connecting Two Premium Hot Standby PLCs 60 Connecting In rack I O 62 Connecting Ethernet I O 66 Connecting Modbus 67 35012068 02 september 2007 51 Setting up Installing and Cabling Setting Up the Premium Hot Standby Overview Schneider Electric is a leader in fault tolerant redundant systems Hot Standby Setting up a Premium Hot Standby System involves a number of processes summarized in the following paragraphs here and explaine
34. error to the Standby CPU The Standby CPU sends a message to the Primary CPU through the CPU sync link If the Status is OK Primary stays acting as Primary and the Standby will go to Offline because a disconnection on Standby side If the status is not OK it will send a take control to the Standby before entering Offline mode 168 35012068 02 september 2007 Maintaining Detecting CPU sync Link Failures Important Information Standby Detects a Failure Standby Assumes Control Facts 1 CPU sync link connects the two Copros 2 Using the CPU sync link the Primary controller communicates with the Standby on every Mast cycle 3 Primary sends either 1 Data message 2 Health message Note If both the Primary and Standby do not hear from each other either station can detect a CPU sync link failure At first Step Action Result 1 Standby gets no response from the Primary on the CPU sync link e There is no more data base exchange from primary to standby e The system is no longer redundant as long as the Ethernet copro of the PLC is in failure mode The Standby becomes Primary Step Action Result 1 After the Primary controller goes offline Health message or no answer from the or disappeared Primary 2 Standby controller scans the ETY sync link once 3 If Standby controller gets no response Standby
35. failure on this link is not a condition to generate a switch over because the ETY sync link is not part of the I O or messaging process On the contrary when Ethernet I O devices or other equipment are connected to the ETY sync link it is necessary to generate a switch over if a failure appears on the Primary side For more details refer to Configuring TSX ETY 4103 5103 Modules p 94 35012068 02 september 2007 55 Setting up Installing and Cabling Mapping the Backplane Extension Requiring Two backplanes must be configured with identical hardware software and firmware Identical in identical order Then both controllers may function either as a Primary controller Backplanes or as a Standby controller Note INSTALLING CONTROLLERS Schneider Electric recommends referring to Schneider Electric planning and installation guidelines You will find more information in the Premium and Atrium Using Unity Pro User Manual 35006160 and in Grounding and Electromagnetic Comptabilty of PLC System 33002439 56 35012068 02 september 2007 Setting up Installing and Cabling Architecture The following graphic shows an architecture example with Multiple I O scanning example with ETY Multiple I O scanning ETY MONITOR PRO Shared I Os ATV61 Redundant In m EEO 9 iyi Tele Split fast ETG1000 sot fa
36. in fallback mode to 0 This configuration mode is mandatory when output modules are cabled in parallel with ABE7 ACC1x connection blocks In case of negative logic you must configure output modules in fallback mode to 1 Failure to follow these instructions can result in injury or equipment damage 35012068 02 september 2007 87 Configuring Configuring the PCMCIA Cards Configuring with Unity Pro Allocating memory to the memory card Step Action 1 If not opened open the X Bus configuration editor 2 Go to the local bus in the Structural View of the Project Browser 3 Open the local bus either by double clicking on the X Bus or by selecting the X Bus and executing right click Open A graphical representation of the local bus appears Point to and select either PC Card A slot 1 or PC Card B slot 2 3 1 Memory configuration of the PCMCIA card 1 Memory configuration of the PCMCIA card 2 88 35012068 02 september 2007 Configuring Step Action 5 Double click or right click either PCMCIA card The New Replace Submodule dialog appears New Replace Submodule Part Number EES OK l E SRAM Cance TSX MRP C 001M SRAM PCMCIA Prog 1024kb D
37. knows that the failure must be on both the Primary Copro and Primary CPU 4 Standby assumes control 35012068 02 september 2007 169 Maintaining Checking for Identical Application Programs Checksum Important Information Standby Checks for Mismatches Please note Fact Result A Hot Standby system requires that both stations must have the same application program This requirement prevents the Standby from executing a different application program if transfer of control occurs Checking for identical application programs Step Action Result 1 At each scan the application The Standby validates the new program s instruction checksum checksum CKSM against its existing CKSM is transferred from the checksum CKSM Primary to the Standby along with any other necessary data 2 Standby determines if mismatch 1 Mismatch Standby goes Offline occurs 2 No mismatch system operates normally 3 The controller returns to Online and is the Standby as soon as the application programs are identical 170 35012068 02 september 2007 Maintaining Replacing a Faulty Module Important You may replace a faulty module while a system is running Ensure that the replacement module 1 Installs in the Standby backplane 2 Resides in the same position in both backplanes 3 Is same type of module Same type of module me
38. link if 7 CPU sync link mg m Premium rack with line terminators Power supply Hot Standby processor TSX H57 24M or TSX H57 44M Communication module TSX SCY 21601 with Modbus PCMCIA TSX SCP 114 Discrete output module example TSX DSY 64T2K Discrete input module example TSX DEY 64D2K Hot Standby Ethernet module TSX ETY 4103 5103 Example NOoRWD In case of power failure on the Primary PLC the Standby PLC will identify a communication error on the CPU sync link But this same communication error will also occur in the case of CPU sync link disconnection To distinguish between these two cases the Standby CPU requests from its local ETY module the status of the counterpart ETY module In case of fault the Standby diagnoses that the Primary is offline and becomes Primary The link between the two ETYs modules is called ETY sync link The two ETYs are called monitored ETYs 54 35012068 02 september 2007 Setting up Installing and Cabling The Monitored ETY modules can manage e Only diagnostic information in case of exclusive Bus X configuration e Diagnostic information and I O scanning service if Ethernet I O devices are connected on the link e Diagnostic information I O scanning service and other Ethernet services In the above Premium Hot Standby configuration the two monitored ETYs are linked with a crossover cable There is no Ethernet device connected to the ETY sync link A
39. notice and should not be construed as a commitment by Schneider Electric 10 35012068 02 september 2007 About the Book Related Documents User Comments Title of Documentation Reference Number Premium and Atrium Using Unity Pro User Manual Available on Unity Pro documentation CD Telemecanique com web site Grounding and Electromagnetic Compatibility of PLC System Available on Unity Pro documentation CD Telemecanique com web site We welcome your comments about this document You can reach us by e mail at techpub schneider electric com 35012068 02 september 2007 11 About the Book 12 35012068 02 september 2007 Introduction At a Glance Purpose What s in this Part This part introduces the Premium Hot Standby System The content describes the hardware available the compatibility of Premium Hot Standby with PL7 systems and using IEC logic and Unity This part contains the following chapters Chapter Chapter Name Page 1 Overview 15 2 Compatibility Differences and Restrictions 25 3 Behavior and Performances 37 35012068 02 september 2007 13 Introduction 14 35012068 02 september 2007 Overview Introduction Overview In this chapter you will find a brief overview of the Premium Hot Standby System the module the CPUs and the indicators What s
40. occurs the Primary ETY closes all connections with I O devices by sending a TCP IP reset The I O scanning service in this ETY is Standby After the swap the new Primary ETY re establishes the connection with each I O devices It restarts the repeat exchange of data with these re connections The TSX ETY 4103 5103 provides the I O scanning feature Configure using Unity Pro software Note When the I O Scanning service is configured in the Monitored ETY an ETY sync link failure on the Primary side will generate a switch over The ETY sync link failure bit can be read in the ETY module by using an explicit exchange READ_STS and the IODDT T_GEN_MOD The bit MWr m MOD 2 2 is set to 1 in case of failure A CAUTION 1 0 SCANNING AND SWITCH OVER WITH CRITICAL APPLICATIONS The following Ethernet I O scanning considerations have been taken during a switch over e facommunication function block is used for TCP IP the block will not complete its transaction e While the ETY is in the process of performing the transaction a new communication function block may become active e The input states of the scanned Ethernet I O devices will follow the state defined in the last value option configured in the I O scanning table of the ETY module in Unity Pro software These two states are either e Setto0 e Hold last will be set in the I O scanner Failure to follow these instructions can result in injury or equipment d
41. operating parameters of a Hot Standby inthe Command application for both the Primary and Standby and is located at system word SWE60 Register At each scan the Command Register is replicated and transferred from the Primary to the Standby Transfer occurs only from Primary to Standby Any changes made to the Command Register on the Standby will have no effect because the values transferred from the Primary overwrite the values in the Standby The following illustration identifies the operating options provided by the Command Register Sets Controller A to OFFLINE mode 0 _ Sets Controller A to RUN mode 1 Sets Controller B to OFFLINE mode 0 _ Sets Controller B to RUN mode 1 OS versions Mismatch one 4a ee eee On S 4 oma 2 1 0 System Word Controller A OFFLINE RUN mode SW60 1 e SW60 1 1 Controller A goes to Run mode e SW60 1 0 Controller A goes to Offline mode System Word Controller B OFFLINE RUN mode SW60 2 e SW60 2 1 Controller B goes to Run mode e SW60 2 0 Controller B goes to Offline mode 35012068 02 september 2007 109 Configuring System Word Standby behavior if OS Versions Mismatch SW60 4 e SW60 4 1 If OS Versions Mismatch with Primary PLC Standby stays in standby mode e SW60 4 0 If OS Versions Mismatch with Primary Standby goes to Offline mode Firmware OS Mismatch This relates to main processor OS version embedded copro OS version monitored ETY OS version and en
42. primary longer redundant as long Modbus links and Ethernet the other PLC is PLC B offline as the PLC B is STOP links for diagnostic SWE2 Not significant because one of the two PLC is moge Offline 35012068 02 september 2007 205 System Detailed Behavior upon Failures Hardware or Firmware CPU Failure CPU Failure on Primary The following table presents CPU failure on Primary Before the event Remote I O state In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle e PLC A all connections with Ethernet devices are open I O scanner is active e PLCB all connections with Ethernet devices are closed I O scanner is not active PLCA Primary Ethernet I O scanner SCADA l PS CPU ETY SCYIDIG DIG IN JOU ETH SCP Port 114 H PS ETY ETH Port PLC B Standb y SCYIDIG DIG IN JOUT SCP 114 1 Event occurs Hardware or firmware failure on the processor This is a critical event because an automatic switch over Ethernet I O scanner SC dy PLCA Primary PS ETY ETH SCP Port 114 ADA DIG JDIG IN JOU eH PS ETY ETH P ortl PLC B Standby SCY DIG DIG IN JOU SCP 114 l 206 35012068 02 september 2007 System Detailed Behavior upon Failures
43. the execution time of the Mast task is increased Execution Time The execution time of the Mast task can be measured by reading system words Measurement e SW30 Execution time in ms of the last cycle e SW31 Execution time in ms of the longest cycle e SW32 Execution time in ms of the shortest cycle In both cyclic and periodic mode the Mast execution time is the sum T1 T2 T3 T4 T5 of the periodic mode is not taken into account First step To measure the execution time of the Mast task in a Premium Hot Standby configuration it is advised to measure first the execution time in standalone mode or with one of the two PLC in STOP with the Mast task configured in cyclic mode In this case there is no data exchange between the two PLCs and the execution time of the HSBY copro part T2 is reduced to its minimum execution time of the last Mast cycle SW30 T1 T2 T3 T4 Second step In a second step the execution time has to be measured with a Primary and Standby PLC Two cases have to be taken into account 1 The data exchange has no impact on the Primary cycle time Lag Cycle n Cycle n 1 Ti T2 T3 T4 Primar Input HSBY Application Output Input HSBY Application Output ary drivers copro program drivers drivers copro program drivers Data base exchange Data base exchange E First Output Input Standby Wait H
44. upon Failures After the event In rack Discrete I O state e PLC A main rack processed normally a a da ia e PLC A ext rack powered off ie ne Standby PS CPU ETY SCYIDIG DIG IN JOUT ETH SCP Port 114 e PLC B PLC A output applied Primary PS ETY ETH Port S Remote 1 0 state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active SCYIDIG DIG IN JOUT SCP 114 est sd T F i Global status Communication Customer diagnostic through Ethernet address status The process is still active but with Both PLCs are SWE1 1000 0000 0000 1110 some Discrete and Analog I Os that accessible e The accessed PLC is PLC A primary are not processed If needed the through terminal e The other PLC is PLC B standby customer can request a switchover by ports Modbus SW62 0000 0000 0000 0000 setting a bit in the primary application links and Ethernet The other PLC no fault command register if there is no fault in links for the other PLC diagnostics Primary PLC error bit I1 x mod err of all the modules in the extended rack set to 1 214 35012068 02 september 2007 System Detailed Behavior upon Failures Power Failure on Standby Extendable Rack PLC The following table presents power failure on an extendable
45. 0 0 e ee eee eee eee 236 Hardware Failure of the SCP card in SCY 0 0 0 0 cece ee eee ee 239 ek ce Greek Gia ale Me irae a ale aye whee arg Gb a oleae Gaal aiare Beene E 253 aia baat Ae ee E E E aaa ete oe Daud Webb ieee 269 35012068 02 septembre 2007 Safety Information Aa Important Information NOTICE Read these instructions carefully and look at the equipment to become familiar with the device before trying to install operate or maintain it The following special messages may appear throughout this documentation or on the equipment to warn of potential hazards or to call attention to information that clarifies or simplifies a procedure that an electrical hazard exists which will result in personal injury if the The addition of this symbol to a Danger or Warning safety label indicates instructions are not followed injury hazards Obey all safety messages that follow this symbol to avoid This is the safety alert symbol It is used to alert you to potential personal A possible injury or death A DANGER DANGER indicates an imminently hazardous situation which if not avoided will result in death or serious injury A WARNING WARNING indicates a potentially hazardous situation which if not avoided can result in death serious injury or equipment damage A CAUTION CAUTION indicates a potentially hazardous situation which if not avoided can result in injury or equipment d
46. 0 0000 186 Executing the OS Upgrade Procedure 000 cece eee eens 187 Appendices cpcaGeacehawts dreds tan iai iiaea te aeaa ees 189 Appendices for Premium Hot Standby 00 00 e eee eee eee 189 35012068 02 septembre 2007 5 Appendix A Additional Information 0 00 e ee eee eee 191 Appendix B INTFOGUCTION ac snee hesca Mey gcd ER beg T er a E ade atte aaa aa ee die 191 CPUs TSX H57 24M TSX H57 44M Specifications for Premium Hot Standby 192 VOX DS vsecite Wada as tacit seth eases Bee A coda ee date i ak Rha Soe a wae 198 System Detailed Behavior upon Failures 199 INTFOGUCTION Fines 5 dedox e aa a aye ached E e E dies 199 Overview of Failures 0 0 0 0c ccc ee eee eee ee 200 Halt or Stop Events on PLC eee 203 Hardware or Firmware CPU Failure 0 0 0 0 206 Power Failure on the Main Rack 0 00 e ee eee eee eee 209 Power Failure on an Extendable Rack 0000 e eee eee eens 213 Hardware or Firmware ETY failure 0 0 0 0 0 cece ee eee 217 Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA 220 Failure on the Ethernet Copro 0 0 0 0 cece cette ee 223 CPU sync link failure between Primary and Standby PLCs 226 Monitored ETY and I O Scanner Disconnection 00000 eee 228 Full Ethernet I O Link Disconnection 0 0 00 e eee eee ee 234 Hardware Failure of a Digital Module 0
47. 012068 02 september 2007 135 Programming Debugging For an impulse command to positive logic with the delay less than Tpulse Timpulsion C C On Primary PLC delay l l Timpulsion lt gt On Standby PLC l l Timpulsion delay l 1 Result OR logic of outputs For an impulse command to positive logic with the delay more than Tpulse Tpulse On Primary PLC On Standby PLC Tpulse Tpulse Result OR logic of outputs 136 35012068 02 september 2007 Programming Debugging For an impulse command to negative logic with the delay less than Tpulse Tpulse On Primary PLC A delay l l iy Tpulse On Standby PLC o I gt l l l l l l l Result kaa os delay OR logic of outputs i On Primary PLC lt 5 l delay lt _ gt l l l Tpulse On Standby PLC l lt gt Result OR logic of outputs 35012068 02 september 2007 137 Programming Debugging Local I O management It is possible to manage actuators locally in both PLC In this case actuators are not connected in parallel on two output modules but directly to one output module in each PLC They may be written with different values at the same time depending on the application program processing A CAUTION RISK OF EQUIPMENT DAMAGE When actuators are managed locally in each PLC the output values must be evalua
48. 155 Ata Glance tinaniman Geena Sond enlace ieee ca kesh ee he 155 Operating modes overvieW 0 0 0 0 ccc eet 156 Conditions for Switch over 0 0 0 0 ect tees 158 Chapter 8 Maintaining 20 cece ee eee eee eee 163 Introduction fos s s A secs se ten haba steeds dos a E Bsa ee eg ee at ate 163 Verifying the Health of a Premium Hot Standby 0055 164 Detecting and Diagnosing Failures in a Premium Hot Standby 165 Detecting Primary CPU and ETY sync link failures 0 0 167 Detecting Standby CPU and ETY sync link failures 04 168 Detecting CPU sync Link Failures 00 00 e eee eee eee 169 Checking for Identical Application Programs Checksum 170 Replacing a Faulty Module 0 0 eee ett eee 171 Troubleshooting a Hot Standby PLC 0 000 c eee eee eee 172 Part Ill Modifying and Upgrading 00ee eens 175 Ata GIANG 2 raana E od ton tN eee arate ead eE Sheer at geese amp 175 Chapter 9 Handling Application Modification 45 177 Introductio eii r a A a GR SS Se we 177 Understanding Premium Hot Standby Logic Mismatch 178 Online Offline Modifications to an Application Program 179 Chapter 10 Handling CPU OS Upgrade 0c e eee eee 185 IMtrOGUCtION 3 95 eck See iy eS ec ie SA Sy wee 185 Overview of Premium Hot Standby OS Upgrade
49. 2 Offline Offline 0 0 0 1 1 0 1 1 CS PLC A PLC B Primary Offline PLC A PLC B Primary Offline When the action is done the two bits are automatically set to 1 by the system 35012068 02 september 2007 159 Operating Switch over on The following figure displays the behavior when a power supply failure or a main Primary failure processor crash occur on the Primary PLC PLCA Primary Input drivers Copro access Application program a Output i drivers Output module Power failure Cycle n 1 Cycle n Write data a Full program Write data Full program Offline Fallback mode to 0 Data exchange on ETY sync link PLC B Standby Copro access Application program Output drivers Input drivers Wait amp Switch over Output Wait Read data First section _ irst section Full program es f Cycle n 1 Wait Cycle n mae Wait and Switch over a oe module Physical output Note During the switch over the physical output is maintained at the last value received from the Primary PLC When the PLC B starts in Primary mode the l object are refreshed from the physical input parallel cabling The application program calculates the new output values and applies these values on the output module 160 35012068 02 september 2007 Operating A WARNING RISK OF U
50. 3 System Detailed Behavior upon Failures Before the event After the event In rack Discrete I O state e PLC A calculated and applied at end of the task cycle e PLC B fallback position Ethernet I O scanner SCADA k PLC B Remote I O state ue Offine PS CPU JeTYJETY ocYppiG pic PS Kru JeTYJETY oCY piG plc e PLC A all connections with Ethernet devices are open I O amf fin put Hi IN Jou scanner is active ii i i i e PLCB all connections with Ethernet devices are closed B ii I O scanner is not active l Global status Communication status Customer diagnostic through Ethernet address SWE61 0000 0000 0100 0110 The process is still active but the system is no longer redundant as long as the Ethernet copro of Both PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics e The CPU sync link is NOK e The accessed PLC is PLC A Primary e The other PLC is PLC B undefined PLC A is in failed mode SWE2 Not significant because one of the two PLC is undefined 224 35012068 02 september 2007 System Detailed Behavior upon Failures Failure on The following table presents failure hardware or firmware on the Ethernet Copro of Standby the Standby PLC Ethernet Copro Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cyc
51. 35012068_02 abrando oO Electric Premium Hot Standby with Unity User Manual 35012068 02 september 2007 eng www telemecanique com 35012068 02 september 2007 Table of Contents Safety Information 2 0 cee e eee eee eee 7 About the BOOK i 40 eee vie eae tN ee ee ewe es 9 Part Introduction 6 cccccsas es ieee dee eee anew eee 13 Ata Glanee eves spite ee alan dee dade ee eA ite he a 13 Chapter 1 Overview 2 2 ccc cece eee eee eee eee 15 Introduction ie na sth G eee nea eal va EE ee fed ly a aes ed ais fee oS aL 15 Overview of the Premium Hot Standby System 0000 eee eaee 16 Premium Hot Standby CPUs Overview 0002 cece eee eens 18 Premium Hot Standby System Overview 0 0 cece eee eee eee 20 Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M Components 22 Using Premium Hot Standby CPUs LED indicators 00 23 Chapter 2 Compatibility Differences and Restrictions 25 Introductionis s r siaii daniel bai a a ieee be bbe i ra 25 Compatibility with Installed PL7 System 0 0 0 0 cece eee eee 26 Understanding System Words and System Bits nanan aana aaa 27 Understanding Multitasking Restrictions anasa uaaa 28 In rack I O and Ethernet I O Restrictions unuan 00 00 eee eee eee 29 Allowed Module in Premium Hot Standby 00000 e eee eee eee 30 Understanding USB and Uni Telway Link Rest
52. 7 After completing the OS download perform application program transfer 8 Put the PLC in RUN mode Ensure PLC becomes Standby 9 Connect Unity Pro to the other PLC that is the Primary through Uni Telway terminal port 10 Stop the Primary Ensure Standby becomes Primary 11 Disconnect Unity Pro 12 Open the OSLoader tool 13 Download the new OS 14 After completing the OS download perform application program transfer 15 Put the PLC in RUN mode Ensure PLC becomes Standby 16 Perform a switchover or connect Unity Pro to the Primary Ensure Standby becomes Primary 17 Access Command Register SW60 set bit 4 to 0 OS version mismatch not allowed 35012068 02 september 2007 187 Handling CPU OS Upgrade 188 35012068 02 september 2007 Appendices Appendices for Premium Hot Standby At a Glance What s in this Appendix The appendices for the Premium Hot Standby are included here The appendix contains the following chapters Chapter Chapter Name Page A Additional Information 191 B System Detailed Behavior upon Failures 199 35012068 02 september 2007 189 Appendices 190 35012068 02 september 2007 Additional Information Introduction Overview What s in this Chapter This chapter describes the design specifications and error codes This chapter contains the following topics Topic Page CPUs TSX H57 24M TSX H57 44M Sp
53. A TELEFAST connection block TELEFAST connection block ABE7 acci1 1 ABE7 ACC10 connection i connection block block Sensors Actuators 1 ABF H20H008 0 08 m 3 15 in 2 TSX CDP 3 The cabling for the sensor or actuator is standard and is used according to the TELEFAST terminal block selected The terminal blocks ABE7 ACC10 and ABE7 ACC11 have a modularity of 16 channels They are completely passive and equipped with anti return diodes on each of the channels The following illustration displays the terminal block ABE7 ACC1X 62 35012068 02 september 2007 Setting up Installing and Cabling Other Assemblies Analog Input module cabling The authorized input output modules are modules with positive logic equipped with HE 10 connectors It is possible to use other input output modules with a screwed terminal or negative logic In this case the ABE7 ACC10 and ABE7 ACC11 cannot be used any more and it is important to guarantee the independance of the channels by using anti return diodes For a analog input a signal duplicator can be used e g JM Concept JK3000N2 The following illustration displays an example of sensor cabling Primary Standby a J a a Eh e lt lt lt lt lt AAV ne Ala E Ala Ala AAV ASG oo S Signal Duplicator 35012068 02 september 2007 63 Setting up Installing and Cabling Analog Output For analog
54. CPUs are equipped with two receptacles A and B in which to install PCMCIA cards PCMCIA is a standard type of memory card Norms and The TSX H57 24M and TSX H57 44M are compliant with the following company classifications standards e Non Maritime CE ICE UL CSA Hazardous location by CSA aritime BV DNV Lloyd s GL RINA ABS e e gt o gt o gt Z0 o o o 35012068 02 september 2007 19 Overview Premium Hot Standby System Overview System The following graphic shows a typical architecture example for a Premium Hot Components Standby System Primary Premium Hot Standby Extension modules 10 niela lt x lt m MONITOR me PRO A Modbus TCP device A Modbus Slave A Modbus 16 Slave The following table describes the items of typical architecture example for a Premium Hot standby Items Description 1 Main rack 2 Power supply 3 PLC processor TSX H57 22M or TSX H57 44M 4 Ethernet modules TSX ETY 4103 5103 with Monitored ETY that manages an I O scanner ring 5 Discrete Input module example TSX DEY 64D2k Discrete Output module example TSX DSY 64T2k Analog Input module example Low level isolated Inputs termocouples temperature probes TSX AEY 414 8 Analog Output module example Isolated Output s TSX ASY 410 20 35012068 02 septembe
55. E In case of CPU replacement the identification A B of the 2 PLCs can be inverted Respect this specially if the application requires a strong link between the geographical position of each PLC and its identification Failure to follow these instructions can result in injury or equipment damage 152 35012068 02 september 2007 Operating MAC Address Examples of two MAC Addresses The MAC address visible on the front panel of the PLC is a 48 bit number written in hexadecimal notation 6 pairs of 2 digits The digits used to represent numbers using hexadecimal notation are 0 1 2 3 4 5 6 7 8 9 A B C D E and F Rules to compare two MAC addresses e The two MAC addresses must be compared from left to right e Assoon as there are different digits in the same position in each MAC address the higher MAC address is the one where the digit is higher First example e MAC1 00 80 F4 01 6E E1 e MAC2 00 80 B4 01 6E E1 The MAC1 is higher than the MAC2 Second example e MAC1 00 80 F4 01 6E E1 e MAC2 00 80 D4 01 6F E1 The MAC1 is higher than the MAC2 35012068 02 september 2007 153 Operating Stopping the Premium Hot Standby Principle Stopping a Premium Hot Standby System is identical to stopping a simple PLC but respecting the following stop order e Stop the Standby PLC e Stop the Primary PLC If the Standby PLC is not stopped first a switch over would occur
56. ERP Enterprise Resource Planning ERP systems F FBD FBD is the abbreviation of Function Block Diagram 35012068 02 september 2007 259 Glossary FBD is a graphic programming language that operates as a logic diagram In addition to the simple logic blocks AND OR etc each function or function block of the program is represented using this graphic form For each block the inputs are located to the left and the outputs to the right The outputs of the blocks can be linked to the inputs of other blocks to form complex expressions FDR Faulty Device Replacement FFB Collective term for EF Elementary Function EFB Elementary Function Block and DFB Derived Function block FTB Temperature base factor FTM Field Terminal Module FTP File Transfer Protocol Function see EF Function Block see FBD Diagram G GRAY Gray or reflected binary code is used to code a numerical value being developed into a chain of binary configurations that can be differentiated by the change in status of one and only one bit This code can be used for example to avoid the following random event in pure binary the change of the value 0111 to 1000 can produce random numbers between 0 and 1000 as the bits do not change value altogether simultaneously Equivalence between decimal BCD and Gray Decimal 0 1 2 3 4 5 6 7 8 9 BCD 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 Gray 0000 0001 0011 0010 0110 0111 0101 0100 1100 1101
57. In rack I O and the Ethernet I O 35012068 02 september 2007 29 Compatibility Differences Restrictions Allowed Module in Premium Hot Standby General The following table presents the redundant modules supported by the Premium Hot Standby Designation Reference Function Quantity Communication Ethernet TCP IP communication TSX ETY 4103 5103 Ethernet TCP IP module with transparency 2xn module for redundant Version min 4 0 of addressing for third party devices applications SCADA HMI Modbus communication module TSX SCY 21601 Communication Modbus master and support 2xn Version min 2 1 of PCMCIA TSX SCP 114 Modbus communication module TSX SCY 11601 Communication Modbus Master 2xn Multi protocol card TSX SCP 114 RS Modbus slave communication with 2xn 485 Version min 1 7 transparency of addressing for third party Master devices 1 Discrete inputs outputs modules Discrete inputs modules TSX DEY K Discrete input modules with HE10 2xn connectors Discrete outputs modules TSX DSY K Discrete output modules with HE10 2xn connectors Discrete inputs outputs modules TSX DMY K Discrete event reflex input output modules 2xn with HE10 connectors Discrete inputs modules TSX DEY Discrete input modules with screw terminal 2xn block Discrete outputs modules TSX DSY Discrete output modules with screw terminal 2xn block Preventa Safety modules TSX PAY Saf
58. JO 0 All ETY have the minimum version 1 At least one ETY do not have minimum version 0 No Monitored ETY OS version Mismatch 1 Monitored ETY OS version Mismatch 0 Configured IP or Modbus address 1 Configured IP or Modbus address 1 0 The Hot Standby Copro has not been activated 1 The Hot Standby Copro is active 35012068 02 september 2007 111 Configuring System Words SW61 0 to SWE61 3 System Word SW61 4 System Word SWE61 5 System Word SWE61 6 System Word These four bits display the states of the local and remote Hot Standby controllers Status of local PLC e SW61 1 0 and SW61 0 1means local PLC is in OFFLINE mode e SW61 1 1 and SW61 0 0 means local PLC is running in Primary mode e SW61 1 1 and SW61 0 1 means local PLC is running in Standby mode Status of remote PLC e SW61 3 0 and SW61 2 1means remote PLC is in OFFLINE mode e SW61 3 1 and SW61 2 0 means remote PLC is running in Primary mode e SW61 3 1 and SW61 2 1 means remote PLC is running in Standby mode e SW61 3 0 and SW61 2 0 means remote PLC is not accessible Power off no communication SW61 4 is set to 1 whenever a logic mismatch is detected between the Primary and Standby controllers SW61 5 is set to 0 or 1 depending on the Ethernet copro MAC address e SW61 5 0 means the PLC with the lowest MAC address becomes
59. LC Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 65 Setting up Installing and Cabling Connecting Ethernet I O Ethernet I O cabling As described before the link between the two monitored ETY modules ETY sync link is used to transfer information to diagnose the Hot Standby system It can also be used to manage Ethernet I O devices by configuring an Ethernet I O scanner in each monitored ETY The following architectures can be used e Low level architecture two standard Ethernet switches connected to each monitored ETY e High level architecture several Ethernet ring switches connected to the Ethernet devices For using hubs or switches in different network topologies like star tree or ring refer to ConneXium catalog and Transparent Ready technical publications 66 35012068 02 september 2007 Setting up Installing and Cabling Connecting Modbus Modbus Slave The Modbus Slave function is used from the card PCMCIA TSX SCP 114 This link on RS485 may be located only in the module TSX SCY 21601 It is preferable for the network two wires polarization to be implemented by the Master Modbus equipment The following illustration displays a Modbus Slave link on RS485 two wires TSX SCP 114 a TSX SCA5O L TSX SCP CM 4030 35012068 02 september 2007 67 Setting up Installing and Cabling
60. MWx 12 SW62 12 discrete module state by copy of l1 4 mod err MWx 13 SW62 13 discrete module state by copy of l1 5 mod err MWx 14 SW62 14 discrete module state by copy of l1 6 mod err 202 35012068 02 september 2007 System Detailed Behavior upon Failures Halt or Stop Events on PLC Halt or Stop on Primary PLC The following table presents Halt or Stop events on Primary PLC Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task Ethernet I O scanner SCADA l 1 cycle t Eee e PLC B PLC A output applied at the end of task y Standby PS CPU Er cypis ps Ps ro ety scyyols pis cycle IN fout IN four Remote I O state E SP ETH seh e PLC A all connections with ethernet devices are Port 114 Port 114 open I O scanner is active e PLC B all connections with ethernet devices are closed I O scanner is not active Event e HALT instruction e Watch dog overflow Ethernet VO scanner SCADA 3 ee R Program execution error division by 0 overflow PLCA PLCB etc with S78 1 Primary Standby PS CPU E cypis DIS Ps cru ety cypis pis e STOP command Ww tour In tour This is a critical event because an automatic switch ETH SCP ETH SCP over occurs ie fe 35012068 02 september 2007 203 System Detailed Behavior upon Failures After the event
61. NINTENDED EQUIPMENT OPERATION When an output is set to 1 in the cycle preceding the Event example Power Failure there is a risk of having a pulse to 0 on the Probe To avoid that use in rack I O for applications that can support this kind of pulse Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 161 Operating 162 35012068 02 september 2007 Maintaining Introduction Overview This chapter provides information about Maintaining a Premium Hot Standby System What s in this This chapter contains the following topics Chapter Topic Page Verifying the Health of a Premium Hot Standby 164 Detecting and Diagnosing Failures in a Premium Hot Standby 165 Detecting Primary CPU and ETY sync link failures 167 Detecting Standby CPU and ETY sync link failures 168 Detecting CPU sync Link Failures 169 Checking for Identical Application Programs Checksum 170 Replacing a Faulty Module 171 Troubleshooting a Hot Standby PLC 172 35012068 02 september 2007 163 Maintaining Verifying the Health of a Premium Hot Standby Generating and Sending Health Messages Performing Automatic Confidence Tests Conducting Startup Tests Conducting Run Health messages are exchanged between the Primary PLC and the Standby PLC If the Primary has an error the Standby is notified and assu
62. PLC A e SW61 5 1 means the PLC with the highest MAC address becomes PLC B Note To perform the MAC address comparison the two PLCs have to be connected with the CPU sync link This bit indicates if the CPU sync link between the 2 PLC is valid e SW61 6 0 means the CPU sync link is valid The contents of bit 5 is significant e SW61 6 1 means the CPU sync link is not valid In this case the contents of the bit 5 is not significant because the comparison of the 2 MAC addresses cannot be performed This bit indicates if there is a Main Processor OS version mismatch between Primary SW61 7 and Standby e SW61 7 0 means no OS version firmware mismatch e SW61 7 1 means OS version mismatch If OS version mismatch is not allowed in the command register bit 4 0 the system will not work as redundant as soon as the fault is signaled 112 35012068 02 september 2007 Configuring System Word SW61 8 System Word SW61 9 System Word SW61 10 System Word SW61 13 System Word SW61 15 This bit indicates if there is a COPRO OS version mismatch between Primary and Standby e SW61 8 0 means no COPRO OS version mismatch e SW61 8 1 means COPRO OS version mismatch If OS version mismatch is not allowed in the command register bit 4 0 the system will not work as redundant as soon as the fault is signaled This bit indicates if at least one ETY module does not have the minimum versi
63. Port 114 PLC A Global status Communication status On Customer diagnostic through Ethernet address The process is still active but the system is no longer redundant as long as the Ethernet I O link is disconnected on the PLC B side e Normal access to PLC A through terminal port and Modbus link for diagnostics e Normal access to PLC B through terminal port and Modbus link and Ethernet link for diagnostics If an HMI SCADA is connected to the switch diagnosis is no longer possible through Ethernet SWE61 1000 0000 0000 0110 The accessed PLC is PLC A primary e The other PLC is PLC B offline SWE2 Not significant because one of the two PLC is Offline 35012068 02 september 2007 231 System Detailed Behavior upon Failures I O Scanner The following table presents I O Scanner Disconnection on the I O link side the Disconnection Monitored ETY is managing an I O Scanner on I O link Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task Ethemet vos scanner SCADA cycle k H PLC A Switch itch Switch itch PLC B e PLC B PLC A output applied at the end of task cycle Primary ulus wite Standby Remote O state PS CPU SCY DIG DIG PS CPU SCY DIG DIG IN JouT IN JOUT e PLC A all connections with Ethernet devices are open I O sc
64. Realtime Clock Tab Realtime Clock Tab Description Description of the Task tab Item Option Value Description Events State XXX Status information of events available Online Number XXX N A Activate or Disable all Click button Button to control the events Start reStart Warm Start Click button To initialize Warm Start Cold Start Click button To initialize Cold Start Output fallback Applied Outputs N A To Stop the Fallback mode Output Fallback N A To switch the outputs into Fallback mode Last Stop Read only e Day Indicates the day date time and e DD MM YY cause of the last controller stop e Time Unity Pro Realtime clock tab dialog i PLc Screen 15 Task PLC Date and Time Tuesday 01 January 2002 12 00 00 AM r PC Date and Time Thursday 25 September 2003 Information User Date and Time E September gt SurMon TueWedThu Fri Sat 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 19 20 21 22 23 24 26 27 Date 25 09 2203 S Time 2 36 42 AM i gt 28 A 3 1 2 3 4 nel Bere gt oe ane fey REG aa PLC Dat Description of the Realtime clock tab Item Option Description PLC Date and Time Read only Indicates the current PLC date and time PC Date and Time Update PC gt PLC time Updates the PLC with the PC system User Date and Time
65. S ACT RUN ERR STS ETY fault Software operation error D O X xX O Temporary state causing module re initialization ETY fault e 2 flashes on ETY STS LED D S amp X X 4 X z module has no MAC address e 3 flashes on ETY STS LED Ethernet cable not connected on the module or Hub side e 4 flashes on ETY STS LED the module IP address is duplicated e 5 flashes on ETY STS LED module configured as a BOOTP client and is waiting for a BOOTP server response e 6 flashes on ETY STS LED invalid IP address Module is set to its default IP address LED Description Permanently ON Normal flashing 500 ms ON 500 ms OFF Standby flashing 2 5 s ON 500 ms OFF Offline flashing 2 5 s OFF 500 ms ON OFF No significant lt O 18 STD 35012068 02 september 2007 173 Maintaining 174 35012068 02 september 2007 Modifying and Upgrading At a Glance Purpose This part describes Modifying and Upgrading in a Premium Hot Standby System e Handling application Modification e Handling CPU OS Upgrade What s in this This part contains the following chapters 2 Part Chapter Chapter Name Page 9 Handling Application Modification 177 10 Handling CPU OS Upgrade 185 35012068 02 september 2007 175 Modifying and Upgrading 176 35012068 02 september 2007 Handling Application Modification
66. SBY copro Section drivers drivers T 144 35012068 02 september 2007 Programming Debugging In this first case the execution time of the HSBY part T2 is increased with the time required to copy the data base from the CPU memory to the HSBY copro shared memory execution time of the last Mast cycle SW30 T1 T2 T3 T4 with T2 T2 time to copy the data base from the CPU memory to the copro shared memory 2 The data exchange has an impact on the Primary cycle time Cycle n Cycle n 1 gt lt a p Wait HSBY Application Output Input Application Output copro program drivers drivers Wait HSBY copro program drivers Primary T1 T2 T3 T4 Standby Data base exchange gt First Output Input Wait HSBY copro Section drivers drivers In this second case the execution time of the HSBY part T2 is increased with the time to be waited until the complete transmission of the data base execution time of the last Mast cycle SW30 T1 T2 T3 T4 with T2 T2 time to copy the data base from the CPU memory to the copro time to transmit all the data on the network and free the copro shared memory 145 35012068 02 september 2007 Programming Debugging Third step In a third step the execution time can be measured with the Mast task operating in periodic mode But this mode may
67. SCADA SCY DIG JDIG IN JOU SCP 114 SCP 114 1 PS CPU DIG DIG IN JOU fe Port 234 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A Fallback position Ethernet 1 0 scanner SCADA i pi k H e PLC B Fallback position Remote I O state e PLC A all connections with Ethernet devices are closed i fa i Me S Re i an 1 O scanner is not active e PLC B all connections with Ethernet devices are closed F F 1 O scanner is not active Global status Communication status Customer diagnostic through Ethernet address The process is no The 2 PLCs are accessible through SW61 1000 0000 0000 0101 longer active and the terminal ports and Modbus links for The accessed PLC is PLC A offline Hot Standby system is diagnostics If an HMI SCADA is e The other PLC is PLC B offline no longer redundant connected to the failed switch as long as the switch diagnosis is no longer possible remains failed through Ethernet SWE2 Not significant because the two PLCs are Offline Note To have a new Primary after the switch replacement it is required to perform a Stop Run command on one of the 2 PLCs The other one becomes Standby A WARNING Risk of unintended equipment operation When the I O Scanning service is used in the monitored ETY we adv
68. Standby V O objects r Topological address of the monitored Ethernet module Rack Slot Select an ETY topological address The monitored AALA KULA MN IT Ler Ui Cele IGES is able to be th 0 3 Ethernet modules must be monitored for failures and switch over by the user application r Command Register SW60 Standby On Logic Mismatch Offline Online r Non Transfer area Start MW 0 Length 100 35012068 02 september 2007 85 Configuring Hot Standby Tab Description of the Hot Standby tab Description Item Option Description Topological address Rack Slot This combo is filled by the existing of the monitored addresses of ETY cards Ethernet module Command Register Standby On Logic The Standby On Logic Mismatch is only Mismatch in Offline Non transfer area Start MW MWO to 99 Data are not transferred Length 86 35012068 02 september 2007 Configuring Configuring In rack I O How to configure For configuring In rack I O discretes and analog refer to the following Unity Pro In rack I O user manuals e Premium and Atrium using Unity Pro Discretes I O modules user manual e Premium and Atrium using Unity Pro Analog Input Output user manual A CAUTION RISK OF EQUIPMENT DAMAGE To prevent the freeze of discrete output bits when one on the two PLCs fails you must configure output modules
69. Wait and Copro access including MW objects Copro access Mast First Mast First section cant section MAST Mast Other cycle Mast Other task sections sections ee Output images Not executed are calculated by ma the program MW Output Phase OUT Phase OUT memory ETY Out Driver ETY Out image Driver CPU E CPU E y Y 35012068 02 september 2007 127 Programming Debugging Operation cycle As described in the two above graphics the role of each PLC is different according to the Hot Standby mode e PLC in Primary mode e Performs all the application sections comprising the first section Acquires the local input for the in rack modules Updates the local output of the in rack modules Sends the database to the Standby PLC Manage the Ethernet I Os of the dedicated ETY I O scanner table Retrieves diagnostic information from the Standby PLC Manages its own diagnostic information and the information of the Hot Standby Premium system Monitor health of Power Supply CPU and In rack modules PLCI in Standby mode e Only the first section of the application program is executed e Acquires the local input for the in rack modules e Applies the output images received from the Primary to the output of the local in rack modules e Receives from the Primary the Ethernet I O images e Retrieves diagnostic information from the Primary PLC e Manages own diagnostic information and the information from the Hot Standby Premium system e Monitors health o
70. _DATE_AND_TIME ANY_ARRAY_DATE NY_ARRAY_TIME_OF_DAY ANY_ARRAY_EBOOL ANY_ARRAY_ANY_DDT ANY_STRUCTURE ANY_DDT ANY_IODDT ANY_FFB ANY_EFB ANY_DFB 254 35012068 02 september 2007 Glossary ARRAY An ARRAY is a table of elements of the same type The syntax is as follows ARRAY lt terminals gt OF lt Type gt Example ARRAY 1 2 OF BOOLis a one dimensional table made up of two BOOL type elements ARRAY 1 10 1 20 OF INT is a two dimensional table made up of 10x20 INT type elements B Base 10 literals Base 16 Literals Base 2 Literals Base 8 Literals BCD A literal value in base 10 is used to represent a decimal integer value This value can be preceded by the signs and If the character _ is employed in this literal value it is not significant Example 12 0 123_456 986 A literal value in base 16 is used to represent an integer in hexadecimal The base is determined by the number 16 and the sign The signs and are not allowed For greater clarity when reading you can use the sign _ between bits Example 16 F_F or 16 FF in decimal 255 16 E_0 or 16 0 in decimal 224 A literal value in base 2 is used to represent a binary integer The base is determined by the number 2 and the sign The signs and are not allowed For greater clarity when reading you can use the sign _ between bits Example 2 1111_1111 or 2 11111111 in decimal
71. ables a Hot Standby system to operate with different versions of the OS running on the Primary and Standby 110 35012068 02 september 2007 Configuring Understanding the Unity Status Register Bits in the Hot The Hot Standby Status Register is a readable register located at system word Standby Status SW61 and is used to monitor the current machine status of the Primary and Register Standby Both the Primary and the Standby Offline have their own copy of the Status register The Status register is not transferred from Primary to Standby Each PLC must maintain its local Status Register based on the regular communication between the two controllers The following illustration identifies the operating options provided by the Status Register This PLC in Offline status 0 1 This PLC running in Primary status 1 0 This PLC running in Standby status 1 1 Peer PLC in undefined mode 0 0 Peer PLC in Offline mode 0 1 Peer PLC running in Primary mode 1 0 Peer PLC running in Standby mode 1 1 No logic Mismatch between PLC and Peer PLC 0 __ Logic Mismatch between PLC and Peer PLC 1 This PLC set as Unit A 0 This PLC set as Unit B 17 CPU sync link OK 0 CPU sync link NOK 1 No main processor OS version Mismatch 0 Main processor OS version Mismatch 17 No Copro OS version Mismatch 0 Copro OS version Mismatch 17 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
72. age Structured Text language is an elaborated language close to computer programming languages It enables you to structure series of instructions STB Standard Terminal Block STRING A variable of the type STRING is an ASCII standard character string A character string has a maximum length of 65534 characters 35012068 02 september 2007 265 Glossary T TFTP Trivial File Transfer Protocol TIME The type TIME expresses a duration in milliseconds Coded in 32 bits this type makes it possible to obtain periods from 0 to 2 32 1 milliseconds The units of type TIME are the following the days d the hours h the minutes m the seconds s and the milliseconds ms A literal value of the type TIME is represented by a combination of previous types preceded by T t TIME or time Examples T 25h15m t 14 7S TIME 5d10h23m45s3ms Time literals The units of type TIME are the following the days d the hours h the minutes m the seconds s and the milliseconds ms A literal value of the type TIME is represented by a combination of previous types preceded by T t TIME or time Examples T 25h15m t 14 7S TIME 5d10h23m45s3ms TIME_OF_DAY see TOD TOD TOD is the abbreviation of Time of Day The TOD type coded in BCD in 32 bit format contains the following information e the hour coded in a 8 bit field e the minutes coded in an 8 bit field e the s
73. ailure on an Extendable Rack p 213 Hardware or Firmware ETY failure See Hardware or Firmware ETY failure p 217 Hardware or Firmware Failure on ETY See Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA Dedicated to HMI and SCADA p 220 Failure on the Ethernet Copro See Failure on the Ethernet Copro p 223 CPU sync link failure between Primary and See CPU sync link failure between Primary Standby PLCs and Standby PLCs p 226 1 0 Scanner Disconnection See Monitored ETY and I O Scanner Disconnection p 228 Full Ethernet I O Link Disconnection See Full Ethernet I O Link Disconnection p 234 Hardware Failure of a Digital Module See Hardware Failure of a Digital Module p 236 Hardware Failure of the SCP card in CPU or See Hardware Failure of the SCP card in SCY SCY p 239 166 35012068 02 september 2007 Maintaining Detecting Primary CPU and ETY sync link failures Non mastered Primary CPU failure Mastered Primary CPU failure Primary ETY sync link failure The following table presents a Non mastered Primary CPU failure Stages Description 1 A communication error occurs in the Standby Copro that manages the CPU sync link Standby Copro reports this error to the Standby CPU Standby CPU sends a message to its local Monitored ETY to get a status of the ETY sync link Because the Primary PLC is not responding the Standby CPU gets a wrong status from its local Monitor
74. amage 35012068 02 september 2007 Safety Information PLEASE NOTE Electrical equipment should be installed operated serviced and maintained only by qualified personnel No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this material 2007 Schneider Electric All Rights Reserved 35012068 02 september 2007 About the Book At a Glance Document Scope This guide describes the Premium Hot Standby System consisting of the Unity Pro software the Premium Hot Standby processor TSX H57 24M or TSX H57 44M power supplies Ethernet I O and TCP IP Ethernet communication module TSX ETY 4103 5103 This guide describes how to build a Premium Hot Standby System Users of PL7 Warm Standby Premium systems should note that significant differences exist between Unity and PL7 systems and where important this guide identifies those differences Note Software Requirements Required to use a Premium Hot Standby e Unity Pro 3 0 or higher version e ETY 4103 5103 V4 0 or higher version Note Who should use this document Anyone who uses a Hot Standby system or needs fault tolerant availability through redundancy in an automation system You should have knowledge of programmable logic controllers PLCs You should possess a working knowledge of the Unity Pro software 35012068 02 september 2007 About the Book Validity Note
75. amage 35012068 02 september 2007 105 Configuring A CAUTION RISK OF EQUIPMENT DAMAGE To guarantee a proper operation in the system do not configure multiple ETY module to I O scan the same I O device or IP address Failure to follow these instructions can result in injury or equipment damage A CAUTION RISK OF EQUIPMENT DAMAGE To prevent a pulse on Scanned I Os when one of the two PLCs fails the user must configure output Ethernet devices with the Hold last value mode This configuration has to be done with the configuration tool that is provided with the Ethernet device For the Ethernet devices that only support the fallback to 0 position a pulse may appear during a switchover Failure to follow these instructions can result in injury or equipment damage FTP TFTP Server The File Transfer Protocol Trivial File Transfer Protocol FTP TFTP server is available as soon as the module receives an IP address Any FTP TFTP client can log on to the module Access requires the correct user name and password Premium Hot Standby allows only one active FTP TFTP client session per ETY module When the Hot Standby swap occurs the Primary and Standby ETYs close the FTP TFTP connection If a user sends an FTP TFTP request during the swap the communication is closed Whenever you re open communication you must re enter a user name and a password 106 35012068 02 september 2007 Confi
76. anner is active i a fe SCP e PLC B all connections with Ethernet devices are Port 114 Port 114 closed I O scanner is not active H Event I O scanner disconnection on the I O link The remote I O are no longer visible from both PLCs but the Ethemet 1 0 scanner SCADA diagnostic dialog between the 2 PLCs is still active x H This is not a critical event because there is no switch PLCA switch switch PLC B Primary Standby ONEI PS CPU SCY DIG OIG Ps CPU SCY DIG DiG IN JouT IN JouT te a i SCP Port 114 Port 114 OH 232 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of the task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA E mre PLC A Primary PS CPU SCY DIG DIG PS CPU IN JOUT fe a fe Port 114 Port PLC B Standby DIG DIG IN JOUT SCP 114 l Global status Communication status Customer diagnostic through Ethernet address The 2 PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics The process is still active on in rack I O but the system is n
77. ans ETY4103 replaces ETY4103 A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION Follow this informations 1 Perform a switch over if replacing a Primary 2 Do NOT remove a Primary controller with under powerer Hot Swap Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 171 Maintaining Troubleshooting a Hot Standby PLC Troubleshooting To determine which components have failed note PLC s status on CPU LED display Correct operation of the ETY is no the PLC and Monitored ETY LED display CPU LEDs Monitored ETY LEDs Failure type Description RUN ERR I O STS ACT RUN ERR STS No failure Normal state CPU in Primary OONO i No failure Normal state CPU in Standby Ox 0 OOO ms CPU faults Serious hardware or firmware fault X X xX X x xX X Correct operation of the CPU is no longer assured CPU no more Primary nor Standby Copro fault Copro auto tests failed Application Halt instruction watchdog 4 4 xX X X x X X fault overrun CPU in Offline mode ETY fault Module not configured or xX x xK X X 4 x configuration in progress ETY fault Serious hardware or firmware fault longer assured CPU is Offline 172 35012068 02 september 2007 Maintaining CPU LEDs Monitored ETY LEDs Failure type Description RUN ERR V 0 ST
78. applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are closed 1 0 scanner is not active e PLCB all connections with Ethernet devices are open I O scanner is active Etherne PLCA Offline tl k PS CPU ET Po 1 0 scanner SCADA PS ETY ETH Port PLC B Primary DIG DIG IN JOU X ETY H rt SCP 114 SCP 114 1 DIG DIG IN JOU Global status Communication status Customer diagnostic through Ethernet address The process is still active but the system is no longer redundant as long as the Ethernet I O link is disconnected on the PLC A side e Normal access to PLC A through terminal port and Modbus link for diagnostics If an HMI SCADA is connected to the switch diagnosis is no longer possible through Ethernet e Normal access to PLC B through terminal port Modbus link and Ethernet link for diagnostics SWE1 1000 0000 0010 0110 e The e The SWE2 Not significant because one of the two PLC is Offline accessed PLC is PLC B primary other PLC is PLC A offline 35012068 02 september 2007 229 System Detailed Behavior upon Failures Monitored ETY The following table presents Monitored ETY Disconnection on the Standby PLC side Disconnection the Monitored ETY is managing an I O Scanner on Standby Before the event In rack Discrete I O state e PLC A ca
79. area PLC 256 kilobytes 512 kilobytes Data in internal SRAM 192 kilobytes 440 kilobytes Maximum data storage size Legacy EFs 8 Mbytes 16 Mbytes only in PCMCIA DOS Files SRAM Not available Not available Located data MW Max 32464 Default 1024 Min 0 Located data M Max 8056 32634 Default 512 Min 0 Located data KW Max 32760 Default 256 Min 0 Located data SW 168 Located data S 128 Unlocated data max size 2 No limit 3 e EDT DDT EFB DFB e 1 Empty Terminal Support e 2 e EDT Elementary Data Types bool integers date real e DDT Derived Data Types structures e EFB DFB Function Blocks e 3 No limit means that the amount of Function Blocks is only dependant on the memory size Note EDT and DDT are in the same memory segment There is one memory segment per instance of EFB DFB 35012068 02 september 2007 193 Additional Information Application The following table presents the Application Structure of the CPUs Structure Services TSX H57 24M TSX H57 44M Mast task 1 cyclic periodic Fast task 1 periodic Auxiliary tasks 0 Event interrupt tasks IO Event Timer 64 Event IO Events Local IO 0 to 63 e Prior 0 evtO e Prior 1 evt1 to evt63 Timer interrupt event 0 Number of channels Local I Discrete I O 128 O per event Analog O
80. ata 832kb Help TSX MRP C 002M SRAM PCMCIA Prog 2048kb Data 1856kb TSX MRP C 003M SRAM PCMCIA Prog 3072kb Data 2880kb Do TSX MRP C 007M SRAM PCMCIA Prog 7168kb Data 6976kb 77 TSX MRP C 01M7 SRAM PCMCIA Prog 1792kb Data 1600kb TSX MRP C 448K FLASH PCMCIA Prog 448kb Data 352kb gt TSX MRP C 768K FLASH PCMCIA Prog 768kb Data 576kb r TSXMRP P 128K FLASH PCMCIA Prog 128kb 1 TSXMRP P 224K FLASH PCMCIA Prog 224kb TSX MRP P 384K FLASH PCMCIA Prog 384kb l SRAM Data storage TSX MRP F 004M SRAM PCMCIA Data or Files 4096kb TSX MRP F 008M SRAM PCMCIA Data or Files 8192kb 6 Add or replace the desired memory 35012068 02 september 2007 89 Configuring Swapping Network Addresses at Switch over Overview Handling TCP IP The following material describes handling network addresses at Switch over When used in a Premium Hot Standby System the Ethernet TCP IP network address at modules TSX ETY 4103 5103 support address swapping at switch over switch over The HSBY ETY module configured to I O scan shared Ethernet I O supports IP Address swapping of SCADA HMI systems Ethernet I O read write diagnostics and PLC switch over Note IP Address nnn nnn nnn 255 reserved to broadcast messages The user must not configure the Primary address as nnn nnn nnn 254 which would cause Standby IP address to be nnn nnn nnn 255
81. ata transfers at the beginning of every scan Output objects and command adjustment parameters Located Variables maximum 128 Kilobytes All Unlocated variables up to 300 Kilobytes on TSX H57 44M All instances of the DFB and EFB type SFC variable area A part of the System Bits and Words Note Forced Bits at Transfer At each scan all forced bits are transferred from the Primary to the Standby 40 35012068 02 september 2007 Behavior and Performances Understanding the Premium Hot Standby Data Base Transfer Process Hot Standby The following illustrates the transfer of data from the Primary to the Standby Transfer Diagram Scan n Primary PLC z IEC Logic Solve Comm Diag IEC Logic Solve Comm Diag IEC Logic Solve Diag CPU 1 gt User Data State RAM Located Unlocated Dat max 128 max 300 kilobytes a k i b b byt Copro yies es es oe User Data State RAM Located Unlocated Data max 128 max 300 kilobytes Standby PLC 438K 438K bytes by es Copro User Data State RAM Located Unlocated Data 1 st f 1st i Diag sectio Comm Diag Wait section Comm Diag Wait CPU gt q Scan n 1 Item CPU model Max Data size 1 TSX H57 24M 192 Kilobytes TSX H57 44M 440 Kilobytes 35012068 02 sept
82. ate IP address checking is only performed at power up of the Hot Standby PLC It is not performed during a switch over or after a removal replacement of the ETY Ethernet cable For continued Ethernet communication the new Primary ETY must have the same IP Address as the former Primary ETY The IP Address in the Standby ETY an ETY in the Standby state is IP Address 1 The ETYs integrated into the Premium Hot Standby configuration coordinate this IP Address swapping with the management of Ethernet services used A CAUTION RISK OF EQUIPMENT DAMAGE Do not use the address IP 1 For a Premium Hot Standby configuration do not use consecutive IP addresses for consecutive ETY modules configured Do not configure the Primary address as nnn nnn nnn 254 which would cause Standby IP address to be nnn nnn nnn 255 Doing that the ETY would then return the diagnostic code Bad IP configuration Failure to follow these instructions can result in injury or equipment damage 35012068 02 september 2007 103 Configuring Network Effects of Premium Hot Standby Overview Premium Hot Standby is a powerful feature of the ETYs a feature that increases the reliability of your installation Hot Standby uses a network and using the Hot Standby feature over a network can affect the behavior of Browsers Remote and Local clients I O Scanning service FTP TFTP server The following are factors you may encounte
83. ber 2007 Configuring Accessing the Base Configuration Accessing with Unity Pro After starting Unity Pro go to the X Bus in the Structural View of the Project Browser Step Action 1 Open the X Bus configuration editor either by double clicking on the X Bus or by selecting the X Bus and executing right click Open A graphical representation of the local bus appears in the configuration editor 2 Select the Premium Hot Standby CPU module and right click The context menu appears Bus 0 TSX H57 24M v E 1m 3 4 Cut Copy Paste Delete Module Open Module Move Module Replace Processor Power Supply and IO Budget z KI gt 3 Select Open Module The editor appears The Configuration tab is default 4 Choose one of these tabs e Overview e Configuration e Animation e Hot Standby e 1 0 Objects 35012068 02 september 2007 75 Configuring Using the Overview Tab Viewing The read only Overview tab of the editor displays detailed information about the module s specifications 0 0 TSX H57 24M ioll 57 2 Hot Standby 768Kb Program with PCMCIA USB Unitelway B Overview El Configuration u Animation B Hot Standby B I O obj
84. c objects The values of discrete input and output forcing User application data located and unlocated System data of the Primary PLC All instances of DFB and EFB data SFC states A part of System Bits and Words List of System Bits and Words that are exchanged permanently S30 S31 S38 S50 S59 S93 S94 SSWO SW1 SWB SW9 SW49 SW53 SW59 SWEO SW70 SW108 SD18 and SD20 are only exchanged at switch over Database The Database is built automatically by the Primary PLC Operating system transparent to the customer application no use of specific language instruction for database exchange and sent at each Primary PLC cycle to the Standby PLC This exchange is performed via the embedded Ethernet coprocessor of the two Hot Standby PLCs and the CPU sync link The size of the database is approximately e 180 kilobytes on TSX H57 24M e 428 kilobytes on TSX H57 44M 114 35012068 02 september 2007 Configuring Data storage The Unity Premium range offers three types of memory card e Application e Application and data storage e Data storage The data storage area is a memory zone that can be used to backup restore data in the memory card using specific EF in the application program The maximum size of this data storage area is 8 Mb and cannot be used to store Hot Standby Status information It is thus not part of the database exchange between Primary and Standby It is only possibl
85. ction dedicated to application data exchange and Hot Standby system diagnostic A CAUTION RISK OF EQUIPMENT DAMAGE Do not connect other Ethernet devices on this link This may impact the database exchange between the two PLCs and the switch over time Failure to follow these instructions can result in injury or equipment damage The following cables can be used e A Twisted Pair Copper cable e Fiber cable with optical switches for long distance connections 60 35012068 02 september 2007 Setting up Installing and Cabling Twisted Pair Copper crossover cable Fiber cable All products of the ConneXium family that are compatible with standard TSX ETY 4103 5103 modules in a non Hot Standby configuration are also compatible with the new Hot Standby ETY version min 4 0 used in a Hot Standby configuration For more details on twisted pair cables refer to the ConneXium catalog and technical publications For more details on fiber optic cables refer to the ConneXium catalog and technical publications 35012068 02 september 2007 61 Setting up Installing and Cabling Connecting In rack I O Sensor Actuators cabled to modules in the rack Each sensor and actuator is connected in parallel on two input or output modules The following illustration displays the Sensor Actuators cabled Output module Output module PLC B Input module PLCA Input module PLC B PLC
86. d a SNAN is a NAN with the most significant fraction bit clear Bit number 22 QNANs are allowed to propagate through most arithmetic operations without signaling an exception SNAN generally signal an invalid operation exception whenever they appear as operands in arithmetic operations See SW17 and S18 264 35012068 02 september 2007 Glossary Real Literals Real Literals with Note when an operand is a DEN Demoralizing number the result is not significant A literal real value is a number expressed in one or more decimals Example 12 0 0 0 0 456 3 14159_26 A literal decimal value can be expressed using standard scientific notation The Exponent representation is as follows mantissa exponential Example 1 34E 12 or 1 34e 12 1 0E 6 or 1 0e 6 1 234E6 or1 234e6 S SCADA Software based operator interface tool SFC SFC is the abbreviation of Sequential Function Chart SFC enables the operation of a sequential automation device to be represented graphically and in a structured manner This graphic description of the sequential behavior of an automation device and the various situations which result from it is performed using simple graphic symbols Single Token Operating mode of an SFC chart for which only a single step can be active at any one time SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol ST ST is the abbreviation of Structured Text langu
87. d in detail in other chapters of this document Mapping the A Premium Hot Standby System requires two backplanes Backplane You must map the two backplanes in an identical manner with Extensions e Mandatory module Premium rack with line terminators Hot Standby processor TSX H57 24M or TSX H57 44M Power Supply Module One TCP IP Ethernet communication module TSX ETY 4103 5103 configured as Monitored ETY e Optional module Extension racks with power supply Other TCP IP Ethernet communication module TSX ETY 4103 5103 Modbus communication module TSX SCP 114 in TSX SCY 21601 Discrete Analog input module Discrete Analog output module Note The sequence of the modules on the backplane is not predefined but the sequence of the modules on the backplanes of the Primary and the Standby must be identical Otherwise a Premium Hot Standby System will not be redundant because the standby will go to Offline 52 35012068 02 september 2007 Setting up Installing and Cabling Connecting Two Standby CPUs Establishing the Primary and Standby Controllers The link between the two Premium Hot Standby CPUs is called CPU sync link It can be e A Twisted Pair Copper crossover cable e Fiber cable with optical switches for long distance connections A CAUTION RISK OF EQUIPMENT DAMAGE The CPU sync link is a point to point link dedicated to exchange application data from the Primary PLC to the Standby PLC and
88. d to the new Primary TSX ETY Note Failure of the Monitored ETY is a condition for the Primary system to leave the Primary state Failure of anon Monitored ETY is not a condition for the Primary system to leave the Primary state A CAUTION RISK OF EQUIPMENT DAMAGE Failure of anon Monitored ETY has to be managed by the application program Failure to follow these instructions can result in injury or equipment damage 96 35012068 02 september 2007 Configuring Monitored ETY The monitored ETY module enables the switching of Ethernet services and Module automatic IP Address swapping between the Primary and Standby TSX ETY controllers The position of the monitored ETY is unrestricted in the Premium configuration in terms of firmware configuration and position both PLCs must be configured identically in terms of material and module position ETY modules are linked either through Ethernet switches one switch per ETY or a Ethernet crossover cable By using an Ethernet transceiver an optical connection can be used for long distance To configure the Monitored ETY module in Unity Pro the topology address of the Monitored ETY module should be set in the Hot Standby TAB of the CPU screen The user selects in the combo box from a list of existing ETY card addresses The Monitored ETY Module is used to diagnose the status of the complete Premium Hot Standby configuration This is achieved via the ETY sync lin
89. e e PLC A calculated and applied at the end of the task cycle Ftremet 0 a NR 1 e PLC B fallback position PLCA switch PLC B Primary Offline Remote I O state PS PU SCY DIG PIG Ps PU SCY DIG DIG e PLC A all connections with Ethernet devices are open I O IN ou IN 0U scanner is active l l Em E i SCP e PLCB all connections with Ethernet devices are closed Port 114 Port 114 I O scanner is not active OH 1 NR Not Responding Global status Communication status Customer diagnostic through Ethernet address The process is still e Normal access to PLC A through SW61 1000 0000 0000 0110 active but the system terminal port or Modbus or e The accessed PLC is PLC A primary is no longer redundant ethernet link for diagnostics e The other PLC is PLC B offline as long as the PLCB e Normal access to PLC B through SW62 Not significant because one of the two is in failed mode terminal port or Modbus PLC is Offline e No access to PLC B through Ethernet link 35012068 02 september 2007 219 System Detailed Behavior upon Failures Hardware or Firmware Failure on ETY Dedicated to HMI and SCADA Failure on Primary ETY HMI amp SCADA The following table presents failure hardware or firmware on the Primary ETY dedicated to HMI and SCADA ETY is not the HSBY Monitored ETY Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output a
90. e Standby PLC if the modifications will require a Modification complete download of the application The following table describes modifications that requires an application download Modifications Description Program Modify the code of EVT sections Configuration communication e Add move remove an I O module e Changing memory sizes in configuration screen Global variables used in animation Remove a used variable table or operator screen Used DFB e Type name of used DFB e Adda parameter 182 35012068 02 september 2007 Handling application Modification Executing the Procedure Offline To make offline modifications to an application program logic program or project in the Standby controller follow these steps Step Action 1 Ensure both Primary A and Standby B controllers are in Run Primary and Run Standby mode 2 Download of the new application in the standby PLC B Results e The Standby PLC B goes to Non Configuration state e At the end of the download the PLC B goes in Stop Offline mode 3 Stop on the PLC A Result The PLC A goes in Stop Offline mode The system is neither more active nor redundant 4 Run on the PLC B Result The PLC B goes in Run Primary mode The system is active again but not redundant 4 Download of the new application in the PLC A Result e The PLC A goes to the Non Configuration state e At the end of the download PLC A goes
91. e and is used when processing analog values The Iw adresses for the configured analog input module which were specified in the I O component list are automatically assigned data types and should therefore only be occupied with Unlocated Variables 35012068 02 september 2007 253 Glossary ANL_OUT ANL_OUT is the abbreviation of Analog Output data type and is used when processing analog values The sMw adresses for the configured analog input module which were specified in the I O component list are automatically assigned data types and should therefore only be occupied with Unlocated Variables ANY There is a hierarchy between the different types of data In the DFB it is sometimes possible to declare which variables can contain several types of values Here we use ANY_xxx types The following diagram shows the hierarchically ordered structure ANY ANY_ELEMENTARY IANY_MAGNITUDE_OR_BIT ANY_MAGNITUDE ANY_NUM ANY_REAL REAL ANY_INT DINT INT UDINT UINT TIME ANY_BIT DWORD WORD BYTE BOOL ANY_STRING STRING ANY_DATE DATE_AND_TIME DATE TIME_OF_DAY EBOOL ANY_DERIVED ANY_ARRAY ANY_ARRAY_ANY_EDT ANY_ARRAY_ANY_MAGNITUDE ANY_ARRAY_ANY_NUM NY_ARRAY_ANY_REAL ANY_ARRAY_REAL NY_ARRAY_ANY_INT ANY_ARRAY_DINT ANY_ARRAY_INT ANY_ARRAY_UDINT ANNY_ARRAY_UINT ANY_ARRAY_TIME ANY_ARRAY_ANY_BIT ANY_ARRAY_DWORD ANY_ARRAY_WORD ANY_ARRAY_BYTE ANY_ARRAY_BOOL ANY_ARRAY_ANY_STRING ANY_ARRAY_STRING ANY_ARRAY_ANY_DATE ANY_ARRAY
92. e from Primary to Standby This is a not a critical event because there is no automatic switchover Ethernet I O scanner SCADA ie PS CPU ETYJETY SCY DIG DIG HMI IN JOU ETH SCP Port 114 X l PS CPU ETYJETY SCY DIG DIG HMI IN JOU ETH SCP Port 114 226 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC B Fallback position Remote I O state I O scanner is active 1 O scanner is not active e PLC A calculated and applied at the end of the task cycle e PLC A all connections with Ethernet devices are open e PLCB all connections with Ethernet devices are closed Ethernet I O scanner SCADA k PS CPU ETYJETY SCY DIG DIG PS CPU ETY ETY SCY DIG DIG HMI IN JOU HMI IN JOUT ETH SCP ETH SCP Port 114 Port 114 1 X Global status Communication status Customer diagnostic through Ethernet address The process is still active but the system is no longer redundant as long as the CPU sync link between the two PLCs is disconnected Both PLCs are accessible through terminal ports Modbus links and Ethernet links for diagnostics SWE1 1000 0000 0100 0010 The accessed PLC is PLC A primary The other PLC is PLC B undefined CPU sync link not OK SWE2 Not significant because one of the two PLC is undefined 35012068 02 se
93. e to read data using two memory cards 1 card in each PLC having the same contents 35012068 02 september 2007 115 Configuring Using Initialized Data Loading at Cold start Time Updating Online The Unity Premium Hot Standby supports initialized data Initialized data allows you to specify initial values for the data that are to be loaded at cold start time Declare the variables before a cold start In addition to declaring values before a cold start you can update the initial values Online Updating the initial values online creates a mismatch situation in a redundant system in this case the Standby goes to Offline mode 116 35012068 02 september 2007 Configuring Synchronization of Real Time Clocks Synchronization Each processor ina Unity Premium Hot Standby configuration has a savable Real of Primary and Time Clock hardware component which manages the current Date and Time This Standby Real Date and Time is part of the database that is sent at each Primary PLC cycle to the Time Clocks Standby PLC but the synchronization of the new Primary RTC is only done at switchover time Prior to switchover only the Primary and Standby date and time system words SW49 SW53 are synchronized because they are part of the database 35012068 02 september 2007 117 Configuring 118 35012068 02 september 2007 Programming Debugging Presentation Overview Wha
94. ecifications for Premium Hot Standby 192 TextIDs 198 35012068 02 september 2007 191 Additional Information CPUs TSX H57 24M TSX H57 44M Specifications for Premium Hot Standby Maximum configuration The following table presents the maximum configuration of the CPUs Services TSX H57 24M TSX H57 44M Local racks 12EX 4 6 8EX 8 16 Discrete I Os channels 1024 2048 Analog I Os channels 80 256 Experts modules 1 0 Ethernet modules 2 4 Other Networks modules 2 0 Open Field Bus modules Interbus Profibus 0 Sensor Bus modules As i 0 Process channels 10 20 Process loops 30 60 e 1 motion weighing counting stepper e 2 Modbus Fipway For Premium Atrium this is the maximum number of channel supported Note The Ethernet port for the CPU sync link is a point to point connection dedicated to the Premium Hot Standby database exchange 192 35012068 02 september 2007 Additional Information Program and Data Memory capacity The following table presents the Programme and Data Memory capacity of the CPUs Services TSX H57 24M TSX H57 44M Maximum application size in Internal SRAM Program data Ets 1 symbols OLC 192 kilobytes 440 kilobytes Maximum application size in PCMCIA Program Ets symb in PCMCIA 768 kilobytes 2048 kilobytes Max On line modif
95. econds coded in an 8 bit field Note The 8 least significant bits are unused The Time of Day type is entered as follows TOD lt Hour gt lt Minutes gt lt Seconds gt This table shows the lower upper limits in each field Field Limits Comment Hour 00 23 The left 0 is always displayed but can be omitted at the time of entry Minute 00 59 The left 0 is always displayed but can be omitted at the time of entry Second 00 59 The left 0 is always displayed but can be omitted at the time of entry Example TOD 23 59 45 266 35012068 02 september 2007 Glossary Token TOPO_ADDR_TY PE An active step of an SFC is known as a token This predefined type is used as output for READ_TOPO_ADDR function This type is an ARRAY 0 4 OF Int You can find it in the libset in the same family than the EFs which use it U UDINT UDINT is the abbreviation of Unsigned Double Integer format coded on 32 bits unsigned The lower and upper limits are as follows 0 to 2 to the power of 32 1 Example 0 4294967295 2 11111111111111111111111111111111 8437777777777 16 FFFFFFFF UINT UINT is the abbreviation of Unsigned integer format coded on 16 bits The lower and upper limits are as follows 0 to 2 to the power of 16 1 Example 0 65535 2 1111111111111111 8 177777 16 FFFF Unlocated An unlocated variable is a variable for which it is impossible to know its position in variable the PLC memory A variable which have no addres
96. ects HOTSTANDBY TBC modular PLC with embedded Ethernet SPEFICICATIONS Discrete I O 1024 LI Analog I O 80 Application 0 specific channels Network connections 2 Bus connections AS i 0 Third party o Process control 10 VISUAL INDICATORS LED Continually lit Flashing off RUN PLC running in Primary 2 5s ON 500ms OFF PLC not configured Z X KIE gt 76 35012068 02 september 2007 Configuring Using the Configuration Tab Viewing the Change values using the Configuration tab of the editor Configuration tab 0 0 TSX H57 24M fot x 57 2 Hot Standby 768Kb Program with PCMCIA USB Unitelway Overview Fl Configuration Animation Hot Standby I O objects m Operation mode Size of global address field I Run Stop input Memory protect Automatic start in RUN S 128 SW 168 IV Initialize MWi on cold start M 512 MW 1024 KW 256 m Memory cards m A No memory card selected Default values m B No memory card selected Maximum values 35012068 02 september 2007 77 Configuring Description of the Configuration tab Configuration tab Item Option Value Description Operation Mode Run Stop input xX Determines the operating Memory protect x condition during Cold Start Automatic start in Run xX Initialize MWi on cold xX start Memory Cards A N
97. ed ETY The Standby PLC becomes Primary The following table presents a Mastered Primary CPU failure Stages Description 1 The Primary CPU sends a take control message to the Standby CPU through the CPU sync link before entering the Offline mode 2 Standby goes to Primary mode The following table presents a Primary ETY sync link failure Stages Description 1 The Primary CPU checks every scan the Monitored ETY status 2 After receiving a wrong status the Primary CPU sends a take control message to the Standby CPU through the CPU sync link before entering the Offline mode 3 Standby goes to Primary mode 35012068 02 september 2007 167 Maintaining Detecting Standby CPU and ETY sync link failures Standby CPU failure Standby ETY sync link failure The following table presents a Standby CPU failure Stage Description 1 A communication error occurs in the Primary Copro that manages the CPU sync link The Primary Copro reports this error to the Primary CPU 3 The Primary CPU stays Primary and update the remote station status to Offline or Undefined into its status register The following table presents a Standby CPU failure Primary CPU is assumed to work fine Stage Description 1 A communication error occurs in the Standby monitored ETY that manages the ETY sync link The Standby ETY reports
98. ember 2007 41 Behavior and Performances Understanding System Scan Time in Premium Hot Standby Effect on System Scan Time The scan time of any Premium Hot Standby System depends on the amount of data transferred Because data must be transferred from Primary to Standby any Premium Hot Standby System always has a higher scan time than a comparable standalone system Note A CHANGE FROM LEGACY In legacy systems PL7 Warm Standby Premium the CPU performed both e application program project processing e communication transfer In a Premium Hot standby in parallel e CPU performs application program processing e Copro performs communication transfer Result Greatly reduced transfer time with Unity 42 35012068 02 september 2007 Behavior and Performances Performance A Premium Hot Standby increases the length of a MAST task scan time creating Considerations system overhead Note System Overhead System overhead is the time required to copy the application data to the communication link layer The network scan communication between Primary and Standby copros 1 exchanges data between both controllers 2 runs in parallel with the application program A Hot Standby system Most of the time the network scan time is included in the MAST scan time 35012068 02 september 2007 43 Behavior and Performances Examples Il a j However
99. entum modules Ethernet communicator 170 ENT 110 0x Ethernet communicator for Momentum I O 1xn Input output modules 170A Momentum Input output modules 1xn Advantys OTB and Twido modules Ethernet communicator OTB 1E0 DM9LP Ethernet communicator with embedded I O 1xn Twido I O TWD Twido I O modules 1xn 31 35012068 02 september 2007 Compatibility Differences Restrictions Designation Reference Function Quantity Altivar Variable Speed drives Altivar xx Altivar with Ethernet interface 1xn TesysU motor starters over Modbus are compatible with Premium Hot Standby system They have to be used with Telemecanique Ethernet Modbus Gateway one of the following e TSX ETG 100 gateway e TSX ETG 1000 gateway e 174 CEV 30020 gateway ConneXium Ethernet All products of the ConneXium family that are compatible with standard TSX ETY 4103 5103 Ethernet modules in a non Hot Standby configuration are also compatible with the new Hot Standby ETY modules in a Hot Standby configuration These ConneXium products can be used in different Ethernet topology tree ring With the 499NxS27100 or TCSESMOx3F2CUO switches it is possible to share Ethernet devices on a redundant optical ring or a redundant copper ring RTU modules TSX ETW 320 330 Wade RTU modules 32 35012068 02 september 2007 Compatibility Differences Restrictions Understanding USB and Uni Telway Link Restrictions N
100. er 2007 23 Overview Interpreting the The LEDs provide information LED Indicators CPUs TSX H57 24M and TSX H57 44M LEDs Color Indicates ACT Yellow Blinking communication activity between Primary and standby controllers STS Yellow e Blinking the system is redundant and data are exchanged from the Primary to Standby controller e steady on the system is not redundant or the Copro is booting from power on to end of self tests e Steady off Copro auto tests failed Note No activity returns the LEDs to the default The Premium Hot Standby CPU uses an embedded coprocessor Copro to provide a dedicated communications link which transfers data between the Primary and Standby controllers The state of the RUN LED depends of the HSBY mode STOP Primary Standby Offline The following illustration displays the CPU status with the LEDs PRIMARY offline RUN LED STEADY ON OFF 500ms e ons BLINKING STANDBY ON 2 5s BLINKING OFF 2 5s RUN LED OFFLINE BLINKING STOP ON 500ms OFF 500ms RUN LED BLINKING ON 500ms 24 35012068 02 september 2007 Compatibility Differences and Restrictions 2 Introduction Overview In this chapter you will find an overview of compatibilities for a system that has already been installed differences from a PL7 Warm Standby Premium system and restrictions for the Premium Hot S
101. erver Services Server Services I O Scanner Modbus Messaging FTP SNMP HTTP Power off to poweron Run Run Run Run Run Primary Run Run Run Run Run Standby Stop Run Run Run Run Offline Stop Run Run Run Run 100 35012068 02 september 2007 Configuring Hot Standby Switch over Hot Standby Switch over Illustration The following steps describe how ETYs coordinate the Hot Standby switch over PLC ETY A is the Primary and the PLC ETY B is the Standby Step Action 1 A switch over event occurs System A CPU commands HSBY ETY A to switch to the Offline mode 2 System A CPU informs System B CPU that a switch over event has occurred and it is to become the Primary System B CPU commands HSBY ETY B to become the new Primary System A HSBY ETY initiates an exchange of UDP messages with System B HSBY ETY to coordinate the IP address switch over The following illustration displays a switch over event _ gt C E Cc E P T P T u j y U Y UDP Msgs p To System A System B 35012068 02 september 2007 101 Configuring IP Address Assignment Configuring the The ETY TCP IP address has to be configured manually in Unity Pro and not from ETY a remote device acting as a BOOTP DHCP server Since the Primary and Standby controlle
102. ety modules with screw terminal block 2xn and SUB D 16 channel modularity input ABE7 ACC11 Facilitate the wiring for the redundant 1xn connection bases discrete input modules 16 channel modularity output ABE7 ACC10 Facilitate the wiring for the redundant 1xn connection bases discrete output modules Analog inputs outputs modules Analog inputs modules TSX AEY Analog inputs modules with screw terminal 2xn block or SUB D Analog outputs modules TSX ASY Analog outputs modules with screw terminal 2xn block or SUB D 30 35012068 02 september 2007 Compatibility Differences Restrictions A CAUTION RISK OF EQUIPMENT DAMAGE The HSBY system operation is not guaranteed if other in rack redundant modules than the listed ones are used Failure to follow these instructions can result in injury or equipment damage 1 This card is accepted in the SCY PCMCIA slot and not in the CPU PCMCIA slot The following table presents the shared modules supported by the Premium Hot Standby Designation Reference Function Quantity Advantys STB modules Advantys STB NIM STB NIP 2212 Ethernet TCP IP communicator for Advantys STB 1xn Input output modules STB STB input output modules discrete analog 1xn Counting module STB EHC 3020 40Khz counter module 1xn Advantys FTB FTM modules Input output modules FTB FTM FTB FTM input output modules 1xn Mom
103. ew Primary n e TSX SCP 114 module A old Primary n 1 Note There is no swap for Channel 0 of TSX SCY21601 and TSX SCP1160 For testing the protocol with the T COM_MB IODDT only the low byte of the PROTOCOL variable has to be tested The high byte is not significant A CAUTION RISK OF EQUIPMENT DAMAGE At switchover time it may be possible to lose a message question or answer To prevent this kind of communication fault you must check by application that a station addressed on the modbus link has correctly received a message before sending a new one Failure to follow these instructions can result in injury or equipment damage A CAUTION RISK OF EQUIPMENT DAMAGE The possible value for Modbus slave number lie between 1 and 98 If the Primary slave address is configured as 98 the Standby slave address must be configured as 1 address 99 doesn t exist Failure to follow these instructions can result in injury or equipment damage 92 35012068 02 september 2007 Configuring A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION To prevent duplicate Modbus address when the main rack is powered off it is advised to configure the SCY SCP module in the main rack Failure to follow these instructions can result in death serious injury or equipment damage A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION Because the module configuration is
104. f Power Supply CPU and In rack modules The PLC in Offline mode does not perform application program and I O management Offline is mainly a fault state when the PLC can t be neither a Standby nor a Primary PLC The first section section 0 is executed by both Primary and Standby PLC If you need to send information from the Standby to the Primary it is recommended to test the state of the PLC by checking the SW 61 status register bits O and 1 at the beginning of the first section When the PLC is in Standby mode it is recommended to check the In rack modules health informations by using implicit objects for example lx y mod err and explicit objects This health information can be written in the four reverse registers that are transferred at each scan to the Primary A CAUTION RISK OF EQUIPMENT DAMAGE Actuators that are connected in parallel on two output modules are only managed by the Primary PLC refer to the Programming Method section for more details They must not be written in the section 0 of the Standby PLC Failure to follow these instructions can result in injury or equipment damage 128 35012068 02 september 2007 Programming Debugging It is also possible to manage actuators locally in both PLC In this case actuators are not connected in parallel on two output modules but directly to one output module in each PLC A CAUTION RISK OF EQUIPMENT DAMAGE When actuators are managed loca
105. f entry DWORD is the abbreviation of Double Word The DWORD type is coded in 32 bit format This table shows the lower upper limits of the bases which can be used Base Lower limit Upper limit Hexadecimal 16 0 16 F FFFFFFF Octal 8 0 8437777777777 Binary 2 0 2 11111111111111111111111111111111 Representation examples Data content Representation in one of the bases 00000000000010101101110011011110 16 ADCDE 00000000000000010000000000000000 8 200000 00000000000010101011110011011110 2 10101011110011011110 EBOOL EF EBOOL is the abbreviation of Extended Boolean type It can be used to manage rising or falling edges as well as forcing An EBOOL type variable takes up one byte of memory Is the abbreviation of Elementary Function This is a block which is used in a program and which performs a predefined software function 258 35012068 02 september 2007 Glossary A function has no internal status information Multiple invocations of the same function using the same input parameters always supply the same output values Details of the graphic form of the function invocation can be found in the Functional block instance In contrast to the invocation of the function blocks function invocations only have a single unnamed output whose name is the same as the function In FBD each invocation is deno
106. ffline mode A local failure is mainly A power supply failure on the CPU rack An application program fault that generates a HALT state An hardware or firmware failure on the CPU module An hardware or firmware failure on the monitored ETY module A cable disconnection between the monitored ETY and the first hub switch A CPU sync link failure only when PLC is Standby At Warm start the PLC restarts depending on the previous PLC state Stop or Run application mismatch state refer to the above table If Run the PLC restarts depending on the remote PLC state local failure state Note When a cable failure appears between the Monitored ETY and the first switch the Hot Standby PLC reacts depending on the I O Scanning configuration ETY sync link cabling Failure Monitored ETY configuration No I O scanning configured I O scanning configured Cross over cable Cable failure or disconnection Primary stays Primary Standby goes Offline Primary goes Offline Standby goes Primary Double switch Cable failure or disconnection on Primary side Primary stays Primary Standby goes Offline Primary goes Offline Standby goes Primary Cable failure or disconnection on Standby side Primary stays Primary Standby goes Offline Primary stays Primary Standby goes Offline 35012068 02 september 2007 157 Operating Conditions for Switch over Overview
107. fline mode or when a new application is downloaded to the ETY 35012068 02 september 2007 99 Configuring Power on and IP An ETY obtains its IP Address assignment at power up as follows Address If the HSBY state is Then the IP Address assigned is Assignment Standalone ETY configuration table Primary Configured IP address from the ETY configuration table Standby Configured IP address 1 from the ETY configuration table Power off to power on The IP address is determined by which controller powers up first after check remote the second ETY takes IP Address 1 or if powered up at the same time by a resolution algorithm e Lower Copro MAC address IP address Primary state e Higher Copro MAC address IP address 1 Standby state Offline event table HSBY ETY Mode IP address Primary to Offline Configured IP address from the ETY configuration table if the peer controller does not go to Primary state Standby to Offline Configured IP address 1 from the ETY configuration table When the CPU stops the HSBY ETY goes to the Offline mode The IP address is determined by whether or not the other controller is in transition to the Primary state Power on and The following table shows how the status of an ETY service is affected by the Ethernet Premium Hot Standby state than before the Stop Services HSBY State Status of ETY services Client Services Client S
108. g ModbuS 00 cee teen eee 67 Configuring ians Sater Soa toh eee erie eens 71 INtrOUUCTION x fester eae oie a ode Se ee a es eA ee 71 Configuring a System with the Unity Pro Tabs and Dialogs 73 ALA Glance sxc ao a aane A Stans a EnS pada Qed Aer eden aria ee de eae olde 73 Introducing Unity PrO cess a aa o aaa ttt tee 74 Accessing the Base Configuration s sssaaa aaua 75 Using the Overview Tab 1 0 0 0 cect eee 76 Using the Configuration Tab 0 2 2 0 ects 77 Using the Animation Tab and PLC Screen Dialogs 0 005 79 Using the Premium Hot Standby Tab 00 0000 eee eee 85 Configuring In rack VO ett 87 Configuring the PCMCIA Cards 2 0 0 0 cect tees 88 Swapping Network Addresses at Switch over 00000eeaeee 90 Configuring TSX ETY 4103 5103 Modules 0000 cence eee 94 Ata Glance nec eee eee bed daw eee i eA Ree ee ee 94 Overview of Premium Hot Standby TSX ETY 20 0 00 eee eee eee 95 ETY Operating Modes and Premium Hot Standby 005 99 IP Address Assignment 0 000 teeta 102 Network Effects of Premium Hot Standby 0 000 e eee ee eee 104 Configuring Registers 0 0 cect ett 107 Ata Glance sift auton ere oe ahi a erate eae dk Ae eee ore 107 Understanding the Non Transfer Area and Reverse Transfer Words 108 Understanding the Unity Command Register 2000 eee eee 109 Unde
109. g execution mode Mast Task e cyclic mode Execution Modes e periodic mode Cyclic mode Input HSBY Application Output Input HSBY Application Output drivers copro program drivers drivers copro program drivers T1 T2 T3 T4 q q p Cycle n Cycle n 1 This type of operation consists on sequencing the task cycles one after another After having updated the outputs the system performs its own specific processing then starts another task cycle without pausing Periodic mode Input HSBY Application Output Inter Input HSBY Application Output i drivers copro program drivers scan drivers copro program drivers Nter scan Ti T2 T3 o T4 T5 lt p gt Cycle n Cycle n 1 In this operating mode input acquisition application program processing and outputs update are all carried out periodically over a defined period set between 1 and 255 ms At the start of the PLC cycle a time out whose current value is initialized to the defined period starts the countdown The PLC cycle must be completed before this time out expires and launches a new cycle 35012068 02 september 2007 143 Programming Debugging Note If a Fast task is configured although multitasking is not recommended in a Premium Hot Standby application it interrupts the execution of the Mast task which has a lower priority As a results
110. ght synchronization between the Primary and Standby Schneider Electric recommends using only MAST task to execute the application Program Using MAST task is consistent with the fact that data transfer is synchronized with the MAST task Using a Premium Hot Standby in a multitasking environment may cause data to change between scans Because in a multi tasking system events may occur asynchronously to the normal scan Those events may happen at a faster rate the same rate or at a slower rate The result is that data modified by these events can be changed during a transfer A CAUTION RISK OF EQUIPMENT DAMAGE The use of a Fast task driving dedicated outputs is not recommended because the output values are transmitted from the Primary to the Standby at the Mast task frequency Ensure that you both analyze your system needs and account for problems that may arise if you use Fast Failure to follow these instructions can result in injury or equipment damage 28 35012068 02 september 2007 Compatibility Differences Restrictions In rack I O and Ethernet I O Restrictions General Note the two following restrictions Only In rack discrete I O and Analog I O can be used with a Premium Hot Standby System These I O are a part of the redundant system Ethernet I O are not considered part of the redundant system They are shared between the two PLCs Only the Primary PLC manages the redundant
111. guring 5 3 Configuring Registers At a Glance Purpose This material describes configuring a Premium Hot Standby system by selecting options that affect the Hot Standby specific registers You may want to use this method if your system has specific configuration needs What s in this This section contains the following topics Section Topic Page Understanding the Non Transfer Area and Reverse Transfer Words 108 Understanding the Unity Command Register 109 Understanding the Unity Status Register 111 Transferring User Data 114 Using Initialized Data 116 Synchronization of Real Time Clocks 117 35012068 02 september 2007 107 Configuring Understanding the Non Transfer Area and Reverse Transfer Words A Non Transfer The Non Transfer Area is the block of MW that is not transferred from Primary to Area Standby This block is from MWO to MW99 The size of this block can not be changed Reverse Transfer Four system words SW62 to SW65 are dedicated to transfer data from the Words Standby controller to the Primary These system words can be used by the application program in the first section to register diagnostic information The data coming from the Standby is transferred at each scan and is available to the Primary 108 35012068 02 september 2007 Configuring Understanding the Unity Command Register Setting the Bits The Command Register defines the
112. h other constantly to System monitor the functionality of the system e f the Primary controller fails the state of the controllers is switched The Standby controller becomes the Primary executes the application program and controls the Ethernet I O and the redundant in rack I O e Ifthe Standby controller fails the Primary controller continues to run without redundancy and acts as a stand alone system Power Cycle On power cycle the controller that has the lowest MAC address will become the Primary The second system automatically becomes the Standby Handling In rack In rack I O are supported in a Premium Hot Standby system 1 0 Software Required to use for a Premium Hot Standby System Requirements e Unity Pro 3 0 or higher 35012068 02 september 2007 17 Overview Premium Hot Standby CPUs Overview Illustration The following figure shows the Premium Hot Standby CPU TSX H57 24M and its components same description for TSX H57 44M Display block with indicator lamps DOS File Memory extract button not used Cold start reset button Uni Telway Terminal port programming tool connection HMI USB Terminal port programming tool connection PCMCIA slot for application memory card extension Slot A PCMIA slot for data storage card Slot B Dedicated port for CPU sync link connection ONoOuahWD 18 35012068 02 september 2007 Overview Note Unity Premium Standby
113. he HSBY system is no longer redundant as long as the PLC B is in ERROR mode 114 SWE1 1000 0000 0100 0010 e The accessed PLC is PLC A primary e The other PLC is PLC B undefined SWE2 Not significant because one of the two PLC is Not Responding 208 35012068 02 september 2007 System Detailed Behavior upon Failures Power Failure on the Main Rack Power Failureon The following table presents power failure on the main rack of the Primary PLC Primary Main Rack Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed O scanner is not active Ethernet 0s scanner SCADA k 1 PLC A m Switch PLC B Primary Standby PS CPU TT FFEIT FT DIG DIG PS CPU SCY DIG DIG IN JOU IN JOU Fe r Fe SCP Port 114 Port 114 i Event Power failure on the Primary main rack This is a critical event because an automatic switch over occurs Ethernet I O scanner SCADA Switch YIDIG DIG PS CPU SCY IN JOU SCPI F SCP 114 Port 114 PLC B Standby DIG DIG IN JOU 35012068 02 september 2007 209 System Detailed Behavior upon Failures Af
114. he following table shows the swap time for each of the Ethernet services Service Typical Swap Time Maximum Swap Time Swap IP Addresses 6 ms 500 ms I O Scanning 1 initial cycle of I O scanning 500 ms 1 initial cycle of I O scanning Client Messaging 1 CPU scan 500 ms 1 CPU scan Server Messaging 1 CPU scan the time of the client reestablishment connection 500 ms the time of the client reestablishment connection FTP TFTP Server The time of the client 500 ms the time of the client reestablishment connection reestablishment connection SNMP 1 CPU scan 500 ms 1 CPU scan HTTP Server The time of the client 500 ms the time of the client reestablishment connection reestablishment connection 35012068 02 september 2007 47 Behavior and Performances X Bus I O switchover time Definition The switchover time is the time between the last update of an output by the old Primary and the first update of the same output by the new Primary The following table shows the switchover time for X Bus I O Switchover event on the Primary Average time to switchover on X Bus I O Stop Halt Cable disconnection 1 5 Mast time Power cut Watch Dog time 1 5 Mast time Primary CPU Note The Watch Dog value that is configured in a Premium Hot Standby application has a direct impact on the switchover time in case of power
115. icated to the ETY sync link only one ETY module in each PLC have to be configured in Unity Pro The Monitored ETY is the ETY module that manages the ETY sync link 35012068 02 september 2007 95 Configuring Description of the Hot Standby Solution ETY Hot Standby allows automatic IP address swapping The TSX ETYs coordinate the swapping of IP addresses After closing both the client and the server connections each TSX ETY sends a swap UDP message to its peer TSX ETY The sending TSX ETY then waits for a specified time out 50 ms for the peer swap of UDP messages Either after receiving the messages or after a time out the TSX ETY changes its IP address Note Schneider Electric recommends that a switch not a hub is used to connect the TSX ETYs to each other or to the network Schneider Electric offers the ConneXium range of Industrial Ethernet switches please contact a local sales office for more information The TSX ETY waits for either a change in the controllers Hot Standby state or the swap of UDP messages Then the TSX ETY performs one of two Hot Standby actions If the TSX ETY 1 Detects that the new Hot Standby state is either primary or standby The TSX ETY changes the IP address 2 Receives a swap UDP message The TSX ETY transmits a Swap UDP message and swaps the IP address All client server services I O Scanner Messaging FTP SNMP and HTTP continue to run after the switch over from the ol
116. ilure on the Ethernet Copro 223 CPU sync link failure between Primary and Standby PLCs 226 Monitored ETY and I O Scanner Disconnection 228 Full Ethernet I O Link Disconnection 234 Hardware Failure of a Digital Module 236 Hardware Failure of the SCP card in SCY 239 35012068 02 september 2007 199 System Detailed Behavior upon Failures Overview of Failures Introduction A first level of Hot Standby diagnosis can be done through the status register that is managed locally by each Hot Standby PLC The user can obtain more diagnostic information by managing PLC states module bits in the first section of his application depending on the process requirements This diagnostic information can be stored in non transfer MW area To report this diagnostic information from the Standby to the Primary PLC it can be copied to the reverse transfer registers SW62 SW65 The following pages describe different cases of failures that can occur ina Hot Standby system with an example of configuration 200 35012068 02 september 2007 System Detailed Behavior upon Failures Example of The referenced configuration is Configuration e PLC Aand PLC B with the following modules e Power supply PS Hot standby processor in slot 0 Monitored ETY module in slot 2 Ethernet communication in slot 3 Modbus communication SCY with SCP 114 in slot 4 e In rack Discrete module DIS IN and DIS OUT in slot 5 and 6 e Only o
117. impact the time measurement In the following diagram the two applications are the same with the same size of data exchanged from the Primary to the Standby The only one difference is the cyclic mode for the first one and the periodic mode for the second one only the Primary time diagrams are shown Cycle n Cycle n 1 Execution time Application Output program drivers Primary in Th T2 T3 T4 cyclic mode ae Data base exchange Wait HSBY copro Cycle n Cycle n 1 i 4 y D 4 u p Execution time 4 p _ Wait HSBY Application Output Inter scan Input Wait HSBY Application Output intestan copro program drivers drivers copro program drivers Primary in T2 y T4 T5 periodic TR a Data base exchange In the periodic mode it appears that the execution time that is measured is lower than in the cyclic mode In certain cases the difference between the two execution modes can be important 146 35012068 02 september 2007 Programming Debugging Advices to Adjust the Mast Task Period If the Mast task has to be configured in periodic mode it is advised to 1 measure the maximum value SW31 of the Mast task in cyclic mode with the Premium Hot Standby system normally running Primary and Standby This measure has to be done in the Primary PLC with all the configured tasks active although only the Mast task is recommended
118. in SCY Standby SCY The following table presents hardware failure or removal of the SCP card in the Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLCB all connections with Ethernet devices are closed 1 O scanner is not active Ethernet I O scanner SCADA Event Hardware failure or the module is removed from the SCY module of the Modbus SCP card This is not a critical event because there is no switch over PS CPU SCY DIG DIG IN JOU fe cP Port i Ethernet o scanner SCADA 4 1 Switch PS CPU SCY DIG DIG IN JOU fe P Port a Switch After the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applies at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLCB all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA PS CPU F DIG IN JOU Fe Port a 1 NR Not Responding oy PLC B Standby PS CPU SCY DIG DIG IN JOU Fe cP Port i NR 1 Switch Global status Communication status Customer diagnostic through Ethernet address No impact
119. in Stop Offline mode 5 RUN command on the PLC A Result The PLC A goes to the Run Standby mode The system is active and redundant A WARNING RISK OF UNINTENDED EQUIPMENT DAMAGE The Offline method has more impact on the process than the Online method e There is no PLC active on the system during few seconds e When the PLC B restarts in Run Primary mode this is done on a data context that has been re initialized Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 183 Handling application Modification Online Offline For these two kinds of application modifications Unity Pro can be connected to application of Ethernet or a local terminal port of one of the two PLCs routing capabilities Modifications The following illustration displays the connection ETY ETY CPU CPU Unity Pro ETY sync link CPU sync link Unity Pro A CAUTION RISK OF UNINTENDED EQUIPMENT OPERATION When executing an Offline modification some changes of PLC state will generate a change of IP address If Unity Pro is connected to Ethernet the change of IP address will impact the connection with the PLC PLC communication failed message After reconnecting Unity Pro to the PLC be sure you have defined the right IP address by taking into accou
120. in a Premium Hot Standby application 2 configure the periodic mode with a period at least equal to SW31 plus a margin of around 20 Period SW31 SW31 20 A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION AND EQUIPMENT DAMAGE The Mast task period and the Watch dog value have to be adjusted very carefully taking into account the data base exchange and the Fast task interruptions In case of permanent period overrun the correct functioning of the Premium Hot Standby system is not guaranteed More generally the Mast task period and the watch dog value must be evaluated in the Primary PLC when the Premium Hot Standby system is normally running it means when there is a Primary and a Standby PLC This evaluation must never be done in a Standalone system or in an Offline PLC Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 147 Programming Debugging 148 35012068 02 september 2007 Operating Introduction Overview What s in this Chapter This chapter provides information about Operating the Premium Hot Standby System This chapter contains the following sections Section Topic Page 7 1 Start Stop System 151 7 2 Switchover 155 35012068 02 september 2007 149 Operating 150 35012068 02 september 2007 Operating 7 1 Start Stop Sy
121. in this This chapter contains the following topics Chapter Topic Page Overview of the Premium Hot Standby System 16 Premium Hot Standby CPUs Overview 18 Premium Hot Standby System Overview 20 Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M Components 22 Using Premium Hot Standby CPUs LED indicators 23 35012068 02 september 2007 15 Overview Overview of the Premium Hot Standby System Purpose of a Hot Use a Premium Hot Standby System when downtime cannot be tolerated Hot Standby System Standby Systems deliver high availability through redundancy A hot standby PLC system consists of single or multi rack configuration The mandatory redundant components are e Premium rack with line terminators e Hot Standby processor TSX H57 24M or TSX H57 44M e Power Supply Module e One TCP IP Ethernet communication module TSX ETY 4103 5103 minimum firmware version 4 0 The optional redundant components are e Extension racks with power supply e Other TCP IP Ethernet communication module TSX ETY 4103 5103 minimum firmware version 4 0 e Modbus communication module TSX SCP 114 in TSX SCY 21601 e Discretes Analog input module e Discretes Analog output module The two Hot Standby PLCs are configured with identical hardware and software One of the Hot Standby processors TSX H57 24M or TSX H57 44M s acts as the Primary controller and the other acts as the Standby controller Primary and The Primary con
122. inal port Modbus or Ethernet links for diagnostics SWE61 1000 0000 0010 0110 The accessed PLC is PLC B primary e The other PLC is PLC A offline SWE2 Not significant because one of the PLC is Offline two 218 35012068 02 september 2007 System Detailed Behavior upon Failures ETY Failure on The following table presents ETY failure hardware or firmware on the Standby Standby PLC Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle themeti o scanner SCADA e PLC B PLC A output applied at the end of task cycle k oy ne A Switch Remote I O state rimary e PLC A all connections with Ethernet devices are open 1 0 P PY SCY i Be ETH Port 14 PLC B Switch Standby PS CPU SCY DIG DIG IN JOU fe Port SCP 114 scanner is active e PLCB all connections with Ethernet devices are closed I O scanner is not active H Event Hardware or firmware failure on the Monitored ETY module that can manage Ethernet I O or Ethernet I O SCADA Ethernet O scanner SCADA h H HMI a Pe f PLC A Switch PLCB This is not a critical event because there is no switch over Primary Standby PS PU scypic pie Ps CPU SCY DIG DIG IN Jour IN Jou ETH i i SCP Port 114 Port 114 OH After the event In rack Discrete I O stat
123. ing a System with the Unity Pro Tabs and Dialogs At a Glance Purpose This section describes configuring the specific features of the Premium Hot Standby CPUs TSX H57 24M or TSX H57 44M For configuring other standard features refer to the Unity Pro Operating Modes manual What s in this This section contains the following topics Section Topic Page Introducing Unity Pro 74 Accessing the Base Configuration 75 Using the Overview Tab 76 Using the Configuration Tab 77 Using the Animation Tab and PLC Screen Dialogs 79 Using the Premium Hot Standby Tab 85 Configuring In rack I O 87 Configuring the PCMCIA Cards 88 Swapping Network Addresses at Switch over 90 35012068 02 september 2007 73 Configuring Introducing Unity Pro Overview Unity Pro is a Software package for programming Telemecanique Modicon Premium Modicon Quantum Modicon M340 and Modicon Atrium PLCs It provides several tools for application development including Project browser Configuration tool Data editor Program editor The configuration tool is used to Create modify and save the elements used to configure the PLC station Set up the application specific modules including the station Diagnose the modules configured in the station Control the number of application specific channels configured in relation to the capacities of the processor declared in the configuration e Assess processor memory usage 74 35012068 02 septem
124. ink for diagnostics e the other PLC is PLC B standby process is still e Normal access to PLC B through SW62 0000 0000 1000 0000 redundant terminal port or Modbus e Noaccess to PLC B through Ethernet link 222 35012068 02 september 2007 System Detailed Behavior upon Failures Failure on the Ethernet Copro Failure on The following table presents failure hardware or firmware on the Ethernet Copro of Primary Ethernet the Primary PLC Copro Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle Ethemet 0 scanner SCADA e PLC B PLC A output applied at end of task cycle os er iii PLC A a enol oe ETYJETY SCYpDIG PIG Ps CPU ENEN pie e PLC A all connections with Ethernet devices are open I O amf iin fou amil tin fou scanner is active e PLCB allconnections with Ethernet devices are closed EIN SCP Pri a Port 114 Port 114 I O scanner is not active On Event Hardware or firmware failure on the ETY copro that manages the Hot Standby CPU sync link There is no more database Ethernet I O scanner SCADA exchange from Primary to Standby e P H This is a not a critical event because there is no automatic Rae ea switch over PS CPU ETYJETY SCY DIG DIG HMI IN JOU ETH SCP Port 114 PS CPU ETYJETY SCYDIG JDIG HMI IN JOU ETH SCP Port 114 35012068 02 september 2007 22
125. ise using one switch on each ETY Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 235 System Detailed Behavior upon Failures Hardware Failure of a Digital Module Hardware The following table presents hardware failure or removal of a digital module in the Failure Primary Primary PLC main or extendable rack Digital Module Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active e PLC A all connections with Ethernet devices are open Ethernet I O scanner SCADA k tH SCYIDIG DIG SCYIDIG DIG IN JOU IN JOUT SCP SCP 114 114 1 Event Hardware failure or the module is removed from the X BUS rack of a digital module This is not a critical event because no automatic switch over occurs Ethernet I O scanner SCADA l SCY DIG DIG SCY DIG DIG IN JOUT IN JOU SCP SCP 114 114 1 236 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state I O scanner is
126. k It can also be used to manage Ethernet I O devices by configuring an Ethernet I O scanning utility To perform a switch over when an ETY sync link failure appears on Primary side the Ethernet I O scanning service must be configured in the monitored ETY On the contrary if this service is not configured in the monitored ETY an ETY sync link failure will not generate a switch over For better performance and more predictable time at switch over the different Ethernet services should be split between the different ETYs of the configuration For example if you configure an I O scanning in the monitored ETY we advise to configure other Ethernet services if needed in another ETY module In case of failure in the Monitored ETY module the CPU sends a state change command to all configured ETY modules present on the X BUS main and extended rack All ETY modules in the Hot Standby PLC then swap IP addresses A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION If you use a Cross over cable between the Monitored ETYs make sure that the I O scanning service is not configured in the ETY modules Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 97 Configuring A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION We do not advise using the Monitored ETY without I O Scanning setup unless the Primary PLC is never addressed by an exter
127. lculated and applied at the end of the task cycle PLC A Switch Switch PLC B e PLC B PLC A output applied at the end of task cycle Primary Standby PS CPU SCY pic pic Ps CPU ii DIG DIG Remote I O state IN JOUT IN JOUT e PLC A all connections with Ethernet devices are open I O scanner is active ETH k ii E Port 114 Port 114 e PLC B all connections with Ethernet devices are i i OH closed I O scanner is not active m hernet vo scanner SCADA os Event Ethernet I O link disconnection on the Standby side There is no more diagnostic dialog between the two ane aie s P ETY modules PLGA sea This is not a critical event because there is no switch Primary Standby over PS JCPU DIG DIG IN JOUT fe Port E T a 114 PS CPU ETY SCY DIG DIG IN JOUT ETH SCP Port 114 230 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B Fall back position Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA PLC B Primary Offline X PS CPU ETY SCY DIG DIG PS CPU ETY SCY DIG DIG IN JOUT IN JOUT ETH SCP ETH SCP Port 114
128. le Ethernet I O scanner SCADA e PLC B PLC A output applied at end of task cycle PLC A E K e ndby Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active PS CPU ETYJETY SCYIDIG DIG HMI IN JOUT ETH SCP Port 114 l Event Prima PS CPU JETYJETY SCY DIG DIG HMI IN Jour ETH SCP Port 114 Hardware or firmware failure on the ETY copro that manages the Hot Standby CPU sync link There is no more Ethernet V0 scanner SCADA database exchange from Primary to Standby es on ae ue PLCA Switch Switch PLCB This is not a critical event because there is no switch over primary Standby PS CPU ETYJETY SCY DIG JIG PS Eru JeETYJeTY Scy pic pie HMI fin fouT HMI IN JouT ETH SCP ETH SCP Port 114 Port 114 1 After the event In rack Discrete I O state e PLC A calculated and applied at the end of the task Ethernet O scanner SCADA R cycle Switch e PLC B Fall back position EA PLCA Primary Offline PS CPU JETYJETY SCY DIG pe PS Ero JETYJETY SCY DIG pie Remote I O state HMI JIN Jour HMI JIN fouT e PLC A all connections with Ethernet devices are open ETH SCP ETH SCP I O scanner is active Bark aid Be td e PLCB all connections with Ethernet devices are clo
129. lly in each PLC the output values must be evaluated in the section 0 at each PLC scan If this is not done the Standby output value will be erased by the value coming from the Primary PLC Failure to follow these instructions can result in injury or equipment damage 35012068 02 september 2007 129 Programming Debugging How to Program a Premium Hot Standby Application Processor configuration The MAST task can be defined in cyclic or periodic cycle The period should take into account the requirement time for redundancy The following table presents the characteristic MAST tasks on Processor Characteristics TSX H57 24M TSX H57 44M Max period ms 255 Default period ms 20 Min period ms 1 0 to cyclic Period increment ms 1 Period Time Base 1 10ms 10 Period Time Unit 20 Max Watchdog ms 1500 Default Watchdog ms 250 Min Watchdog ms 10 Watchdog increment ms 10 WD Time Base ms 1 WD Time Unit 250 For more details see Adjusting Mast Task Properties in a Premium Hot Standby PLC p 143 Event and Ethernet I O counting modules are compatible with a Hot Standby configuration but counting they have to be used carefully It is impossible to guarantee that counting pulses are restrictions taken into account mainly at switch over time More generally events management is not recommended in a Hot standby application event ta
130. ls Control shifts to Standby Component of Standby fails Standby goes offline CPU sync link fails Standby goes offline Errors and switch overs are logged in the diagnostic buffer To view the log Step Action 1 Select Tools Diagnostic Viewer from the main menu Note The diagnostic messages that are stored in the diagnostic buffer are not transferred from the Primary to the Standby 35012068 02 september 2007 165 Maintaining Finding More Refer to the following sections Information in gt T f fail Refer to section this Manual YPS ieee Primary CPU and ETY sync link failures See Detecting Primary CPU and ETY sync link failures p 167 Standby CPU and ETY sync link failures See Detecting Standby CPU and ETY sync link failures p 168 CPU sync link failures See Detecting CPU sync Link Failures p 169 Application program checksum failures See Checking for Identical Application Programs Checksum p 170 For more details on failure detection please refer System Detailed Behavior upon Failures p 199 Type of failure Refer to section Halt or Stop Events on PLC See Halt or Stop Events on PLC p 203 Hardware or Firmware CPU Failure See Hardware or Firmware CPU Failure p 206 Power Failure on the Main Rack See Power Failure on the Main Rack p 209 Power Failure on an Extendable Rack See Power F
131. m HSBY features 26 35012068 02 september 2007 Compatibility Differences Restrictions Understanding System Words and System Bits Overview System Word SWEO System Word SW61 System Word SW62 63 64 65 In accordance with IEC standards Unity uses global objects called system Bits and system Words These Bits and Words are used to manage the states of the two PLCs System Word SW6O0 can be used to read from and to write to the Premium Hot Standby Command Register Note SW60 is described using the IEC convention System Word SW61 can be used to read the contents of the Premium Hot Standby Status Register Note SW61 is described using the IEC convention System Words SW62 63 64 65 are reverse registers reserved by the Reverse Transfer process These four reverse registers can be written by the application program first section of the Standby controller and are transferred at each scan to the Primary controller 35012068 02 september 2007 27 Compatibility Differences Restrictions Understanding Multitasking Restrictions General MAST TASK Asynchronous Events FAST TASK In a Premium Hot Standby the Standby controller is ready to assume the role of the Primary controller by having the same application loaded in the Standby and by receiving from the Primary once per scan a copy of the Primary s data During the scan there is a ti
132. ment The programming of a Hot Standby PLC has to take into account the fact that each sensor and probe is connected in parallel on two input or output modules Both PLCs read the input values in the Phase IN of the Mast cycle at the same time The output values are applied by both PLCs but in a different way e The Primary PLC executes the full application Q objects are modified depending on the program execution The discrete analog output driver applies output values at the end of the Primary Mast cycle The Primary PLC sends the database to the Standby PLC in the Copro access Phase of the Mast cycle e The Standby PLC only executes the first section of the application program mainly for diagnostic purpose The Q objects received from the Primary PLC are applied at the end of the Standby Mast cycle A CAUTION RISK OF EQUIPMENT DAMAGE The output bits that are connected in parallel between the 2 PLCs must not be written in the section 0 of the Standby PLC This leads to affect the output bit values that are sent by the Primary Failure to follow these instructions can result in injury or equipment damage The output modules are connected in parallel to the physical output via a specific connection block The result of an impulse command is based on the time of the impulse and the delay to apply this impulse in the Standby The different situations are illustrated below the pulse is modified in the same way 35
133. mes the Primary role If the Standby has an error the Primary continues to operate as a standalone The Monitored ETY modules periodically verify communication with one another If the Standby does not receive a message on either link the Standby will try to determine the cause of the failure and assumes control if necessary If the Primary does not receive a valid response from the Standby the Primary will operate as if there was no back up available as if the Primary were a standalone The system automatically performs two kinds of confidence tests on the Premium Hot Standby CPU e Startup tests e Runtime tests Startup confidence testing on the Premium Hot Standby PLC with Unity Copro attempt to detect hardware errors in the module before the application is allowed to run If the module fails any of its tests it will remain offline and will not communicate with the other Premium Hot Standby PLC Run time tests are related to the interface between the main processor and the Time Tests Ethernet embedded coprocessor of the Premium Hot Standby CPU If the coprocessor fails the Premium Hot Standby CPU remains Offline and will not communicate with the other CPU 164 35012068 02 september 2007 Maintaining Detecting and Diagnosing Failures in a Premium Hot Standby Important Information Finding Diagnostic Information with Unity Pro Please note If Then Component of Primary fai
134. mp cycle PLCA PLCB 3 Switch e PLC B PLC A output applied at the end of task cycle Primary Standby PS CPU ETY SCY DIGJoIG Ps Cru ETY SCY DIG DIG Remote I O state IN JOUT IN JouT e PLC A all connections with Ethernet devices are ETH SCP ETH SCP open I O scanner 5 ACIE l Prt u4 Bark i4 e PLC B all connections with Ethernet devices are closed I O scanner is not active tl Event Power failure on the Standby main rack This is not a critical event because there is no switch over a V O scanner SCADA si Ea t PLCA 7 gt PLCB Switch Switch Primary Standby PS JcPU Eni pepee PS ro Er perpe pe N Jou IN JouT ETH SCP ETH SCP Port 114 Port 114 1 35012068 02 september 2007 211 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B I O powered off Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B ETY powered off Ethernet I O scanner SCADA h R NR 1 PLC A Primary DIG DIG PS CPU ETY DIG DIG IN JOUT IN JOUT ETH SCP Port 114 NR 1 Global status Communication status PS ETY ETH SCP Port 114 Customer diagnostic through Ethernet address e Normal access to PLC A through terminal port Modbus link and Ethernet link for diagnostics No access to PLC B CPU system is no lo
135. nal equipment over the ETY sync link Failure to follow these instructions can result in death serious injury or equipment damage A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION When the I O Scanning service is used in the Monitored ETY we advise using one switch on each ETY Failure to follow these instructions can result in death serious injury or equipment damage 98 35012068 02 september 2007 Configuring ETY Operating Modes and Premium Hot Standby Operating Modes The ETY modes are Primary Mode The Hot Standby state is primary and all client server services are active Standby Mode The Hot Standby state is standby and all server services are active except I O Scanning Standalone Mode Occurs when ETY is in a non redundant system or if the CPU module is not present or is not healthy Offline Mode CPU is stopped CPU module is in Offline mode The Premium Hot Standby and the ETY operating modes are synchronized by the conditions described in the following table CPU Module Status HSBY State ETY Operating Mode Not present or unhealthy N A Unassigned Present and Healthy Primary Primary Present and Healthy Standby Standby Present and Healthy Offline Offline Any one of four events will affect the ETY operating mode These four events occur when the ETY is powered up when an ETY executes a Hot Standby switch over when an ETY goes to of
136. ndby System This chapter contains the following sections Section Topic Page 3 1 Behavior of Premium Hot Standby 39 3 2 Performances of Premium Hot Standby 46 35012068 02 september 2007 37 Behavior and Performances 38 35012068 02 september 2007 Behavior and Performances 3 1 Behavior of Premium Hot Standby At a Glance Purpose This section describes the Behavior of the Premium Hot Standby system What s in this This section contains the following topics Section Topic Page Premium Hot Standby with IEC Logic 40 Understanding the Premium Hot Standby Data Base Transfer Process 41 Understanding System Scan Time in Premium Hot Standby 42 35012068 02 september 2007 39 Behavior and Performances Premium Hot Standby with IEC Logic Overview Data Transfer and User Data A Premium Hot Standby System requires two backplanes configured with identical hardware software and firmware One of the controllers PLC functions as the Primary controller and the other as a Standby controller e The Primary updates the Standby at the beginning of every scan e The Primary and Standby communicate constantly monitoring the health of the system e Ifthe Primary fails the Standby takes control within one scan In a Premium Hot Standby System data is transferred from Primary to Standby at the beginning of every scan The following d
137. ne The following table describes the modifications allowed in on line mode Mellineations Modifications Description allowed General e Name of station program section e Comment of station configuration program section e Documentation summary e Animation table e Integrated operator screen e Functional view e Security informations passwords protection attributes Program e Sections of program add delete change execution order e Modify the code of the section task section SR transition Action DFB sections e Modify the code of SFC chart Configuration Change I O module parameters communication Global variables Symbol on a used variable usedin animation Topologic address on a used variable table or operator Initial value on a used variable screen e Comment on a used variable e Create remove or modify unused variables EDT DDT e Create remove or modify unused variables FB Used DFB e All comments e Add a private or public variable e Delete or change unused private variable e Initial value of parameters and variables e Section of DFB add delete change execution order e Modify the code of a section e Create a new DFB type e Delete an unused DFB type Used DDT e Create a new DDT type e Delete an unused DDT type This kind of modification leads to a partial application download and the PLC doesn t change its execution mode RUN STOP 180 35012068 02 september 2007 Handling application Modification Exec
138. ne switch for simplified schema to insure connection between Ethernet I O scanner and SCADA or HMI e CPU sync link between the two CPU The following illustration displays an example of configuration PLC A PLC B i i CPU sync link pare ESN Modbus link HMI Scada I O scanning link ETY sync link m ees SWCD Switch I LY i iit Ethernet j am on VO PUITU Z devices Boo Extended rack Extended rack 35012068 02 september 2007 201 System Detailed Behavior upon Failures Standby Reverse In the example only one MW is used and copied in the reverse register SW62 Register The Main rack state is MWx 0 SW62 0 reserved MWx 1 SW62 1 reserved MWx 2 SWE2 2 reserved MWx 3 SW62 3 discrete input module state by copy of l0 5 mod err MWx 4 SW62 4 discrete output module state by copy of 10 6 mod err MWx 5 SW62 5 SCY state by copy of l0 4 mod err MWx 6 SWE2 6 SCP in SCY state by copy of l0 4 1 err MWx 7 SW62 7 ETY state by copy of l0 3 mod err The Extended rack state is MWx 8 SWE62 8 discrete module state by copy of l1 0 mod err MWx 9 SW62 9 discrete module state by copy of l1 1 mod err MWx 10 SW62 10 discrete module state by copy of l1 2 mod err MWx 11 SW62 11 discrete module state by copy of l1 3 mod err
139. nger running The process is still active but the HSBY system is no longer redundant as long as the PLC B is powered off 1 NR Not Responding SW61 1000 0000 0100 0010 e The accessed PLC is PLC A primary The other PLC is PLC B undefined SWE2 Not significant because one of the two PLC is Not Responding 212 35012068 02 september 2007 System Detailed Behavior upon Failures Power Failure on an Extendable Rack Power Failure on Primary Extendable Rack PLC The following table presents power failure on an extendable rack of the Primary Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active e PLC A all connections with Ethernet devices are open Ethernet Os scanner SCADA k ay Switch PLC B PLCA Standby Primary PS CPU RC DIG DIG PS CPU aa DIG IN JOU IN JOU fe cP fe Port i Port i Event Power failure on an extendable rack The status of the Hot Standby system does not change com k 1 Switch PS CPU SPIE DIG OU fe Port x PLC B Standby PS CPU F DIG IN JOU fe Port j pot tf f ft ft I 35012068 02 september 2007 213 System Detailed Behavior
140. not transferred from Primary to Standby the protocol that is configured in an SCP114 module Modbus Uni Telway Character mode must not be changed when the application is running Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 93 Configuring 5 2 Configuring TSX ETY 4103 5103 Modules At a Glance Purpose This material describes configuring TSX ETY 4103 5103 Premium Ethernet modules using Unity Pro For a complete description of the two ETY modules hardware installation functions configuration programming Ethernet language objects see the Premium and Atrium using Unity Pro Ethernet Network User Manual 35006192 RISK OF UNINTENDED EQUIPMENT OPERATION AND EQUIPMENT DAMAGE The Global Data service must not be used in a Premium Hot Standby TSX ETY Failure to follow these instructions can result in death serious injury or equipment damage What s in this This section contains the following topics Section Topic Page Overview of Premium Hot Standby TSX ETY 95 ETY Operating Modes and Premium Hot Standby 99 IP Address Assignment 102 Network Effects of Premium Hot Standby 104 94 35012068 02 september 2007 Configuring Overview of Premium Hot Standby TSX ETY Please note Because the user can configure several ETY modules in each PLC the Monitored ETY modules that are ded
141. nsfer Area Debugging the application must be carried out with the Premium Hot Standby System The debugging tools proposed by Unity Pro must not be used example the step by step They may introduce malfunctions into the Premium Hot Standby architecture We advise you to proceed as follows e Static verification Check that e The application restrictions have been applied e The MAST task characteristics have been configured properly e Dynamic verification After each PLC has been made live application already transferred check that the redundancy function is correctly performed in each PLC the bit SW61 X15 is equal to 1 and the bit SW61 X6 is equal to 0 The Hot Standby Premium being in the nominal functioning mode confirm that e All the sections are executed on the Primary PLC e Only the first section is executed in the Standby PLC Note A switchover is not generated when the Primary application stops on a breakpoint A fixed size of MW is not transferred from the Primary to the Standby These MW are from offset 0 to offset 99 142 35012068 02 september 2007 Programming Debugging Adjusting Mast Task Properties in a Premium Hot Standby PLC Introduction After a reminder on Mast task execution modes this part describes the Execution time measurement method and gives advices to adjust the Mast task period Reminder on The Mast task can be configured using one of the two followin
142. nt Hardware or firmware failure on the Monitored ETY module that manages Ethernet I O or Ethernet I O SCADA HMI This is a critical event because an automatic switch over occurs Standby PS CPU SCY DIG DIG IN JOU i SCP Port 114 Ethernet I O scanner SCADA Ea h i 1 Switch PLC B PS CPU SCY DIG DIG PS CPU SCY DIG DIG IN jou IN JOU fe cP fe cP Port i Porti i l 35012068 02 september 2007 217 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A fallback position e PLC B calculated and applied at the end of the task cycle Ethernet PLC A aea h O scanner SCADA Switch Switch PLC B Remote 1 0 state e PLC A all connections with Ethernet devices are closed I O scanner is not active e PLCB all connections with Ethernet devices are open I O scanner is active Offline PS CPU il DIG DIG IN JOU ETH Port 114 1 NR Not responding Fe SCP Port 114 Primary DIG DIG IN JOU Global status Communication status Customer diagnostic through Ethernet address The process is still active but the system is no longer redundant as long as the ETY module of the PLC Ais in failed mode e Normal access to PLC A through terminal port or Modbus e No access to PLC A through Ethernet link e Normal access to PLC B through term
143. nt the Unity Pro Status bar and more especially the following information e The link Status Offline Different Equal e The Hot Standby PLC Status PLC name A B PLC state Offline Standby Primary e The address of the connected PLC Failure to follow these instructions can result in injury or equipment damage 184 35012068 02 september 2007 Handling CPU OS Upgrade 10 Introduction Overview In this chapter you will find information regarding the OS upgrade method for a Premium Hot Standby System Upgrading allows you to update the OS for the standby controller while the process is still being controlled by the primary controller What s in this This chapter contains the following topics 2 Chapter Topic Page Overview of Premium Hot Standby OS Upgrade 186 Executing the OS Upgrade Procedure 187 35012068 02 september 2007 185 Handling CPU OS Upgrade Overview of Premium Hot Standby OS Upgrade Upgrading while The Executive Upgrade feature allows the Standby controller OS to be upgraded Process is while the Primary controller continues to control the process However during the Running upgrade the system can no longer be considered redundant That is there is no Standby available to assume control if the Primary should fail before the Standby upgrade is complete Upgrading OS Under normal operating conditions both controllers in a redundant system must witho
144. o address The USB and Uni Telway terminal ports are only point to point connections that swapping on cannot be used for transparent access to the Primary controller a ae a e In Master mode default mode the Uni Telway terminal port is a point to point Sway connection allowing Unity Pro to communicate with its local controller e In Slave mode the Uni Telway terminal port does not support address swapping at switch over 35012068 02 september 2007 33 Compatibility Differences Restrictions Understanding Application Restrictions Application The application restrictions are restrictions The use of events tasks is not recommended An event can be lost if it occurs just before or during a switch over The use of a FAST tasks driving dedicated outputs is not recommended Some change of state on the outputs can be lost at switch over The use of counting modules is not recommended Depending on the frequency a certain amount of pulses can be lost at switch over The use of edges is not recommended It is not possible to guarantee that they are taken into account during a switch over The use of the SAVE_PARAM function is not recommended in a Hot Standby application This function overwrites the initial value of a module parameter that is stored in the program code area this area being not transferred from the primary to the standby More generally the explicit instructions like WRITE_CMD and WRITE_PARAM have to be u
145. o longer redundant as long as the Ethernet I O link is disconnected on the I O link side SWE1 1000 0000 0000 0110 The accessed PLC is PLC A primary e The other PLC is PLC B standby SWE62 0000 0000 0000 0000 e The other PLC no fault Note This kind of failure has to be managed by the application program It is equivalent to all the Ethernet I O devices that are disconnected 35012068 02 september 2007 233 System Detailed Behavior upon Failures Full Ethernet I O Link Disconnection Full Ethernet I O The following table presents Full Ethernet I O Link Disconnection for example a Link failure in both switches Disconnection Before the event In rack Discrete I O state e PLC A calculated and applied at nd of task cycle E therngti Or scanner SCADA i n R e PLC B PLC A output applied at end of task cycle PLCA ETE ETN PLCB Primary Standby Remote I O state PS CPU scypic pic Ps PU SCYpoIG DIG e PLC A all connections with Ethernet devices are open N Jou IN Jou I O scanner is active e PLC B all connections with Ethernet devices are closed a Bi ye I O scanner is not active l Event Full Ethernet I O link disconnection The remote I O are no longer visible from both PLCs and the dialog between the two PLCs is no longer active This is a critical event because there is no PLC active on the process Ethernet vo scanner
146. of Input Output Derived Data Type The term IODDT designates a structured data type representing a module or a channel of a PLC module Each application expert module possesses its own IODDTs K Keyword A keyword is a unique combination of characters used as a syntactical programming language element See annex B definition of the IEC standard 61131 3 All the key words used in Unity Pro and of this standard are listed in annex C of the IEC standard 61131 3 These keywords cannot be used as identifiers in your program names of variables sections DFB types etc L LD LD is the abbreviation of Ladder Diagram LD is a programming language representing the instructions to be carried out in the form of graphic diagrams very close to a schematic electrical diagram contacts coils etc Located A located variable is a variable for which it is possible to know its position in the PLC variables memory For example the variable Water_pressure is associated withsMWw102 Water_pressure is said to be localized M MES Manufacturing Execution System Multiple Token Operating mode of an SFC In multitoken mode the SFC may possess several active steps at the same time 262 35012068 02 september 2007 Glossary Naming conventions Identifier NAN Network NTP An identifier is a sequence of letters numbers and underlines beginning with a letter or underline e g name of a function block type an instance a variable or a
147. on e SW61 9 0 means all the ETY modules have the minimum version e SW61 9 1 means at least one ETY module doesn t have the minimum version In this case the PLC will go to Offline mode This bit indicates if there is a monitored ETY OS version mismatch between Primary and Standby e SW61 10 0 means no monitored ETY OS version mismatch e SW61 10 1 means monitored ETY OS version mismatch If OS version mismatch is not allowed in the command register bit 4 0 the system will not work as redundant as soon as the fault is signaled This bit indicates which IP or Modbus address is applied by each ETY or SCP module of the configuration e SW61 13 0 means each ETY or SCP module applies its configured IP or Modbus address e SW61 13 1 means each ETY or SCP module applies its configured IP or Modbus address 1 If SW 61 15 is set 1 the setting indicates that Ethernet Copro device is set up correctly and working 35012068 02 september 2007 113 Configuring Transferring User Data General To enable the Standby to take over control from the Primary the Hot Standby configuration status is sent from the Primary to the Standby via a database Transferred Hot The Hot Standby status information that will be transferred includes Standby Status i The values of the Primary In rack output modules Q and QW objects Information The values of command words and adjustment parameters MW r m
148. on the Hot Standby system The e process is still redundant e Normal access to PLC A through terminal port and Ethernet link and Modbus link for diagnostics Normal access to PLC B through terminal port and Ethernet link for diagnostics No access through Modbus link SWE1 1000 0000 0000 1110 e The accessed PLC is PLC A primary The other PLC is PLC B standby SWE2 0000 0000 0110 0000 Other PLC SCP SCY in fault 35012068 02 september 2007 241 System Detailed Behavior upon Failures 242 35012068 02 september 2007 Glossary l IW KW M MW Q QW According to the IEC standard 1 indicates a discrete input type language object According to the IEC standard Iw indicates an analog input type language object According to the IEC standard Kw indicates a constant word type language object According to the IEC standard M indicates a memory bit type language object According to the IEC standard mw indicates a memory word type language object According to the IEC standard Q indicates a discrete output type language object According to the IEC standard Qw indicates an analog output type language object A ADDR_TYPE ANL_IN This predefined type is used as output for ADDR function This type is ARRAY 0 5 OF Int You can find it in the libset in the same family of the EFs which use it ANL_IN is the abbreviation of Analog Input data typ
149. output two low level switching interfaces can be used Telemecanique module cabling ABR 2EB312B or JM Concept GK3000D1 The following illustration displays an example of actuator cabling A Primary B Standby E PE Eee ALA ALA ALA ASV AS ALA ALA ALA Operating inputs of the lt tt switching interfaces Only one PLC acts on the operating input of the two low level switching interfaces PLC A in the above illustration In Primary mode the output bit is set to 1 In Standby mode the output bit is reset to 0 The output bit must be managed in the section 0 of both PLC in the following way if bits 1 and 0 of SW61 are set to 1 and 0 this PLC running in Primary status e Then Output bit on DSY module set to 1 Analog Output of PLC B switched on actuator e Else Output bit on DSY module reset to 0 Analog Output of PLC A switched on actuator Note The DSY module must be configured in fallback to 0 64 35012068 02 september 2007 Setting up Installing and Cabling A WARNING RISK OF UNINTENDED EQUIPMENT OPERATION AND EQUIPMENT DAMAGE Because the same application is running in both PLCs the above sequence is the same in PLC A and PLC B You must execute at each PLC cycle in Standby mode first section If not the Output bit of the Standby PLC reset to 0 in the above example will be forced to 1 that is the value coming from the Primary P
150. pplied at end of task cycle Remote I O state I O scanner is active I O scanner is not active e PLC A all connections with Ethernet devices are open e PLC B all connections with Ethernet devices are closed Ethernet I O scanner SCADA a 1 PLCA Primary PS CPU ETYJETY SCY DIG DIG JPS CPU ETYJETY SCY DIG DIG HMI IN JOU HMI IN JOU ETH SCP ETH SCP Port 114 Port 114 1 Event Hardware or firmware failure on the ETY module that manages SCADA HMI Ethernet x Scanner F3CADA Ai This is a not a critical event because there is no automatic PLC A PLC B itch Primary Standby SW IICNOV ET PS CPU JETYJETY SCYpDIG DIG Ps CPU JETYJETY SCY DIG DIG HMI fin fou HM IN Jou ETH SCP ETH SCP Port 114 Port 114 OH 220 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state Remote I O state I O scanner is active I O scanner is not active e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle e PLC A all connections with Ethernet devices are open e PLC B all connections with Ethernet devices are closed Ethernet I O scanner SCADA NR 1 F 1 PLC A PLC B Primary Standby PS cPy ETYJETY SCYIDIG DIG PS CPU ETYJETY SCY DIG DIG HMI IN JOU HMI IN JOUT ETH SCP ETH SCP Port 114 Port 114 1 NR Not
151. ptember 2007 227 System Detailed Behavior upon Failures Monitored ETY and I O Scanner Disconnection Monitored ETY The following table presents Monitored ETY Disconnection on the Primary PLC side Disconnection the Monitored ETY is managing an I O Scanner on Primary Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLCB all connections with Ethernet devices are closed I O scanner is not active Ethernet W s scanner SCADA H PLCA f Switch Switch PLC B Primary Standby PS CPU H DIG DIG PS JCPU SCYIDIG DIG IN JOU IN JOU F l fe SCP Port 114 Port 114 1 Event Ethernet I O link disconnection on the Primary side There is no more diagnostic dialog between the 2 ETY modules This is a critical event because there is an automatic switch over Ethernet 1 0 scanner SCADA SCY DIG DIG IN JOU SCP 114 Switch PLCB Standby PS CPU SCY DIG DIG IN JOU fe SCP Port 114 1 PLCA ETN Primary PS F Port 228 35012068 02 september 2007 System Detailed Behavior upon Failures After the event In rack Discrete I O state e PLC A Fallback position e PLC B Calculated and
152. r 2007 Overview Modbus components Items Description 9 Communication module TSX SCY 21601 with Modbus PCMCIA TSX SCP 114 10 XBus 11 Ethernet Switch 12 Ethernet and SCADA Bus 2 13 Ethernet and SCADA Bus 1 14 CPU sync Link 15 Ethernet Ring Switch 16 Modbus RS485 cable 17 Modbus Gateway example TSX ETG 1000 A Modbus TCP device can be e STB e OTB e Momentum I O e ATV61 e XBTG e XBT GT e Premium A Modbus slave can be STB OTB ATV31 TEsysU 35012068 02 september 2007 21 Overview Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M Components Display Block Memory extract button Cold start Reset Button The display Block provides the following informations ERR faults relating to the processor module RUN program execution states and Hot Standby mode I O faults on another station module or configuration fault TER activity on the Terminal port The following illustration presents the Display block This button is not used This button forces a cold start of the PLC 22 35012068 02 september 2007 Overview Using Premium Hot Standby CPUs LED indicators Overview The LED indicators are positioned on the Display Block Position of indicators on Premium Hot Standby CPUs TSX H57 24M and TSX H57 44M ao J 1 Display Block with LED indicators 35012068 02 septemb
153. r while using the Premium Hot Standby solution Browsers If a browser requests a page and during the process of downloading that page an IP Address swap occurs the browser will either hang or time out Click the Refresh or Reload button Remote Clients Hot Standby swaps affect remote clients An ETY will reset under the following conditions e Remote Connection Request during Hot Standby Swap If a remote client establishes a TCP IP connection during a Hot Standby swap the server closes the connection using a TCP IP reset e Hot Standby Swap during Remote Connection Request If a remote client makes a connection request and a Hot Standby swap occurs during the connection request the Server rejects the TCP IP connection by sending a reset e Outstanding Requests If there is an outstanding request the ETY will not respond to the request but the ETY will reset the connection The ETY will do a Modbus logout if any connection has logged in Local Clients During a swap the ETY will reset all client connections using a TCP IP reset 104 35012068 02 september 2007 Configuring I O Scanning Service I O Scanning provides the repetitive exchange of data with remote Ethernet I O devices While the PLC is running the Primary ETY sends Modbus Read Write requests to remote I O devices and transfers data to and from the PLC memory In the Standby controller the I O scanning service is stopped When the Hot Standby swap
154. rack of the Standby Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active PLCA Primary PS ETY ETH Port ps tT ft ft Ethernet I O scanner SCADA SCY oi pG IN Jour SCP 114 1 PS ETY ETH SCP Port 114 Psi IIIT PLC B Standby DIG DIG IN JOUT 5 Event Power failure on an extendable rack The status of the Hot Standby system does not change PLC A Primary PS CPU ETY SCY DIG IN JOUT ETH SCP Port 114 Ethernet I O scanner SCADA k pice DIG Standby PS CPU ETY DIG DIG IN JOUT ETH SCP Port 114 ps fT ff tf 35012068 02 september 2007 215 System Detailed Behavior upon Failures After the event In rack Discrete I O state cycle Remote I O state e PLC A processed normally e PLC B PLC A output applied at the end of the task e PLC A all connections with Ethernet devices are open I O scanner is active e PLC B all connections with Ethernet devices are closed I O scanner is not active Ethernet I O scanner SCADA
155. rchitecture example with Mixed Ethernet and example with Modbus Mixed Ethernet and Modbus MONITOR PRO 1 a TEsysU 7 1 i Premium CPU Ed Ethernet E 5 4 5 TCP IP J 9 y e 3 pi TEsysU Shared j gt tandb a B S y v Monitored 1O Monitored means a failure in the ETY or in the link to the first switch hub will cause an automatic switch over The following table describes the items of an architecture example with Mixed Ethernet and Modbus Items Description 1 ConneXium Ethernet Switch with Ring capability 2 Modbus RS485 cable 3 CPU sync Link 4 Ethernet I O scanner communications 5 Junction box 35012068 02 september 2007 59 Setting up Installing and Cabling Connecting Two Premium Hot Standby PLCs Required cable To work properly the Primary and Standby PLCs have to be linked with connections e The CPU sync link between the two CPUs e The ETY sync link between the two monitored ETY modules If these two links do not work properly the two PLCs will start as standalone PLCs A CAUTION RISK OF EQUIPMENT DAMAGE You must route the two cables as far away as possible to one another to prevent double Primary PLC when the two links are broken Failure to follow these instructions can result in injury or equipment damage The CPU sync link is a point to point conne
156. rictions 33 Understanding Application Restrictions 00 c eee ee eee 34 Chapter 3 Behavior and Performances 0 02e0eeeeeeeee 37 INfrOCUCHION is gots aya a a ep PR saat aa aE ee teddy ee eld aed ee eee 37 3 1 Behavior of Premium Hot Standby 0 0 0 0 ee ee 39 Ata Glaesener ine A te tae etait te ate hte een a oe a ae a at 39 Premium Hot Standby with IEC Logic 1 0 0 0 cece eee eee 40 Understanding the Premium Hot Standby Data Base Transfer Process 41 Understanding System Scan Time in Premium Hot Standby 42 3 2 Performances of Premium Hot Standby 0 000 e eee eee ee 46 Al a Glan Ce eaaa ea aei a dent a AE A dine iar ennai A E 46 Address Swap Times 0 000 cece etna 47 35012068 02 septembre 2007 3 Part Il Chapter 4 Chapter 5 5 1 5 2 5 3 Chapter 6 6 1 X Bus O switchover imni rro i a E E e k 48 Maintaining ssi anaman aa a a aaa ke aa 49 Ata Glangs nere da taistvaws a n e a TE E rei E E aT 49 Setting up Installing and Cabling suaassasnnnnnn 51 Introd ction di aee a Se tess a Eee Sa See eee ee 51 Setting Up the Premium Hot Standby 0 000 c eee eee eee 52 Mapping the Backplane Extension 0 0 00 e eee eee eee eee 56 Connecting Two Premium Hot Standby PLCs 0 00 eee eee 60 Connecting In rack O nauan ttt nee 62 Connecting Ethernet I O 1 0 0 0 ccc ete 66 Connectin
157. rs must have an identical configuration the configured IP Addresses will be the same The ETY s IP Address is either the configured IP Address or the configured IP Address 1 The IP Address is determined by the current local Hot Standby state In the Offline state the IP Address is determined by whether or not the other controller is in transition to the Primary state Note For a Premium Hot Standby the two IP Addresses will be consecutive The following table shows the IP Address assignments Hot Standby State IP Address Primary Configured IP Address Standby Configured IP Address 1 Transition from Primary to Offline Configured IP Address if peer controller does not go to Primary Transition from Standby to Offline Configured IP Address 1 Note Offline Results depend on whether or not the other controller is detected to be in transition into the primary state If current IP is the configured IP address and the other PLC is in transition to Primary then IP address changes to IP address 1 IP Address Restriction Note Configuring ETY Do not use either broadcast IP Address or broadcast IP Address 1 to configure a ETY The Primary ETY and the Standby ETY IP addresses must be in the same network and subnetwork 102 35012068 02 september 2007 Configuring Duplicate ID Address Checking IP Address Transparency Note The duplic
158. rstanding the Unity Status Register 00 00 e eee eee eee 111 Transferring User Data 0 0 eee 114 Using Initialized Data 0 tee 116 Synchronization of Real Time Clocks 0 000 ce eee eee eee eee 117 Programming Debugging 2 00sec eee e eee 123 Presentations oo ick cheek Pe a a a A a a a ek E E a Ae oes 123 Development of an Application 0 00 eee eee 125 Ata Glanio erena oy cSt OEE e Oy peaks Bide ae Ra eel RE el ala ec 125 35012068 02 septembre 2007 Programming Method 20 e eee teens 126 How to Program a Premium Hot Standby Application 130 Structure of Database 1 tees 133 Transferring the program in the Primary and the Standby 139 6 2 Debug Program 0 0 c ea e aa teens 140 Ata Glan Es a sth tes teen a a en E pean Beaten ae aod Seka lene a eens AIRNE eel ae 140 DeDUGGING zaiua Poke Ae en Se tee Saree Pen ee 141 Adjusting Mast Task Properties in a Premium Hot Standby PLC 143 Chapter 7 Operating 22 2 0s 4 0 2ssas deen de tees ee eek vena ys 149 INtrOdUCtION see Siete eae ted te eee A PEs che Raley 149 TA Start Stop Systemes a ca Ce eet a ee ee 151 Ata GaN E ncn oni wel geet aia eed kane ei a e aa babes 151 Starting the two PLCS aan aia a a a a a a a N a tees 152 Stopping the Premium Hot Standby 2 0 0 cc cece eee eee 154 7 2 SWHCHOVEL ren tse ae fad We ba eS ee dd ad ow as
159. s assigned is said to be unlocated V Variable Memory entity of the type BOOL WORD DWORD etc whose contents can be modified by the program during execution W WORD The WORD type is coded in 16 bit format and is used to carry out processing on bit strings This table shows the lower upper limits of the bases which can be used Base Lower limit Upper limit Hexadecimal 16 0 16 FFFF 35012068 02 september 2007 267 Glossary Base Lower limit Upper limit Octal 8 0 84177777 Binary 2 0 2 1111111111111111 Representation examples Data content Representation in one of the bases 0000000011010011 16 D3 1010101010101010 8 125252 0000000011010011 2 11010011 268 35012068 02 september 2007 Index A ABE7ACC10 62 ABE7ACC11 62 architectures 56 backplanes 56 C checksums 170 compatibility 25 confidence tests 164 configuring 71 Ethernet modules 98 registers 111 configuring processors 73 connection bases ABE7ACC10 62 ABE7ACC11 62 controller failures 172 D data transfers 39 diagnosing processors 172 blinking 24 steady 24 diagnostics buffers 165 198 distribution groups 108 F failure detection 167 FTP servers 108 H hot standby network effects 108 I O scanning 108 identical applications 178 initialized data 120 installing 51 IP addresses restriction 106 L local clien
160. section Letters from national character sets e g 6 6 can be used except in project and DFB names Underlines are significant in identifiers e g A_BCD and AB_CD are interpreted as different identifiers Multiple leading underlines and consecutive underlines are invalid Identifiers cannot contain spaces Not case sensitive e g ABCD and abcd are interpreted as the same identifier According to IEC 61131 3 leading digits are not allowed in identifiers Nevertheless you can use them if you activate in dialog Tools Project settings in tab Language extensions the check box Leading digits Identifiers cannot be keywords Used to indicate that a result of an operation is not a number NAN Not A Number Example calculating the square root of a negative number Note The IEC 559 standard defines two classes of NAN quiet NAN QNAN and signaling NaN SNaN QNAN is a NAN with the most significant fraction bit set and a SNAN is a NAN with the most significant fraction bit clear Bit number 22 ONANS are allowed to propagate through most arithmetic operations without signaling an exception SNAN generally signal an invalid operation exception whenever they appear as operands in arithmetic operations See SW17 and S18 There are two meanings for Network e InLD A network is a set of interconnected graphic elements The scope of a network is local to the program organization unit section in which the network is located
161. sed I O scanner is not active Global status Communication status Customer diagnostic through Ethernet address The process is still active but Both PLCs are accessible SW61 1000 0000 0100 0010 the system is no longer through terminal ports e The accessed PLC is PLC A primary redundant as long as the Modbus links and Ethernet e The other PLC is PLC B undefined Ethernet copro of PLC B is in links for diagnostics SWE2 Not significant because one of the two PLC is failed mode undefined 35012068 02 september 2007 225 System Detailed Behavior upon Failures CPU sync link failure between Primary and Standby PLCs Primary and The following table presents CPU sync link failure between the Primary and Standby Standby CPU PLCs sync Failure Before the event In rack Discrete I O state e PLC A calculated and applied at end of task cycle e PLC B PLC A output applied at the end of task cycle Remote I O state e PLC A all connections with Ethernet devices are open I O scanner is active I O scanner is not active e PLC B all connections with Ethernet devices are closed Ethernet I O scanner SCADA PLC A Primary PS CPU ETY ETY SCY DIG DIG HMI IN JOUT ETH SCP Port 114 1 PLC B Standby PS CPU ETY ETY SCY DIG DIG HMI IN foU ETH SCP Port 114 1 Event CPU sync link disconnection There is no more database exchang
162. sed carefully Example if the WRITE_CMD is related to a Modbus change to character mode command in a TSX SCP 114 module this change will only be done in the Primary PLC In case of switch over the new Primary will restart with the Modbus mode rather than the Character mode It is not possible to replace the initial values of the declared variables with a save attribute e g DFB variables with the current values no use of S94 The following Legacy function blocks are forbidden e PL7_COUNTER PL7_DRUM PL7_MONOSTABLE PL7_REGISTER_32 PL7_REGISTER_255 PL7_TOF PL7_TON PL7_TP e PL7_3_TIMER The use of the TON TOFF TP function blocks is forbidden in the first section The use of DFB is not recommended in the first section 34 35012068 02 september 2007 Compatibility Differences Restrictions A CAUTION RISK OF UNINTENDED EQUIPMENT OPERATION AND EQUIPMENT DAMAGE The online modification of an expert function parameter e g control process parameter is not transferred from the Primary to the Standby Failure to follow these instructions can result in death serious injury or equipment damage 35012068 02 september 2007 35 Compatibility Differences Restrictions 36 35012068 02 september 2007 Behavior and Performances Introduction Overview What s in this Chapter This chapter provides information about behavior and performances of a Premium Hot Sta
163. sks fast inputs 130 35012068 02 september 2007 Programming Debugging Language restrictions Forbidden Legacy function blocks Forbidden Standard Function Blocks Using Communication Function Blocks e The use of edges is not recommended It is not possible to guarantee that they are taken into account during a switch over e The use of the SAVE_PARAM function is not recommended in a Hot Standby application This function overwrites the initial value of a module parameter that is stored in the program code area this area being not transferred from the primary to the standby More generally the explicit instructions like WRITE_CMD and WRITE_PARAM have to be used carefully Example If the WRITE_CMD is related to a Modbus change to character mode command in TSX SCP 114 module this change will only be done in the Primary PLC In case of switch over the new Primary will restart with the Modbus mode rather than the Character mode e Itis not possible to replace the initial values of the declared variables with a save attribute e g DFB variables with the current values gt no use of S94 e The use of DFB is not recommended in the first section The following Legacy function blocks are Not Allowed PL7 Counter PL7 Drum PL7 Monostable PL7 Register 32 PL7 Register 255 PL7 TOF PL7 TON and PL7 TP PL7 3 Timer The use of the TON TOFF TP function blocks is forbidden in the first section
164. stem At a Glance Purpose This section describes how to start or stop a Premium Hot Standby System What s in this This section contains the following topics Section Topic Page Starting the two PLCs 152 Stopping the Premium Hot Standby 154 35012068 02 september 2007 151 Operating Starting the two PLCs Invalid The PLCs do not have a valid application When the PLCs are made live and they applications are waiting for an application transfer there is no Primary A Standby B selection The first PLC receiving the application will become the Primary PLC after a RUN command the other will be the Standby PLC after receiving the same application and a RUN command Note To start properly after receiving the application the two PLCs have to be linked with e The CPU sync link between the two CPUs e The ETY sync link between the two monitored ETYs Valid The use of a time lag relay on the main rack supply of one of the PLCs makes it applications possible to guarantee which PLC will be the Primary PLC when the two PLCs are made live simultaneously During this process the PLC which has the time lag relay in its supply cabling will be the Standby PLC If there is no time lag relay the choice of Primary Standby depends on the copro MAC address The PLC with the lowest MAC address becomes the Primary PLC A The other one becomes the Standby PLC B A CAUTION RISK OF EQUIPMENT DAMAG
165. t Month gt lt Day gt This table shows the lower upper limits in each field Field Limits Comment Year 1990 2099 Year Month 01 12 The left 0 is always displayed but can be omitted at the time of entry Day 01 31 For the months 01 03 05 07 08 10 12 01 30 For the months 04 06 09 1 1 01 29 For the month 02 leap years 01 28 For the month 02 non leap years see DT DBCD Representation of a Double BCD format double integer The Binary Coded Decimal BCD format is used to represent decimal numbers between 0 and 9 using a group of four bits In this format the four bits used to code the decimal numbers have a range of unused combinations 256 35012068 02 september 2007 Glossary DDT DFB DINT DT Example of DBCD coding e the number 78993016 e iscoded 0111 1000 1001 1001 0011 0000 0001 0110 DDT is the abbreviation of Derived Data Type A derived data type is a set of elements of the same type ARRAY or of various types structure DFB is the abbreviation of Derived Function Block DFB types are function blocks that can be programmed by the user ST IL LD or FBD By using DFB types in an application it is possible to e simplify the design and input of the program e increase the legibility of the program e facilitate the debugging of the program e reduce the volume of the generated code DINT is the abbreviation of Double Integer format coded on 32
166. t Standby Entire System State The following table presents the values in the Information Tab Bits Line Title String Displayed 1and 0 PLC Hot Standby Status Values 0 and 1 Offline mode 1 and0 PLC Hot Standby Status Values 1 and 0 Primary mode 1 and0 PLC Hot Standby Status Values 1 and 1 Standby mode 3 and 2 Peer PLC Hot Standby Status Values 0 and 0 Undefined mode 3 and 2 Peer PLC Hot Standby Status Values 0 and 1 Offline mode 3 and 2 Peer PLC Hot Standby Status Values 1 and 0 Primary mode 3 and 2 Peer PLC Hot Standby Status Values 1and 1 Standby mode 4 Logic Mismatch between PLC and Value 0 No Peer PLC e Value 1 Yes 5 PLC Name e Value 0 Unit A e Value 1 Unit B 6 CPU sync link Error e Value 0 No e Value 1 Yes 7 Main Processor OS version e Value 0 No Mismatch e Value 1 Yes 8 Co Processor OS version e Value 0 No Mismatch e Value 1 Yes 35012068 02 september 2007 83 Configuring Viewing the Information Tab in connected mode Bits Line Title String Displayed 9 At least One ETY do not have the e Value 0 No All ETY have the minimum version V4 minimum required version e Value 1 Yes Replace old ETY 10 Monitored ETY OS version e Value 0 No Mismatch e Value 1 Yes 13 TCP IP and MODBUS Addresses Value 0 Configured addresses e Value 1 Configured addresses 1 15 Hot Standby Entire System State e Value 0
167. t s in this Chapter This chapter describes the Programming and the Debugging of a Premium Hot Standby system This chapter contains the following sections Section Topic Page 6 1 Development of an Application 125 6 2 Debug Program 140 35012068 02 september 2007 123 Programming Debugging 124 35012068 02 september 2007 Programming Debugging 6 1 Development of an Application At a Glance Purpose This section describes the rules for developing an application in a Premium Hot Standby system What s in this This section contains the following topics Section Topic Page Programming Method 126 How to Program a Premium Hot Standby Application 130 Structure of Database 133 Transferring the program in the Primary and the Standby 139 35012068 02 september 2007 125 Programming Debugging Programming Method General points Operation cycle with In rack I O For programming a Premium Hot Standby PLC it is important to show how the main processor performs reading of inputs application program processing updating of outputs and Copro access The following graphic displays the operation cycle with In rack I O PRIMARY PLC Physical Input ABE7 ACC11 Connection block STANDBY PLC
168. tandby Unity system What s in this This chapter contains the following topics Chapter Topic Page Compatibility with Installed PL7 System 26 Understanding System Words and System Bits 27 Understanding Multitasking Restrictions 28 In rack I O and Ethernet I O Restrictions 29 Allowed Module in Premium Hot Standby 30 Understanding USB and Uni Telway Link Restrictions 33 Understanding Application Restrictions 34 35012068 02 september 2007 25 Compatibility Differences Restrictions Compatibility with Installed PL7 System Unity Premium The Unity Premium HSBY functionality is partially compatible with the PL7 one Legacy Systems because e Compatible FIPIO devices can only be connected to a HSBY Premium system through an Ethernet to Fipio gateway Such a gateway can be programmed using a standalone Premium PLC with a Fipio integrated port and an Ethernet port e Not compatible use of specific DFB for the data exchange Ha db_basic Ha_db_cycle_opt Ha_db_size_opt e Not compatible use of specific EF for Grafcet SFC in Unity context exchange PL7 Warm In most cases a PL7 Warm Standby application will be accepted by the PL7 Standby Unity Pro converter conversion The features that are not supported by the Premium HSBY PLC will not be converted errors signaled by the converter After conversion the new Unity Pro application will require important modifications to fit to the Ethernet I O and new Premiu
169. ted by a unique number via the graphic block this number is automatically generated and can not be altered You position and set up these functions in your program in order to carry out your application You can also develop other functions using the SDKC development kit EFB Is the abbreviation for Elementary Function Block This is a block which is used in a program and which performs a predefined software function EFBs have internal statuses and parameters Even where the inputs are identical the output values may be different For example a counter has an output which indicates that the preselection value has been reached This output is set to 1 when the current value is equal to the preselection value Elementary see EF Function EN EN means ENable this is an optional block input When EN is activated an ENO output is automatically drafted If EN 0 the block is not activated its internal program is not executed and ENO its set to 0 If EN 1 the internal program of the block is executed and ENO is set to 1 by the system If an error occurs ENO is set to 0 ENO ENO means Error NOtification this is the output associated to the optional input EN If ENO is set to 0 caused by EN 0 or in case of an execution error e the outputs of function blocks remain in the status they were in for the last correct executed scanning cycle and e the output s of functions and procedures are set to 0
170. ted in the section 0 at each PLC scan If not the Standby output value will be erased by the value coming from the Primary PLC Failure to follow these instructions can result in injury or equipment damage 138 35012068 02 september 2007 Programming Debugging Transferring the program in the Primary and the Standby Transferring the Transfer the program to the Primary CPU program e Connect the PC to USB plug or Uni Telway e Use the Unity Pro command PLC gt Transfer program to PLC Transfer the program to the Standby CPU e Connect the PC to USB plug or Uni Telway e Use the Unity Pro command PLC gt Transfer program to PLC 35012068 02 september 2007 139 Programming Debugging 6 2 Debug Program At a Glance Purpose This section describes the Debug Program of the Premium Hot Standby What s in this This section contains the following topics Section 7 Topic Page Debugging 141 Adjusting Mast Task Properties in a Premium Hot Standby PLC 143 140 35012068 02 september 2007 Programming Debugging Debugging Introduction Debug and Diagnostic Debug the control command of the procedure Debug the First Section in Standby PLC An application for a Premium Hot Standby PLC integrates the control command part of the procedure like a non Hot Standby PLC It doesn t integrate any specific function blocks relating to the redundancy
171. ter the event In rack Discrete I O state e PLC A I O powered off Remote I O state e PLC A ETY powered off e PLCB all connections w I O scanner is active e PLC B calculated and applied at the end of the task cycle ith Ethernet devices are open Ethernet I O scanner SCADA NR 1 h FEGA Primary SCY DIG JDIG IN JOU sc NR 1 PS CPU ETY PS CPU ETY SCY DIG DIG IN JOU ETH P ETH SCPI Port 114 Port 114 PLC B Global status Communication status 1 NR Not Responding Customer diagnostic through Ethernet address The process is still active but the HSBY system is no longer redundant as long as the PLC A is powered off e No access to PLC A CPU system no longer running e Normal access to PLC B accessible through terminal port Modbus and Ethernet links for diagnostics SWE61 1000 0000 0110 0010 e The accessed PLC is PLC B primary e The other PLC is PLC A undefined SWE2 Not significant because one of the two PLC is Not Responding 210 35012068 02 september 2007 System Detailed Behavior upon Failures Power Failure on Standby Main Rack The following table presents power failure on the main rack of the Standby PLC Before the event In rack Discrete I O state e PLC A calculated and applied at the end of the task Ethernet I O scanner SCADA a
172. to provide information on the Hot Standby system status Do not in any case connect other Ethernet devices on this link This may impact the database exchange between the two PLCs and the switchover time Failure to follow these instructions can result in injury or equipment damage The system determines that one of the two Premium Hot Standby CPUs will be the Primary controller and the second controller as the Standby The CPU with the lowest MAC address becomes PLC A Primary The other CPU becomes PLC B Standby To guarantee which PLC will become the Primary when the two PLCs are powered up simultaneously it is possible to use a time lag relay on the supply of the main rack of one of the two PLCs During this process the PLC that has the time lag relay in its supply cabling will be the Standby PLC 35012068 02 september 2007 53 Setting up Installing and Cabling Connecting the ETY modules Because it is not possible to have a non ambiguous diagnostic of the Premium Hot Standby system with only one link between the two PLCs CPU sync link it is mandatory to configure one Ethernet module in each PLC the two ETY modules must to be linked with an Ethernet cable with or without switches The following illustration displays a very simple Premium Hot Standby configuration l Connection Connection block block PLC Primary A PLC Standby B mh ETY sync
173. troller executes the application program controls the Ethernet I O Standby and In rack I O and updates the Standby controller at the beginning of every scan Controllers program cycle If the Primary controller fails the Standby controller takes control within one scan To determine if the Primary controller failed note controller s status displayed in the Display block with indicator lamp The Standby controller does not execute the full application program but only the first section and the Standby controller does not control the redundant In rack I O and Ethernet I O but checks the Primary health Note e Redundant In rack I Os are those that are connected in parallel between the 2 PLCs via specific connection blocks e Local In rack I Os are not connected in parallel The Primary and the Standby controllers can manage local In rack I O with some restrictions 16 35012068 02 september 2007 Overview Switchover Either of the two controllers may function as the Primary controller and the other as Capability the Standby controller Primary and Standby states are switchable Therefore if one of the two controllers is functioning as the Primary controller the other must be in Standby mode Otherwise the second controller is in the default mode which is offline The Ethernet I O and the redundant In rack I O are always controlled by the Primary controller Monitoring the The Primary and the Standby controllers communicate with eac
174. ts 108 logic mismatches 177 M MAC addresses 16 maintenance 163 modes 103 35012068 02 september 2007 269 Index O U offsets 94 upgrading 185 overhead 43 W P wiring accessories primary controllers 16 processors 17 programming 123 fiber optic 60 R real time clocks 121 registers command 113 reverse 27 status 115 remote clients 108 replacing a faulty module 171 S scan times 42 setting up 51 swapping addresses 94 switchovers cold start 120 logic mismatches 177 swapping addresses 94 USB 34 system errors 199 T tasks 28 TFTP servers 108 topologies 56 transfer time 47 TSXETY4103 52 TSXETY5103 52 TSXH5724M 17 TSXH5744M 17 TSXSCP114 52 TSXSCY21601 52 270 35012068 02 september 2007
175. ut Stopping have the same versions of firmware In fact there are checks by the controllers to detect if there is a mismatch in firmware Normally when a mismatch exists performing a switchover would not be possible because the Standby controller would not be allowed to go online However to allow an OS Upgrade without stopping the application overriding is possible by setting the Command Register system bit SW60 4 Note IMPORTANT INFORMATION OS upgrade is possible only with compatible firmware A CAUTION RISK OF EQUIPMENT DAMAGE Enabling OS upgrade without stopping the application overrides the process of checking whether the Primary and Standby are configured identically Disable the upgrade without stopping bit as soon as the OS upgrade is finished Failure to follow these instructions can result in injury or equipment damage 186 35012068 02 september 2007 Handling CPU OS Upgrade Executing the OS Upgrade Procedure General How to perform an OS Upgrade Perform an OS upgrade using the installed OSLoader tool Follow these steps Step Action 1 Connect Unity Pro to the Primary PLC through Uni Telway terminal port 2 Access Command Register SW60 set bit 4 to 1 OS version mismatch allowed 3 Stop the Primary Ensure Standby becomes Primary 4 Disconnect Unity Pro 5 Open the OSLoader tool 6 Download the new OS
176. uting the To make online modifications to an application program logic program or project in Procedure the Primary controller follow these steps Online Step Action 1 Ensure both Primary A and Standby B controllers are in Run Primary and Run Standby mode Modify online the application on the Primary PLC Results e The Standby PLC B goes to Offline mode Logic Mismatch e The Primary PLC A is active on the process The system is no longer operating in redundant mode After tests save the application in the PC Download the saved application to the Standby PLC B Result e During the transfer the PLC B is in Non Configuration state e At the end of transfer the PLC goes to the Stop Offline mode Initiate RUN command on the Standby PLC B Result The PLC B goes to Standby mode Note If the Primary PLC A failed during the Online modification the user has to connect Unity Pro to the PLC B and perform a STOP RUN command The PLC B will go in Run Primary mode Pro Note The online modification in the Standby controller first is not allowed by Unity Note An online modification in an animation table or in a comment will not generate a logic mismatch if the Animation tables and Comments options are not checked in the Build Tab of Tools Project Settings 35012068 02 september 2007 181 Handling application Modification Offline Make offline modifications on th
177. when processing some application programs additional system overhead may occur Example 1 e Standalone application scan time 80 ms e Data state RAM unlocated variables 100 Kilobytes Example 2 e Standalone application scan time 80 ms e Data state RAM unlocated variables 300 Kilobytes The following illustration displays the example 1 y SRR Result K o 30ms No impact on scan time data exchange 30 lt 80 ms Note Input and Output driver scan time depends on type of I O and number of I O It s immaterial compared to the total scan time 44 35012068 02 september 2007 Behavior and Performances The following illustration displays the example 2 LL lial Result HSBY impact on scan time 40 ms D Ss 40 ms USS LSA JO aUL UES 35012068 02 september 2007 45 Behavior and Performances 3 2 Performances of Premium Hot Standby At a Glance Purpose This section describes the Performance of Premium Hot Standby system What s in this This section contains the following topics Section 7 Topic Page Address Swap Times 47 X Bus I O switchover time 48 46 35012068 02 september 2007 Behavior and Performances Address Swap Times Description The following table details what the time for an Address swap comprises such as the time to close connections time to swap IP addresses or time to establish connections T
178. when the Primary PLC is stopped 154 35012068 02 september 2007 Operating 7 2 Switchover At a Glance Purpose This section describes the Switchover of the Premium Hot Standby What s in this This section contains the following topics Section Topic Page Operating modes overview 156 Conditions for Switch over 158 35012068 02 september 2007 155 Operating Operating modes overview General points The following state diagram shows a dynamic view of the main Hot Standby states Run and Stop Run amp no remote Offline remote Primary PLC Primary PLC Switch over Failure or Incompatible remote Run application Standby Failure disappears and remote is Primary At Cold start with the Automatic Start in Run option configured the PLC restarts depending on the remote PLC state local failure state application mismatch state If Then The remote PLC is Primary the two The PLC restarts in Standby mode applications are identical and no local failure The remote PLC is Primary and the two The PLC restarts in Offline mode applications are not identical or there is a local failure 156 35012068 02 september 2007 Operating If Then There is no remote Primary and no local failure The PLC restarts in Primary mode There is no remote Primary but there is a local failure The PLC restarts in O
179. xists the Standby Controller goes to Offline and switch over cannot occur In a Premium Hot Standby System if the user does any of the following the Standby will go into Offline mode e Modify edit online an application program in the Standby while the Primary controls the process e Modify online an application program in the Primary while the Primary controls the process e Download an offline modified application program to the Standby Note Modify online an application program means e modify the executable code whatever the task by adding suppressing or changing an instruction in the code e modify a configuration parameter by changing a value in a configuration screen 178 35012068 02 september 2007 Handling application Modification Online Offline Modifications to an Application Program Overview A Hot Standby configuration is no longer redundant when there are different applications executable program or hardware logical configuration in the Primary and Standby PLCs In this case the Standby PLC is Offline and so the switch over cannot occur Logic mismatch is not supported by a Premium Hot Standby system The following procedure describes how the user can modify the application in the two PLCs of a Premium Hot Standby system with a minimum impact on the process 35012068 02 september 2007 179 Handling application Modification Onli
Download Pdf Manuals
Related Search