ICONICS Worldwide Customer Summit – September 2006

HMI-10: Redundancy Strategies for Plant OperationsHMI-10: Redundancy Strategies for Plant OperationsJohn Pettit

2

IntroductionIntroduction

ICONICS Team

John Pettit, VP of Business DevelopmentDave Oravetz, VP of EngineeringMatt Michel, Senior DeveloperClive Walton ICONICS, UK Managing Dir.Jan Burian Senior DeveloperPetr Votava QA Manager

Marathon Technologies

Michael Bilancieri Director of Products

3

WelcomeWelcome

What is important•Uptime•Data Integrity•Record Keeping•Traceability

4

GoalGoal

Achieve•High Reliability•High Availability•Five 9’s Level of Performance

5

Goal - A Look BackGoal - A Look Back

Require Sourcing Systems• From One Vendor- Proprietary Hardware and Software- OS, Hardware, Networks and Protocols

Compromising - Your ability to chose- Your ability to grow- Your ability to improve

6

Good News – Today!Good News – Today!

You have choices• You can use Open control systems technology

Show you the Choices

Fault Tolerant SolutionsClusters / High Availability SolutionsGENESIS32 Redundancy

Review the features and advantages of each

7

Introduction to FT, Cluster, and Introduction to FT, Cluster, and Other High-Availability Other High-Availability

SolutionsSolutions

Dave Oravetz, VP of Engineering

• Fault Tolerant Solutions

• Clusters / High Availability Solutions

8

1. Fault Tolerant Solutions

2. Clusters / High Availability Solutions

3. GENESIS32 Redundancy

Approaches to RedundancyApproaches to Redundancy& Fault Tolerance& Fault Tolerance

9

Fault Tolerant SolutionsFault Tolerant Solutions

What is Fault Tolerance / Redundancy?• Ability to continue without stoppage when a

hardware or software failure occursWhat is a Fault Tolerant Server?• Single box replacement for a workstation /

Server• Designed for 99.999% or greater uptime

- No more than 5 minutes of downtime / year

• Replicated, fault-tolerant hardware components• “Lockstep” technology at the instruction level

10

Fault Tolerant SolutionsFault Tolerant Solutions

Primary Vendors•Stratus•NEC•Marathon Technologies

11

Stratus/NEC SolutionsStratus/NEC Solutions

Stratus / NEC Fault Tolerant ServerUses replicated, fault-tolerant hardware componentsCore Elements• LockStep Technology• Failsafe Software• ActiveService Architecture

12

Fault Tolerant ServersFault Tolerant Servers

Architecture

13

Stratus Fault Tolerant Stratus Fault Tolerant ServersServers

Stratus ftServer W Series• 2400

- One pair of 3.2 Ghz Xeon processors- 1 MB iL2 Cache- 1 to 4 GB DDR DIMM- Windows Server 2003 Standard Edition- Limited Hot-swap capability

• 4300- Up to two pair of 3.2 Ghz Xeon processors- 1 MB iL2 Cache- 1 to 4 GB DDR DIMM- Windows Server 2003 Enterprise Edition

• 5700- Dual-core 2.80 GHz Xeon processors- 2 MB iL2 Cache- 2 to 16 GB DDR2 - Windows Server 2003 Enterprise Edition

14

ICONICS / Stratus ICONICS / Stratus InstallationsInstallations

Bombardier• Dallas / Fort Worth Airport• London Heathrow Airport• Madrid Airport• Taiwan Meihu AirportUK – United BiscuitsUK – Rhodia ChemicalsDenmark – WindfarmHong Kong – Flood Water monitoring

15

1. Fault Tolerant Solutions

2. Clusters / High Availability Solutions

3. GENESIS32 Redundancy

Approaches to Redundancy Approaches to Redundancy TechnologyTechnology

16

ClusteringClustering

What is Clustering•Grouping of Independent server

nodes•Appears on network as a single

system•Provides Backup Operations

17

MSCS ClusterMSCS Cluster

Cluster Service monitors health & invokes Failover

Microsoft Cluster Microsoft Cluster ServiceService

AppApp

18

Microsoft Cluster SupportMicrosoft Cluster Support

Microsoft Cluster Service (MSCS)•Widely used•Heartbeat technology to detect failure•Restart failed applications on same

node•Move applications upon node failure• Intended for file servers, print servers,

database servers, and other servers

19

Microsoft Cluster SupportMicrosoft Cluster Support

Microsoft Cluster Service (MSCS)•Application state not saved by cluster•Applications are responsible for this•Failover time:- Seconds to Minutes- Depends on Custer Configuration- Depends on Application

• ICONICS Software can run on Clusters- Contact ICONICS for more Information

20

GENESIS32 Applications• WebHMI Server

BizViz Applications• BridgeWorX• PortalWorX• ReportWorX• MobileHMI

Cluster Server – ICONICS Cluster Server – ICONICS ApplicabilityApplicability

21

1. Fault Tolerant Solutions– Stratus / NEC FT Server– Marathon everRun FT

2. Clusters / High Availability Solutions

– MS Clustering Technology– Marathon everRun HA

3. GENESIS32 Redundancy

Approaches to Redundancy Approaches to Redundancy TechnologyTechnology

22

Introducing Marathon Introducing Marathon TechnologiesTechnologies

Michael Bilancieri Director of Products

23

23

Marathon everRun™

The Next Generation in High Availability

24

Marathon everRunMarathon everRun

What we do? • Provide simple and affordable alternatives to clusters and proprietary

hardware• Automated, yet comprehensive application availability on standard servers• Deliver turn-key availability solutions• High Availability and Fault Tolerance for ANY Windows application

How do we do it?• We use a patented virtualization architecture instead of traditional

clustering/failover technologies• Create a single Windows platform environment using two servers• ComputeThru® instead of failover• Provide Intelligent Policy Management – automatic vs. scripted, manual

policy

25

everRun Product FamilyeverRun Product Family

everRun HA• High availability for any Windows application• Complete data and transactional integrity• For applications with a small Recovery Time

Objective

everRun FT• Fault Tolerance for any Windows application• Zero downtime - Zero data loss• For critical applications requiring Zero Recovery

Time

everRun SplitSite• Supports both everRun HA and everRun FT• Continuous operations through a site disaster• Geographically separate Servers

26

everRun Virtual VieweverRun Virtual View

27

Marathon everRunMarathon everRun

ArchitectureArchitecture

Virtual Server

Processors

Virtual OS

CoServer

Processors

CoServer OS

Virtual Server

Processors

Virtual OS

CoServer

Processors

CoServer OS

Storage

PublicEthernet

CoServer 1

Gig-e

Main

Mem

ory

Main

Mem

ory

CoServer 2

Virtualized into a single Windows environment

Storage

PublicEthernet

Back to Logical View

28

everRun - Unique ValueeverRun - Unique Value

No failover configuration & management• All fault management and policies are embedded and automatic

Supports ANY Windows application• No scripting or ongoing maintenance

• All migration policies embedded

• Failure management transparent to the application

Simple – to deploy and manage• Single Windows environment

• No scripting or custom coding for application support

• Doesn’t require specialized expertise

No shared-disk subsystem• Data redundancy – zero data loss• No single point of failure

29

everRun Advantages everRun Advantages

Complete system and data protection

• No single point of failure

Appears as a single reference system

• One system to install and manage• One application license

Protect ANY application out-of-the-box

• No need for ‘cluster aware’ versions• No scripting

SplitSite allows miles of separation between servers

• Complete protection from site failures

Embedded fault & policy management

• No configuration required

No proprietary hardware• Works with standard Intel and AMD

servers

Hardware layer masked from application environment

• Automated error handling and correction

ComputThru technology redirects I/O away from failed devices

• Automatic• No interruption of application• Extremely resilient application

environment

30

Matt Michel, Senior Developer

• ICONICS DataWorX32 Professional

GENESIS-32 Redundancy GENESIS-32 Redundancy SolutionsSolutions

31

DataWorX32 V9 – StandardDataWorX32 V9 – Standard

Aliased Tag ReferencesOPC Data Access Redundancy via aliased tag referencesOPC Data Access BridgingOPC Data Aggregation (Patented)OPC Tunneling

32

Redundancy for:- OPC Data Access (non-aliased)- OPC Alarm and Event - OPC Historical Data Access- AlarmWorX32 Logger- TrendWorX32 Logger

Store and ForwardMonitorWorX Node Pair ManagementTag-based Redundancy Management

DataWorX32 V9 – DataWorX32 V9 – ProfessionalProfessional

33

Basic Requirements• Node Pair Definition• Logger Configuration• DataWorX32 Professional LicenseGENESIS-32 Administrative Servers• Security Server• License Server• Global Aliasing Server• Language Aliasing Server• GenEvent Server

Simplified ConfigurationSimplified Configuration

34

Simplified ManagementSimplified Management

New MonitorWorX32• Redundant Node Pair Management• Licensing• GenTray Support• More…

New “rdcy:” Tag References• Process Points in GWX, etc.• Writeable for Automated Management

35

OPC Data AccessOPC Data AccessRedundancy for any OPC DA Server

Professional Edition

Primary Secondary Primary Secondary Primary Secondary

Active Active Active

GraphWorX32

DataWorX32Pro

GraphWorX32

DataWorX32Pro

GraphWorX32

DataWorX32Pro

36

OPC Alarm / EventOPC Alarm / Event

Standby

Active Synchronized Alarm / Events

Primary Secondary Primary Secondary Primary Secondary

A/E Client UpdatesPrimary A/E

AlarmWorX32 Server

Secondary A/E

AlarmWorX32 Server

Active Active Active

AlarmWorX32 OPC AE Server Redundancy

Professional Edition

AlarmWorX32

DataWorX32Pro

AlarmWorX32

DataWorX32Pro

AlarmWorX32

DataWorX32Pro

DataWorX32Pro DataWorX32Pro

37

OPC Historical Data AccessOPC Historical Data Access

Active

Standby

Primary HDA Server

Centralized SQL / Oracle Database

(Stratus/Marathon)

Secondary HDA Server

TrendWorX32 HDA Server Redundancy – Central Database

Professional Edition

TrendWorX32

DataWorX32Pro

TrendWorX32

DataWorX32Pro

TrendWorX32

DataWorX32Pro

DataWorX32Pro DataWorX32Pro

38

OPC Historical Data AccessOPC Historical Data Access

Active

Standby

Primary HDA Server

Primary

SQL / Oracle Database

Secondary HDA Server

TrendWorX32 HDA Server – Duplicate Databases

Professional Edition

Secondary

SQL / Oracle Database

TrendWorX32

DataWorX32Pro

TrendWorX32

DataWorX32Pro

TrendWorX32

DataWorX32Pro

DataWorX32Pro DataWorX32Pro

39

New Store and Forward for New Store and Forward for LoggersLoggers

Active

Standby

Primary Logger

Secondary Logger

Synchronized Logger Clients

Store& FwdQueue

Store& FwdQueue

Logged Data

Primary

Centralized SQL / Oracle

Database

Secondary

AlarmWorX32 / TrendWorX32 Logger Redundancy

Note: TWX Logger now a separate

process

Alarm Server / DA Server

Professional Edition

DataWorX32Pro DataWorX32Pro

40

New Store and Forward for New Store and Forward for LoggersLoggers

Active

Standby

Primary Logger

Secondary Logger

Synchronized Logger Clients

Store& FwdQueue

Store& FwdQueue

Logged Data

Primary

Duplicate SQL /

Oracle Databases

Secondary

AlarmWorX32 / TrendWorX32 Logger Redundancy

Alarm Server / DA Server

Professional Edition

DataWorX32Pro DataWorX32Pro

41

Node Pair ConfigurationNode Pair Configuration

Launches Node Pair

Dialog

42

Logger ConfigurationLogger Configuration

Secondary Database

Store and Forward

43

Redundancy LicensingRedundancy Licensing

1. License required on redundant ICONICS servers (OPC DA excluded)

2. License required on client license

server (likely the ICONICS redundant

servers)

44

MonitorWorXMonitorWorX

Redundancy Tab

Bubble Notification

45

Redundancy Tag Redundancy Tag ReferencesReferences

via Unified Data Browservia Unified Data Browser

Redundancy Status

Tag Reference for Active state of AlarmWorX32 Server

OPC DA Servers

OPC A/E Servers

46

HMI-10 Redundancy Strategies HMI-10 Redundancy Strategies for Plant Operationsfor Plant Operations

Dave Oravetz

• Preferred Approaches

• Sample Configurations

47

ICONICS Preferred ApproachICONICS Preferred Approach

Three Tier Architecture

Layer 1 – Data Access

Layer 2 – Data Processing

Layer 3 – ICONICS ClientsGraphWorX32WebHMI ClientsPocket GENESIS

OPC ServersDataWorX32

AlarmWorX32TrendWorX32ScriptWorXWebHMIBizViz

48

ICONICS Preferred ApproachICONICS Preferred Approach

Layer 1 – Data Access Layer• One or more OPC Servers per node –

depending on performance• Optional Configurations:

- OPC Server Direct Connection to Layer 2- DataWorX32 Standard Installed for Aggregation or

Abstraction- Redundant OPC Servers- Redundant OPC Servers with DataWorX32 Standard

49

ICONICS Preferred ApproachICONICS Preferred Approach

Layer 1 - One or more OPC Servers

OPC Server

OPC Server

DataWorX32

OPC Server

DataWorX32

OPC Server

DataWorX32

• Direct Connect to Layer 2• DataWorX32 Standard for Aggregation or

Abstraction• DataWorX32 Professional Redundant Node Pairs

Layer 1: DataAccess

Layer 3

Layer 2

50

ICONICS Preferred ApproachICONICS Preferred Approach

Layer 2 – Alarm and Trend Servers

• Awx32 Server• Awx32 Logger• Twx32 Logger• Twx32 HDA Server

• Direct Connect to Layer 3

• DataWorX32 Standard for Aggregation (primarily Awx32 DA points)

• DataWorX32 Professional Redundant Node Pair

Layer 2DataProcessing

Awx32 Server

Awx32 Server

DataWorX32

Awx32 Server

DataWorX32

Awx32 Server

DataWorX32

51

ICONICS Preferred ApproachICONICS Preferred ApproachLayer 2 – Other

ICONICS Servers• Alarm Analytics• BridgeWorX• PortalWorX• ReportWorX• ScriptWorX• WebHMI

• Direct Connect to Layer 3

• Fault Tolerant Solution (everRun FT)

• Fault Tolerant Server (Stratus)

Layer 2DataProcessing

BridgeWorXB

ridg

eWo

rX

Brid

geW

orX

MarathonVirtual FT

Server

Brid

geW

orX

Brid

geW

orX

Stratus FT

Server

52

Alternative Approach – Layer 2Alternative Approach – Layer 2Layer 2 – Other

ICONICS ServersApplication Dependent• BridgeWorX• PortalWorX• ReportWorX• WebHMI

• High Availability Solution (everRun HA)

• Microsoft Cluster Server

Layer 2DataProcessing

Brid

geW

orX

Brid

geW

orX

MarathonVirtual HA

Server

Brid

geW

orX

Brid

geW

orX

Microsoft Cluster Server

53

HMI-10 Redundancy Strategies for HMI-10 Redundancy Strategies for Plant OperationsPlant Operations

Sample Configurations

54

MarathonVirtual FT

Server

Example Small Redundant Example Small Redundant SystemSystem

AlarmWorX32 ServerAlarmWorX32 LoggerTrendWorX32 LoggerDataWorX32 StdRSLINX OPC Server

WebHMILicensingSecurityMS SQL Server 2005

WebHMI Clients

Note, this is essentially Layer 1 and part of Layer 2

Note, this is the remainderOf Layer 2

55

Example Large Redundant Example Large Redundant SystemSystem

(Airport Application)(Airport Application)

DataWorX32 StdOPC DA Server

Awx32 ServerAwx32 LoggerTwx32 LoggerDwx32 Std

25 WebHMI Clients

…25 Redundant OPC DA Server Pairs

WebHMI

… ~10 Non- Redundant OPC DA Servers

Rep

ortW

orX

10 GENESIS32 Clients

56

ICONICSProduct

DataWorX32 Prof.

StratusFT

Server

Marathon

everRunFT

Cluster /

everRun HA

OPC Server

AlarmWorX32

TrendWorX32

ScriptWorX32 NA

WebHMI Server

NA

GENESIS32 Fault Tolerance GENESIS32 Fault Tolerance OptionsOptions

Recommended

Suitable

Not Recommended

57

ICONICSProduct

StratusFT

Server

Marathon

everRun FT

Cluster /

everRun HA

MobileHMI Server

ReportWorX

PortalWorX

BridgeWorX

BizViz Fault Tolerance BizViz Fault Tolerance OptionsOptions

Recommended

Suitable

Not Recommended

58

Open System – (OPC) Open System – (OPC) RedundancyRedundancy

Capabilities

ICONICS DataWorX

Pro

CiTech Matrikon ORB

KepWare Redundancy

Master

OPCRedundan

cy

Yes No Yes Yes

OPC DA Yes No Yes YesOPC A&E(Store & Fwd)

Yes No No No

OPC HDA(Store & Fwd)

Yes No No No

Automatic switching

Yes Yes Yes Yes

Supports multiple OPC Server pairs

Yes Yes Yes Yes

No programming or

application changes required

Yes Yes Yes Yes

59

Open System – (OPC) Open System – (OPC) RedundancyRedundancy

Capabilities ICONICS DataWorX

Pro

CiTech Matrikon ORB

KepWare Redundancy

Master

Hot, Warm, and Cold fail over functionality

Yes Yes Yes Yes

Configurable Server polling intervals

Yes Yes Yes Yes

Trigger fail over and fallback

Yes Yes Yes Yes

Monitor RedundancySystem status

MonitorWorXIncluded

Yes Yes Yes

Diagnostic and event logging

Yes Yes Yes Yes

E-mail notifications Via Opt AWX MMX

NO Yes Yes

ICONICS Worldwide Customer Summit – September 2006

Questions?