SAFE FAILOVER BETWEEN REDUNDANT CONTROLLERS

SAFE FAILOVER BETWEEN REDUNDANT CONTROLLERS

A control device (220a) for use with at least one further control device (220b) in controlling an industrial system (210), to which the control device and further control device are connected via a data network (240). On the one hand, the control device is operable to function as primary controller,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: JOHANSSON, Bjarne, RÅGBERGER, Mats
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A control device (220a) for use with at least one further control device (220b) in controlling an industrial system (210), to which the control device and further control device are connected via a data network (240). On the one hand, the control device is operable to function as primary controller, wherein it feeds control signals (110) to the industrial system. On the other hand, the control device is operable to function as a backup controller, wherein it routinely performs a failure detection on the primary controller via the data network, and transforms into primary controller in reaction to a positive failure detection. The transformation from backup controller into primary controller is conditional upon verifying that a node (230) in the data network appointed as network reference point, NRP, responds to a call from the backup controller. A malfunctioning NRP can be replaced with a different NRP candidate at runtime.