Disaster Recovery System

High availability and reliability are becoming increasingly important in automation technology. Even a short outage can lead to significant costs and security risks. This can be prevented with the help of the WinCC OA Disaster Recovery System.

As a management system, it has an integrated Hot Standby Redundancy Concept. This means that the high requirements of plant manufacturers and operators in terms of availability as well as process and data security can be met. Reliability in a redundant system is implemented with hot standby. It is a security concept that consists of two servers connected to each other. Both are permanently operational and are subject to the same functional demands. Only one server is active at a time. The second passive server synchronizes the data at runtime. If a unit fails, a “flying switch” is executed and the previously passive server takes over control.

The aim of the disaster recovery system is to expand the redundancy concept with a warm standby system so that the functionality of the system is maintained even in the event of a complete failure or a shutdown in the course of e.g. maintenance on the redundant system. This keeps data loss and idle time as low as possible. This is achieved by assigning a second system, the so-called Secondary Server System (SSS), to the first redundant hot standby system (primary server system; PSS) and implementing a “warm standby” between the two systems. This means that the data between the two systems is permanently synchronized.

This has two advantages:

  • In the event of a complete system failure, the system remains operational.
  • The historical data can be subsequently synchronized.

The main requirement for the disaster recovery system is to minimize data loss, inoperability and idle time on the part of the management system. To ensure this, constant synchronization of online and configuration data between the PSS (Primary Server System) and the SSS (Secondary Server System) is essential. However, since the amount of this data is very extensive and depends on the size of the project, the system operator or integrator should manage and determine the scope and synchronization interval between the two systems as much as possible.

The following features are provided by the Disaster Recovery System:

  • Synchronization of online data changes between PSS and SSS at runtime. At startup, only values ​​from the active to the passive system are synchronized.
  • Synchronization of alarm status (acknowledgment status, acknowledgment time, acknowledgment user, alarm comments) between PSS and SSS at runtime.
  • Cyclic synchronization of configuration changes (alarm handling, data point functions, etc.) between PSS and SSS.
  • Automatic (cyclic) or manually triggered synchronization of project files (panel files, control scripts and libraries, data point lists, color databases, graphic files and images, text catalogs).
  • Synchronization of historical data (via Oracle® packages) as triggered by the user after an SSS system failure or a break in the connection between PSS and SSS.
  • Synchronization of user management (user data).
  • Automatic switching between PSS and SSS and automatic/manual switching between SSS and PSS.
  • Working with a user interface connected to either the PSS or the SSS (two different file associations are required on the desktop) is possible.
  • Automatic switching on the client between the PSS and SSS user interfaces on the currently running system (two user interfaces active in parallel), provided a second UI license is available. Otherwise, a manual start of the first system is required if it has failed.

Chapter Overview

Chapter Description
Basics on the Disaster Recovery System Basic information on the Disaster Recovery System, its functions, system architecture (PSS, SSS), operation and behavior in case of the failure of a server.
Requirements and Installation Requirements and installation of the Disaster Recovery System.
Configuration in WinCC OA Step by step instructions for setting up a Disaster Recovery System.
Configuration of the Disaster Recovery System
Configuration - Introduction Introductory information on the configuration of the Disaster Recovery System.

Description of the available Wizards for general configuration of the Disaster Recovery System (divided into 6 steps).

System Overview Description of the overview panel of the installed and set up Disaster Recovery System.
File Synchronization Description of the panel for configuring the synchronization of the project files.
Database Synchronization Description of the panel for the configuration of an historical database synchronization.
Database Configuration
Requirements and Installation Requirements and preparation of the database for historical database synchronization.
Synchronization Process Description of the procedure for historical database synchronization.
Status of the Synchronization Description of the possible status conditions for historical database synchronization.
Control of the Client Behavior Controlling the client behavior with the aid of a Disaster Recovery System reference object.
Internal Data point Types of the Disaster Recovery System Description of the internal data point types.
Possible config entries Description of possible config entries.
Debug flags of the Disaster Recovery System Description of available debug flags.
Notes and Restrictions Details and Restrictions that should be noted when using the Disaster Recovery System.
Glossary Description of the terms and abbreviations used in the documentation of the Disaster Recovery System.