Behavior of the Disaster Recovery System in case of failure of one or more servers
The following subsections show the behavior of the disaster recovery system in various failure scenarios.
The server designations A, B, C and D correspond to the server designations in the figures of the chapter System architecture.
Failure of server A. Servers B, C and D are operational
This failure is handled by the standard redundancy. In this case, a redundancy switchover takes place and the passive server of the PSS becomes active and takes over all tasks and communication with the field devices (or control stations with OPC UA port).
Failure of server B. Servers A, C and D are operational
If the passive server of the PSS has failed, this has no effect on the operation of the system.
Failure of Servers A and B. Servers C and D are operational.
If both computers of the PSS fail, the SSS takes over the control, starts the control manager and the drivers, establishes the connection/communication to the field devices (or master control station with OPC UA port) and processes the data. Starting the control manager and drivers is hierarchical, with configurable time between each step.
Failure of servers A and C. Servers B and D are operational
This has no effect on the operation of the system, since at any time one computer of the two systems is still operational. In general, the same behavior as described in the first case would apply in this case, although the default hot standby redundancy switches to server B on the PSS.
Failure of servers B and D. Servers A and C are operational.
This has no effect on the operation of the system, since at any point in time one computer of the two systems is still operational. In general, the same behavior as described in the second case would apply in this case.
Failure of servers A, B and C. Server D is operational
If both servers of the PSS and the active computer of the SSS fail, the system behaves very similarly to the third case described above. The only difference is that now the standby server of the SSS takes control of all tasks.
