Redundancy

Running a WinCC OA project on two redundant servers, which use one database, both RDB managers have to phase a redundancy replication. The task of a redundancy replication is to write the data streams of both RDB managers (active and passive) without causing conflicts or writing the same data twice.

Tasks of the active/passive RDB manager

The data streams in the RAM or on the local HDD (BufferToDisk functionality) of the active and the passive RDB manager are identically. Differences between the both RDB managers result of the tasks and the permissions, which are listed in the following.

Active RDB manager

The active RDB manager is this one, whose server has the leader position. During a redundancy replication the active RDB manager is responsible for the following processes:

  1. It buffers all data streams of the active server in RAM or also on the local HDD (BufferToDisk functionality).

  2. In opposition to the passive RDB manager, only the active RDB manager has the permission to write the buffered data blocks into the data base.

  3. After every written data block, the active RDB manager sets the DPTime and DPName stamps from the content of the last block entry onto the internal data points _RDBArchive.writingStatus.lastWrite and _RDBArchive.writingStatus.lastDp.

Passive RDB manager

The passive RDB manager is this one, whose server features the hot standby functionality. During a redundancy replication the passive RDB manager is responsible for the following processes:

  1. It buffers all data streams of the passive server in the RAM or also on the local HDD (BufferToDisk functionality).

  2. It reads the stamps from the internal data points _RDBArchive.writingStatus.lastDp and _RDBArchive.writingStatus.lastWrite, which has been set by the active RDB manager, and compares them with the values in his data stream. If the both stamp pairs equal, the passive RDB manager removes all the data blocks in its data stream, which are saved previous to the equalling entry.

For this reason that the data blocks, which have been written by the active RDB manager into the DB, will be successfully removed from the data stream of the passive RDB manager, the following config entries are required in the config file:

fwdDp = "_RDBArchive.writingStatus.lastWrite" /for the active server

fwdDp = "_RDBArchive_2.writingStatus.lastWrite" /for the passive server

During too fast redundancy switches it may occur that the RDB manager is "hanging" when the network connection is lost during a call to the Oracle server. If the network connection is lost for a longer period of time, Oracle SQL*Net will recognize this, when the "KeepAliveTime" registry entry is lower than the period of connection loss. If the connection is earlier available than the "KeepAliveTime", the RDB manager will "hang".

Solution: Make a manual redundancy switch and restart the "hanging" RDB manager.

Note that this is not a problem of WinCC OA, it's an Oracle one.

Example

The active and the passive RDB managers receive a similar data stream. Because the formation of blocks in both managers is asynchronous, the collected blocks have different sizes (see figure below). This example demonstrates you the interplay of the active and the passive RDB manager.

Figure 1. Different blocks of the same data streams

Active RDB manager

Single data are processed without an interaction of the passive RDB manager.

  1. The data (commands, changes, etc.) are summarized to data blocks and buffered in RAM or also on the HDD (active BufferToDisk functionality).

  2. Thence the blocks are processed and then written into the database.

  3. As soon as a whole data block was written into the DB, the contents of the last entry (e.g. in the data block 11 the last entry has the content “DBName 30, DPTime 30”) are set on the internal data points _RDBArchive.writingStatus.lastDp and _RDBArchive.writingStatus.lastWrite.

  4. Following the same pattern all blocks are written sequential into the database.

Passive RDB manager

Single data are processed without an interaction of the active RDB manager.

  1. The data (with commands, changes, etc.) are summarized to data blocks and buffered in RAM or also on the HDD (active BufferToDisk functionality).

  2. The stamps in the internal data points, which have been set by the active RDB manager, are readout (in this example “DPName 30” and “DPTime 30").

  3. The passive RDB manager compares the read stamp pair with the contents in its data blocks.

  4. If a pair is found in a block (explicit identified by “DPName” and “DPTime”), the passive RDB manager removes automatically all older blocks from its data stream (in this example data block 5), because these are the data blocks, which have been already written into the DB by the active RDB manager into the DB.

  5. If a pair is not found, all data blocks are maintained.

Breakdown of a server

In case of a breakdown of the active server, the passive assumes its tasks and permissions automatically. Now the passive server (now active) writes into the database and sets the stamps “DPName” and “DPTime” onto the internal data points. The risk that younger stamps are overwritten by older stamps, which the passive server buffered in its RAM before the breakdown, and the data is written twice into the data base, will be avoid thanks to the remove function of the server as it was in the passive status.

After rebooting a crashed server (active or passive), the buffered data blocks on the HDD will be marked and written into the database, independent of the server status. Thus spares the effort for copying data from one server onto each other. After writing all the marked data blocks into the DB, the permissions of writing and stamping are taken from the passive server and the active server accounts for these processes by oneself again.