Hi!
I have a question in regards to a redundant servers operation. Would really appreciate if someone can respond.
I have a pair of redundant servers. If I understand correctly, if a network connection between the servers disappears, both servers will become active as they both will thing that the partner is down. Correct?
If so, how will the remote UIs behave? Will they stay connected to the server that was active before? Will they try connect to both?
Redundant Servers?
- tmalone
- Posts:192
- Joined: Mon Nov 22, 2010 11:21 pm
Re: Redundant Servers?
it would be odd if the UIs had connection to both servers if the network goes down between the servers. it is a question of the network topology, if the network can see both servers and they both became Master: the UI connection would probably stay on the "current" server.
You should consider making the network between the redundant computers more reliable. Consider a direct cable between the servers with no network switch between them! This removes one point of failure and makes it clean and really fast connection between the servers (as fast as the network port). Most server-grade computers have 2 Ethernet ports, you can dedicate one to the redundancy, and let the other one service the IO and the UIs. Be sure to make the connection to the PLCs (i.e. the driver managers) a high number in the failover weights so that it will follow the best IO connection. This can give you redundant connections between the servers, but as you can imagine, it will utilize the direct connection the fastest.
Todd Malone
Siemens HMI CoC USA
You should consider making the network between the redundant computers more reliable. Consider a direct cable between the servers with no network switch between them! This removes one point of failure and makes it clean and really fast connection between the servers (as fast as the network port). Most server-grade computers have 2 Ethernet ports, you can dedicate one to the redundancy, and let the other one service the IO and the UIs. Be sure to make the connection to the PLCs (i.e. the driver managers) a high number in the failover weights so that it will follow the best IO connection. This can give you redundant connections between the servers, but as you can imagine, it will utilize the direct connection the fastest.
Todd Malone
Siemens HMI CoC USA
- n_lev
- Posts:73
- Joined: Tue May 28, 2013 2:24 am
Re: Redundant Servers?
Hi Todd,
Direct connection is usually an option when the servers are next to each other.
To mitigate the risk of damage from, say, fire we are actually installing the servers on the opposite sides of the area controlled and have a Ethernet loop between the servers.
Unfortunately at the moment in one place both fibres of the loop are very close to each other, so there is a potential they'll both get cut at the same time.
Anyway, I actually realized that if clients can see both servers it means the servers can see each other, so that's not a problem, actually.
I'm now thinking of a scenario when in case of a network failure one server can see, say, 2 PLCs out of 5 and the other server can see the other 3 PLCs. Normally, if I set the weights I can trigger the switchover to the server 2. What it means is I will loose the 2 PLCs that are not visible to it. I'm starting to thing in this scenario some sort of split mode is in order. Have you dealt with something like that?
Direct connection is usually an option when the servers are next to each other.
To mitigate the risk of damage from, say, fire we are actually installing the servers on the opposite sides of the area controlled and have a Ethernet loop between the servers.
Unfortunately at the moment in one place both fibres of the loop are very close to each other, so there is a potential they'll both get cut at the same time.
Anyway, I actually realized that if clients can see both servers it means the servers can see each other, so that's not a problem, actually.
I'm now thinking of a scenario when in case of a network failure one server can see, say, 2 PLCs out of 5 and the other server can see the other 3 PLCs. Normally, if I set the weights I can trigger the switchover to the server 2. What it means is I will loose the 2 PLCs that are not visible to it. I'm starting to thing in this scenario some sort of split mode is in order. Have you dealt with something like that?
- leoknipp
- Posts:2928
- Joined: Tue Aug 24, 2010 7:28 pm
Re: Redundant Servers?
Hello,
if the connection between the redundant servers gets lost both servers become active.
A Ui which is still connected to both will use this one as the active server which was passive before. When a server gets active a "REDUNDANCY_SYS_MSG" is sent to all connected processes including the information that the system is active now.
The UI-managers are clients therefore they try to reconnect to a server when the connection is lost.
If the connection between the servers is lost and the servers have connection to different PLCs there is no need to switch to the split mode.
When the connection is reestablished one server project needs to be restarted to make the recovery of the database, this will cause a loss of data because there is different information saved in the database at every server. This recovery needs to be made in every case, even if the split mode was activated.
If the split mode was not activated it is done automatically otherwise the operator has to send the command to get back into the redundancy mode.
With the config-entry useOfflineErrorstateInfo = 1 for the section [calcstate] you can activate an additional function for redundant projects. If this config-entry is set the system decides which server project needs to be restarted for the recovery.
For details please have a look at the online help.
Best Regards
Leopold Knipp
Senior Support Specialist
if the connection between the redundant servers gets lost both servers become active.
A Ui which is still connected to both will use this one as the active server which was passive before. When a server gets active a "REDUNDANCY_SYS_MSG" is sent to all connected processes including the information that the system is active now.
The UI-managers are clients therefore they try to reconnect to a server when the connection is lost.
If the connection between the servers is lost and the servers have connection to different PLCs there is no need to switch to the split mode.
When the connection is reestablished one server project needs to be restarted to make the recovery of the database, this will cause a loss of data because there is different information saved in the database at every server. This recovery needs to be made in every case, even if the split mode was activated.
If the split mode was not activated it is done automatically otherwise the operator has to send the command to get back into the redundancy mode.
With the config-entry useOfflineErrorstateInfo = 1 for the section [calcstate] you can activate an additional function for redundant projects. If this config-entry is set the system decides which server project needs to be restarted for the recovery.
For details please have a look at the online help.
Best Regards
Leopold Knipp
Senior Support Specialist