Hi all,
How can we count system availibility from the nos. of stand-by available?

Thanks for your attention.
S N Nagori

 

One can't simply follow simple statistics and multiply failure probabilities. It's doubtful one could ever get much more than one or two orders of magnitude improvement. There are endless cases where backup systems were not tested properly, did not take over when required, had common cause problems effecting them both, etc. What is your application and what hardware are you considering making redundant?

 

I have noticed that the latest trend in Hot Standby technologies is wide variety of standardized, factory supported solutions. The solution packages are based upon both mid range and high end PLC technologies and offer a wide
range of diagnostic functionality typically found in purpose designed voted redundancy systems. These systems also offer a wide range of I/O cost and diagnostic functionality. If you incorporate the upper end technologies with comprehensive diagnostic functionality, some of these systems can reach the low end of SIL1.

I would not suggest or promote these technologies for human life protection applications as they require a minimum functionality of SIL 2 or 3. Hot
standby systems are typically applied to process uptime applications, where eliminating the most obvious common mode failure points is the issue.

One of the advantages to this approach is that all the synchronization routines are "packaged" and factory supported. This will ensure that the
system has been properly tested, well documented and expandable in the future. All you have to do is add the application code ..............

The real question becomes ..... "If you are going to have two PLCs anyway, why not have the both on-line and operating in a dual voted mode"? These systems offer much higher system performance and do not increase the cost ..........

Chuck Miller
Critical Control Business Development Manager
15511 Rio Plaza Dr. Houston, TX 77083
(281) 495-0333 Fax: (281) 495-0370

 

Hi

Chuck Miller asked the question of why not having two PLCs in active parallel rather than hot-standby. My answer is that reliability of this
dual system is probably much lower than even a single PLC because the dual system fails any time there is a miscompare (which could be due to a
transient event of any kind), and you have to have a fail-safe mode to which you can revert when this happens.

With respect to P. Gruhn's comment on the uncertainty of the switchover reliability of switchover in a hot standby system, this can be accounted for using Markov modeling with a parameter to handle the probability of correct switchover. This parameter is sometimes called "coverage". It turns out that if the coverage is below 50%, then the hot-standby system is less reliable than a single machine, but if it is more, then the combined reliability (and availability assuming that repair times are not affected by the additional processors).

Simple Markov models can be created and solved using no-cost tools. One is a software package called CARMA (look at the IEEE site), another is the academic version of a tool called MEADEP (www.sohar.com/meadep)


--------------------------
Myron Hecht email: [email protected]
SoHaR Incorporated
8421 Wilshire Blvd., Suite 201 Phone: (323) 653-4717 xt. 111
Beverly Hills, CA 90211 Fax: (323) 653-3624
Web Site Home Page: http://www.sohar.com