WO2019227401A1 - 冗余热备控制系统、方法、控制设备及计算机可读存储介质 - Google Patents

冗余热备控制系统、方法、控制设备及计算机可读存储介质 Download PDF

Info

Publication number
WO2019227401A1
WO2019227401A1 PCT/CN2018/089283 CN2018089283W WO2019227401A1 WO 2019227401 A1 WO2019227401 A1 WO 2019227401A1 CN 2018089283 W CN2018089283 W CN 2018089283W WO 2019227401 A1 WO2019227401 A1 WO 2019227401A1
Authority
WO
WIPO (PCT)
Prior art keywords
control
virtual
control device
devices
ipc
Prior art date
Application number
PCT/CN2018/089283
Other languages
English (en)
French (fr)
Inventor
李冬
杨晓波
王同舟
康尧磊
张传雨
Original Assignee
西门子股份公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西门子股份公司 filed Critical 西门子股份公司
Priority to EP18920922.4A priority Critical patent/EP3789834A4/en
Priority to PCT/CN2018/089283 priority patent/WO2019227401A1/zh
Priority to US17/059,282 priority patent/US12013769B2/en
Priority to CN201880093866.8A priority patent/CN112204482B/zh
Publication of WO2019227401A1 publication Critical patent/WO2019227401A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • G05B19/4184Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by fault tolerance, reliability of production system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2023Failover techniques
    • G06F11/2028Failover techniques eliminating a faulty processor or activating a spare
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/20Handling requests for interconnection or transfer for access to input/output bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/34Director, elements to supervisory
    • G05B2219/34488One computer, controller replaces other, backup computer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the invention relates to a redundant hot standby control system, method, control device and computer-readable storage medium.
  • a backup controller is usually configured as a backup for each key controller (also called the main controller) in the system.
  • the main controller and the standby controller can receive the same input signal and process the input signal at the same time, but under normal circumstances, only the main controller can output.
  • the standby controller can also replace the main controller to output immediately because the standby controller is also running at the same time, which can ensure the continuous operation of the system. It can be seen that this redundant hot standby control system can provide great reliability and excellent convenience for industrial control systems. However, this 1: 1 setting ratio of the main and standby controllers will also cause system cost Multiplied.
  • the redundant hot standby control system includes: at least one main control device 101 1 to 101 n respectively running one of the redundant hot standby control systems. Process; backup control device pool 102, including at least one industrial control computer (IPC); wherein a plurality of virtual control devices are established on at least one IPC, and the plurality of virtual control devices established on the at least one IPC are respectively associated with the At least one main control device 101 1 to 101 n corresponds and runs the same process as its corresponding main control device; a control bus 103 that connects one of a plurality of main control devices 101 1 to 101 n and one of the backup control device pools 102 Or multiple IPCs to achieve communication between multiple master control devices 101 1 to 101 n and multiple virtual control devices; and a fieldbus 104 that connects multiple master control devices 101 1 to 101 n and a backup control device pool 102
  • One or more IPCs and a plurality of field devices 105 realize the plurality of main control devices 101
  • control bus 103 and the field bus 104 may be implemented by a standard bus based on industrial Ethernet technology.
  • the main control devices 101 1 to 101 n , the backup control device pool 102, and the field devices 105 and the central control device 106 are connected to each other through a control bus and / or a field bus.
  • this bus-type connection is simpler.
  • the fieldbus 104 can be implemented using a standard industrial Ethernet technology-based bus, compared to the connection method in which a main controller and a standby controller in a conventional redundant hot standby control system need to be separately connected to their corresponding field devices. It requires fewer connections, so it can further save the hardware resources of the control system and reduce the hardware cost of the control system.
  • the foregoing IPC includes:
  • the IPC hardware 201 includes a processor, a memory, a disk, and an input / output interface;
  • the multiple virtual control devices 202 1 to 202 x correspond to the main controller devices in the multiple main control devices 101 1 to 101 n respectively, and the same processes as those of the corresponding main control devices are executed thereon.
  • a universal operating system 203 for providing a configuration management program and an interface for managing the plurality of virtual control devices 202 1 to 202 x ;
  • the virtual machine monitor 204 runs on the IPC hardware 201 and is configured to configure hardware resources for the virtual control devices 202 1 to 202 x .
  • an intermediate software layer can be established between the hardware of the IPC and the operating system (general operating system or virtual machine).
  • the purpose is to integrate the IPC
  • the physical hardware is logically divided into a plurality of relatively independent parts, which are respectively allocated to different operating systems, thereby simulating one hardware device to multiple hardware devices.
  • Applying the virtual machine monitor 204 to create and manage virtual control devices can more effectively implement a soft standby scheme in which one physical device simulates multiple physical standby controllers.
  • the processor is a multi-core processor with M cores, where M is an integer greater than 1; wherein the general operating system 203 is run on one core of the multi-core processor; and the remaining M
  • the -1 cores run M-1 virtual machines, respectively, and establish M-1 virtual control devices.
  • each virtual control device independently runs on a separate core of the IPC multi-core controller. In this way, each virtual control device can be ensured to run in parallel and independently, without the need to queue processes on the processor. The response speed of the virtual control equipment is guaranteed, and the processing delay is greatly reduced, further ensuring the reliability of the control system.
  • the number of the one or more IPCs is determined according to the number of processes running in the control system and the number of cores of the multi-core processor.
  • the number of IPCs in the standby control device pool 102 can be clearly determined at the beginning of the configuration of the control system, and the hardware resources required by the control system can be quickly determined, which is convenient to implement.
  • the invention also provides a control device.
  • the control equipment includes:
  • the IPC hardware (201) includes a processor, a memory, a disk, and an input / output interface;
  • the multiple virtual control devices 202 1 to 202 x correspond to the main controller devices in the multiple main control devices 101 1 to 101 n respectively, and the same processes as those of the corresponding main control devices are executed thereon.
  • a universal operating system 203 for providing a configuration management program and an interface for managing multiple virtual control devices 202 1 to 202 x ;
  • the virtual machine monitor 204 runs on the hardware 201 and configures hardware resources for the virtual control devices 202 1 to 202 x .
  • an intermediate software layer can be established between the hardware of the control device and the operating system (general operating system or virtual machine).
  • the purpose is to The physical hardware of the control device is logically divided into a plurality of relatively independent parts, which are respectively allocated to different operating systems, thereby simulating one hardware device to multiple hardware devices.
  • Applying the virtual machine monitor 204 to create and manage virtual control devices can more effectively implement a soft standby scheme in which one physical device simulates multiple physical standby controllers.
  • the above processor is a multi-core processor with M cores, where M is an integer greater than 1; wherein the general operating system 203 is run on one core of the multi-core processor; and M- 1 virtual machine, establish M-1 virtual control devices.
  • each virtual control device independently runs on a separate core of the IPC multi-core controller. In this way, each virtual control device can be ensured to run in parallel and independently without the need to queue processes on the processor, thereby The response speed of the virtual control equipment is guaranteed, and the processing delay is greatly reduced, further ensuring the reliability of the control system.
  • the invention also discloses a redundant hot standby method, which is applied to an industrial control computer running at least one virtual control device.
  • the method includes:
  • Each virtual control device of the at least one virtual control device periodically receives a heartbeat signal from a corresponding master control device through a control bus of the control system; wherein the at least one virtual control device is separately connected to at least one of the control systems.
  • One master control device corresponds one-to-one and each virtual control device runs the same process as its corresponding master control device;
  • a virtual control device When a virtual control device does not receive a heartbeat signal from its corresponding main control device through the control bus within a predetermined time, it outputs its own output signal to the corresponding field in the control system through the field bus of the control system. device.
  • the number of IPCs as backup control devices in the control system is much smaller than the main control in the control system.
  • the number of devices That is, from the number of physical devices, the number of IPCs as backup control devices is much smaller than the number of main control devices.
  • the running at least one virtual control device includes: running a virtual machine monitor on the hardware of the industrial control computer; and running a general-purpose operating system on the virtual machine monitor, wherein, the The universal operating system provides a configuration management program and a configuration management interface; and through the configuration management interface, at least one virtual machine is run on the virtual machine monitor as the at least one virtual control device.
  • an intermediate software layer can be established between the physical hardware of the IPC and the operating system (a general operating system or a virtual machine), the purpose of which is to convert the IPC's
  • the physical hardware is logically divided into a plurality of relatively independent parts, which are respectively allocated to different operating systems, thereby achieving the purpose of simulating multiple hardware devices by one hardware device.
  • the at least one virtual machine created may correspond to the at least one core of the multi-core processor, respectively.
  • each virtual control device created can run independently on a separate core of the above multi-core controller.
  • each virtual control device can be ensured to run in parallel and independently without the need to queue processes on the processor.
  • the response speed of the virtual control equipment is guaranteed, the processing delay is greatly reduced, and the reliability of the control system is guaranteed.
  • An embodiment of the present application further provides a computer-readable storage medium having a computer program stored thereon, and implementing the above-mentioned redundant hot standby method when the processor executes the computer program.
  • FIG. 1 is a schematic structural diagram of a redundant hot standby control system according to an embodiment of the present application
  • FIG. 2 is a schematic diagram of an internal logical structure of an IPC in the standby control device pool 102 according to an embodiment of the present application;
  • FIG. 3 is a schematic flowchart of a redundant hot standby method according to an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a specific method for establishing x virtual control devices on an industrial control computer as a backup control device according to an embodiment of the present application.
  • the traditional redundant hot standby control system sets up a backup controller for each key master controller in the system, such as a programmable logic controller (PLC) in the system, and establishes a master controller and a backup controller.
  • PLC programmable logic controller
  • PLC programmable logic controller
  • the embodiments of the present application provide a redundant hot standby control system based on a backup control device pool, which can greatly reduce the hardware cost of the control system while ensuring the reliability of the control system.
  • FIG. 1 is a schematic structural diagram of a redundant hot standby control system according to an embodiment of the present application.
  • the redundant hot standby control system includes the following components: a plurality of main control devices 101 1 to 101 n , a backup control device pool 102, a control bus 103, a field bus 104, and a plurality of field devices 105.
  • n is a natural number greater than 1.
  • each of the plurality of main control devices 101 1 to 101 n runs a process of a control system.
  • the main control devices 101 1 to 101 n may specifically be control devices used in a process control field such as a PLC or a distributed control system (DCS).
  • a process control field such as a PLC or a distributed control system (DCS).
  • DCS distributed control system
  • the above-mentioned standby control device pool 102 may specifically be composed of one or more industrial control computers (IPCs).
  • IPCs industrial control computers
  • multiple virtual control devices can be established on one IPC of the standby control device pool 102 at the same time, so that multiple virtual control devices established on the one or more IPCs can be separately connected with the multiple main control devices 101 1 to 101 n corresponds one-to-one, and each virtual control device runs the same process as its corresponding main control device, thereby serving as standby control devices for its corresponding main control devices 101 1 to 101 n , respectively.
  • each IPC is provided with multiple virtual control devices, in the embodiment of the present application, it can be ensured that the number of IPCs included in the standby control device pool 102 is much smaller than the main control devices 101 1 to 101 n quantity. That is, from the number of physical devices, the number of IPCs as backup control devices is much smaller than the number of main control devices.
  • the control bus 103 is used to connect one or more IPCs in the plurality of main control devices 101 1 to 101 n and the backup control device pool 102 to realize the plurality of main control devices 101 1 to 101 n and the one or more IPCs. Communication between multiple virtual control devices established on multiple IPCs.
  • the virtual control device may be a soft PLC or a virtual PLC (Soft PLC).
  • control bus 103 may be used to complete fault detection of a plurality of main control devices 101 1 to 101 n and a plurality of virtual control devices.
  • the control bus 103 is further configured to connect the plurality of main control devices 101 1 to 101 n , the one or more IPCs in the backup control device pool 102, and the one or more central control devices 106.
  • the one or more central control devices 106 may obtain the working state information of the plurality of main control devices 101 1 to 101 n and the plurality of virtual control devices through the control bus 103, thereby realizing the plurality of main control devices 101 1 to ⁇ 101 n, the spare pool configuration control device, monitoring, and management 102.
  • the central control device 106 is usually located in the central control room and provides a configuration and management human-machine interaction interface for the entire control system.
  • the above-mentioned central control device 106 may also be referred to as an upper computer (Upper Computers).
  • the central control device 106 may be implemented by one or more computers.
  • the central control device 106 may also be implemented through the cloud.
  • each of the main control devices 101 1 to 101 n may periodically send a heartbeat signal to its corresponding virtual control device through the control bus 103, respectively.
  • the virtual control device determines whether the corresponding main control device is in a normal working state according to the received heartbeat signal of the virtual control device.
  • the heartbeat signal (Heartbeat) is a periodic signal that is generated by computer hardware or software and is used to indicate that the computer system is in a normal working state or to perform synchronization.
  • the above-mentioned heartbeat signal may be specifically implemented by a pulse signal.
  • the above-mentioned heartbeat signal may also be specifically passed through Coded pulse signal to achieve.
  • the virtual control device if the virtual control device does not receive the heartbeat signal of the corresponding main control device on the control bus 103 within a predetermined time, it can be determined that the corresponding main control device is faulty. At this time, the The virtual control device can immediately take over its corresponding main control device to control the field bus 104 for output.
  • the redundant hot standby control system may further include one or more central control devices 106.
  • the central control device 106 is connected to the main control devices 101 1 to 101 n and one or more IPCs in the above-mentioned backup control device pool 102 through a control bus 103.
  • the virtual control device determines that the corresponding main control device is faulty, it can report the fault information of the main control device to the one or more central control devices 106 through the control bus 103, thereby ensuring the continuity of the control system operation and achieving Control system fault monitoring and alarm.
  • control bus 103 may be implemented using a standard bus based on industrial Ethernet technology.
  • control bus 103 may use a PROFINET bus standard conforming to the PROFIBUS International (PI) standard or A bus implementation conforming to the Ethernet Control Automation Technology (EtherCAT) bus standard.
  • PI PROFIBUS International
  • EtherCAT Ethernet Control Automation Technology
  • the field bus 104 is used to connect the plurality of main control devices 101 1 to 101 n , the one or more IPCs in the backup control device pool 102, and the plurality of field devices 105 to implement a plurality of main control devices 101 1 to 101 n Communication between a plurality of virtual control devices and the plurality of field devices 105 described above.
  • the above-mentioned field bus 104 can realize the synchronization of the input and output of the field device 105 by the main control device and its corresponding virtual control device, so that one of the main control device and its corresponding virtual control device corresponds to the The field device 105 performs control.
  • the above-mentioned field device 105 can also be called an I / O device, so the synchronization of the field bus can also be called IO synchronization.
  • the operations on the field bus 104 can be divided into two parts: reading data from and writing data to each field device 105.
  • reading data from the field device 105 usually does not require synchronization, and writing to the field device 105 Data needs to be synchronized.
  • Commonly used write data synchronization methods include: (1) Third-party arbitration law. With this method, both the main control device and the backup control device can send write signals. Instead of directly connecting the field device 105, a bus arbitration device is connected. The bus arbitration device decides whose signal to forward to the field device 105; (2) The standby control device does not send a write signal under normal working conditions, but autonomously listens to the heartbeat signal of the main control device, and listens to the master when it is detected by mistake. After the heartbeat signal of the control device, the backup control device judges that the main control device has failed, and sends a write signal to the field device 105.
  • the above-mentioned field bus 104 may also be implemented using a standard bus based on industrial Ethernet technology.
  • the above-mentioned field bus 104 may use a PROFINET bus standard or EtherCAT Bus standard bus implementation.
  • the above control bus 103 and field bus 104 ensure fault detection of the main control device and the corresponding virtual control device, so that one of the main control device and its corresponding virtual control device controls its corresponding field device 105, and ensures the control Continuity of system operation.
  • the one or more central control devices 106 can obtain the status information of one or more IPCs in the plurality of main control devices 101 1 to 101 n and the backup control device pool 102 through the control bus 103, such as the active / standby status. Information and equipment failure information.
  • the one or more central control devices 106 may also provide the administrator of the control system with an interface for configuring, monitoring, and managing the main control devices 101 1 to 101 n and the backup control device pool 102, so that the administrator of the control system can pass the The interface realizes the configuration, monitoring, and management of the plurality of main control devices 101 1 to 101 n and the backup control device pool 102.
  • an IPC can simultaneously serve as multiple master control devices respectively.
  • Backup control equipment thereby changing the traditional redundant hot standby solution, the number of active and standby controllers must be 1: 1 backup mode, into a physical device hot backup of multiple primary control devices at the same time.
  • multiple physical backup control devices virtual control devices simulated by one physical backup control device (IPC) can also be referred to as soft backup control devices.
  • the main control devices 101 1 to 101 n , the backup control device pool 102, the field devices 105 and the central control device 106 are all connected via a control bus and / Or the field bus is connected to each other, this bus-type connection method is simpler.
  • the field bus 104 can be implemented using a standard industrial Ethernet technology-based bus. Both the main controller and the standby controller in a traditional redundant hot standby control system need to be connected to their corresponding field devices separately. Compared with the connection mode, fewer connections are required, so the hardware resources of the control system can be further saved, and the hardware cost of the control system can be reduced.
  • FIG. 2 shows an internal logic structure of the IPC according to the embodiment of the present application.
  • an IPC may include the following parts: IPC hardware 201, multiple virtual control devices 202 1 to 202 x , a general operating system (GPOS) 203, and a virtual machine monitor 204 .
  • GPOS general operating system
  • x is a natural number that is large and 1.
  • the IPC hardware 201 may include a processor, a memory, a disk, and an input / output (I / O) interface.
  • each virtual control device 202 1 ⁇ 202 x has a one-to-one correspondence with the x main controller devices in the control system, and each virtual control device 202 1 ⁇ 202 x can run separately. same master control device key process corresponding thereto, i.e., each virtual control apparatus 202 1 ⁇ 202 x can be used as a backup control apparatus which corresponds to the main control apparatus 101 1 ⁇ 102 x's.
  • the number of virtual control devices x that can be established in one IPC must be greater than or equal to the number n of main control devices in the control system.
  • the control system needs one such IPC to achieve redundancy for all n main control devices Hot Standby.
  • the control system can use multiple IPCs to implement redundant hot standby for all n main control devices .
  • the virtual control devices 202 1 to 202 x may be implemented in a virtual machine manner.
  • the virtual machine can run on the virtual machine monitor 204 and is configured and managed by a general operating system (GPOS) 203.
  • GPOS general operating system
  • the above-mentioned GPOS 203 is a general-purpose operating system, and provides a configuration management program and an interface for managing all virtual control devices 202 1 to 202 x .
  • the administrator of the control system can complete the configuration and management of all virtual control devices 202 1 to 202 x through the interface provided by GPOS 203.
  • GPOS 203 can also monitor and control the active / standby status of the virtual control devices 202 1 to 202 x . For example, when GPOS 203 monitors a master control device through the control bus 103, it can set the active / standby status of its corresponding virtual control device from "standby" to "active", and further can virtual control device The main active state is reported to the central control device 106 through the control bus 103. In this way, GPOS 203 can ensure that only one control device (the main control device or the corresponding virtual control device) of the control system can control the field device 105 in the control system.
  • an intermediate software layer can be established between the physical hardware of the IPC and the operating system (general operating system or virtual machine).
  • the purpose is to
  • the physical hardware of the IPC is logically divided into a plurality of relatively independent parts, which are respectively allocated to different operating systems, thereby achieving the purpose of simulating multiple hardware devices by one hardware device.
  • Hypervisor is an intermediate software layer that runs between physical hardware and operating system, and can be used as a virtual machine monitor to allow multiple operating systems and applications to share hardware. Hypervisor is usually applied to the server and can access all physical hardware devices on the server including disks and memory. When the server starts and executes the hypervisor, it loads the operating system of all virtual machine clients and allocates the appropriate amount of memory, processors, network resources, and disk hardware resources to each virtual machine.
  • the Hypervisor technology can be applied to run the Hypervisor on the IPC to create and manage multiple virtual machines, and the multiple virtual machines can respectively implement the multiple virtual control devices.
  • the above hypervisor 204 runs directly on the IPC hardware 201, controls the IPC hardware 201, and allocates appropriate hardware resources to the virtual control devices 202 1 to 202 x . It can be seen that by running Hypervisor on IPC to create and manage virtual control devices, it is possible to more effectively implement a soft standby solution in which one physical device simulates multiple physical standby controllers.
  • multiple virtual control devices can be created on one IPC, it is possible to hot backup multiple main control devices from one physical device at the same time to reduce the cost of the system.
  • IPC's limited CPU resources may occur.
  • the virtual control equipment handles the problem of delay, which causes the timely switching between the active / standby controllers, which reduces the reliability of the system. For this reason, in the embodiments of the present application, in order to ensure that when a main control device fails, its standby virtual control device can quickly take over the main control device and reduce the processing delay of the virtual control device.
  • a multi-core processor may be used. To achieve this.
  • the processor of each IPC is a multi-core processor.
  • the processor will have 4 cores; if the above-mentioned IPC With Intel Core i9 as its processor, the processor will have 10 cores.
  • the multi-core processor has M computing engines (cores), where M is a natural number greater than 1. Then, in the embodiment of the present application, GPOS 203 may be run on one core of the multi-core processor, and M-1 virtual machines may be run on the remaining M-1 computing engines, respectively.
  • the M-1 virtual machines have a one-to-one correspondence with the M-1 main control devices of the plurality of main controller devices 101 1 to 101 n , and each virtual machine runs a corresponding one respectively.
  • the control device becomes the standby main control device.
  • GPOS 203 provides an interface for configuring and managing the M-1 virtual control devices 202 1 ⁇ 202 M-1 . Administrators can complete the configuration of all virtual control devices 202 1 ⁇ 202 M-1 through the interface provided by GPOS 203. And management, for example, mapping each virtual control device 202 1 to 202 M-1 with M-1 cores of a multi-core processor, and so on.
  • the number of virtual control devices established on an IPC is related to the number of cores of its multi-core processor. It can thus be determined that, in the embodiment of the present application, the number of IPCs included in the standby control device pool 102 is related to the number of key processes running in the control system and the number of cores of the multi-core processor of the IPC. Specifically, the number of IPCs included in the standby control device pool 102 can be calculated according to the number of key processes running in the control system and the number of cores of the multi-core processor of the IPC.
  • control system will contain N main controllers 101 1 ⁇ 101 N , and its standby control device pool 102 will contain CEIL (N / (M-1)) IPCs, where CEIL () represents the rounding function upward, that is, The return value is the smallest integer greater than or equal to the specified expression in parentheses.
  • the method of the present application can greatly reduce the number of standby control equipment and save the hardware cost of the control system, especially when the number of key processes of the control system is large, this kind of redundant heat based on soft standby control equipment
  • the standby system can greatly save system hardware costs.
  • each virtual control device independently runs on a separate core of the IPC multi-core controller. In this way, each virtual control device can be ensured to run in parallel and independently, without the need to queue processes on the processor. Processing, thereby ensuring the response speed of the virtual control equipment, greatly reducing the processing delay, and ensuring the reliability of the control system.
  • this embodiment is only an example of the present invention.
  • the present invention is not limited to only one virtual control device (virtual machine) on a processor core.
  • the nature requires that one or more virtual control devices be established on a processor core, thereby further reducing the number of IPCs required by the control system or reducing the number of IPC processor cores in order to further reduce the hardware cost of the control system.
  • an embodiment of the present application also discloses a control device, which can be used as a backup control device of the control system.
  • the internal logic structure of the control device is shown in FIG. 2 and may include the following parts: hardware 201, a plurality of virtual control devices 202 1 to 202 x , a general operating system (GPOS) 203, and a virtual machine monitor 204.
  • GPOS general operating system
  • the specific function, structure, and implementation of each component are as described above, and are not repeated here.
  • an intermediate software layer can be established between the hardware of the industrial control computer and the operating system (general operating system or virtual machine), the purpose of which is to
  • the physical hardware of the industrial control computer is logically divided into a plurality of relatively independent parts, which are respectively allocated to different operating systems, thereby simulating one hardware device to multiple hardware devices.
  • the virtual machine monitor 204 may be a hypervisor. Applying Hypervisor technology as the virtual machine monitor 204 to create and manage virtual control devices can more effectively implement a soft standby solution in which one physical device simulates multiple physical standby controllers.
  • the processor in the above-mentioned industrial control computer hardware may be a multi-core processor with M cores, where M is an integer greater than 1, and wherein the general purpose is run on one core of the multi-core processor.
  • each virtual control device can run independently on a separate core of the IPC multi-core controller. In this way, each virtual control device can be ensured to run in parallel and independently, without the need to queue processes in the processor. As a result, the response speed of the virtual control device is guaranteed, and the processing delay is greatly reduced, further ensuring the reliability of the control system.
  • an embodiment of the present application also discloses a redundant hot standby method, which is applied to an industrial control computer (IPC) running at least one virtual control device.
  • FIG. 3 shows a flowchart of a redundant hot standby method according to an embodiment of the present application.
  • the method includes: Step 301: Each virtual control device in the at least one virtual control device periodically receives a heartbeat signal from a corresponding main control device through a control bus of a control system.
  • the at least one virtual control device corresponds to at least one main control device in the control system, and each virtual control device runs the same process as its corresponding main control device.
  • Step 302 When a virtual control device does not receive a heartbeat signal from its corresponding main control device through the control bus within a predetermined time, it outputs its own output signal to the corresponding control system in the control system's field bus. Field equipment.
  • the virtual control device may determine that its corresponding main control device has failed, and reset itself.
  • the active / standby status of is changed from "standby" to "active”, and the above-mentioned active / standby status information can be further fed back to the central control device of the control system through the control bus.
  • the number of IPCs as backup control devices in the control system is much smaller than the number of main control devices in the control system. That is, from the number of physical devices, the number of IPCs as backup control devices is much smaller than the number of main control devices. Thus greatly reducing the hardware cost of the control system.
  • At least one virtual control device is run on the above-mentioned industrial control computer as a backup control device.
  • a specific implementation method thereof may be shown in FIG. 4 and specifically includes the following steps:
  • Step 3011 Run a virtual machine monitor on the hardware of the industrial control computer
  • Step 3012 Run a general operating system on the virtual machine monitor, wherein the general operating system provides a configuration management interface;
  • Step 3013 Run at least one virtual machine on the virtual machine monitor through the configuration management interface as the at least one virtual control device.
  • an intermediate software layer can be established between the physical hardware of the IPC and the operating system (general operating system or virtual machine).
  • the physical hardware of the IPC is logically divided into a plurality of relatively independent parts, which are respectively allocated to different operating systems, thereby achieving the purpose of simulating multiple hardware devices by one hardware device.
  • the above-mentioned virtual machine monitor may apply Hypervisor technology, that is, directly run the Hypervisor on the industrial control computer hardware 201, control the industrial control computer hardware, and allocate an appropriate amount of virtual machine to each Hardware resources. It can be seen that by running a hypervisor on an industrial control computer to create and manage virtual control devices, it is possible to more effectively implement a soft standby solution in which one physical device simulates multiple physical standby controllers.
  • the processor of the industrial control computer is a multi-core processor
  • the x virtual machines can respectively correspond to the x cores of the multi-core processor.
  • each virtual control device created can run independently on a separate core of the above multi-core controller.
  • each virtual control device can be ensured to run in parallel and independently without the need to queue processes on the processor.
  • the response speed of the virtual control equipment is guaranteed, the processing delay is greatly reduced, and the reliability of the control system is guaranteed.
  • this embodiment is only an example of the present invention.
  • the present invention is not limited to only one virtual control device (virtual machine) on a processor core.
  • the nature requires that one or more virtual control devices be established on a processor core, thereby further reducing the number of IPCs required by the control system or reducing the number of IPC processor cores in order to further reduce the hardware cost of the control system.
  • An embodiment of the present application further provides a computer-readable storage medium on which a computer program is stored.
  • the processor executes the computer program, the foregoing redundant hot standby method can be implemented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Manufacturing & Machinery (AREA)
  • Automation & Control Theory (AREA)
  • Hardware Redundancy (AREA)

Abstract

一种冗余热备控制系统,包括:多个主控制设备(101 1~101n),其上分别运行控制系统的一个过程;备用控制设备池(102),由一个或者多个工业控制计算机(IPC)组成;其中,在至少一个IPC上建立多个虚拟控制设备,且在一个或者多个IPC上建立的多个虚拟控制设备分别与多个主控制设备(101 1~101n)一一对应,其上运行与其对应主控制设备相同的过程;控制总线(103),用于连接多个主控制设备(101 1~101n)及备用控制设备池(102)中的一个或者多个IPC;现场总线(104),用于连接多个主控制设备(101 1~101n)、备用控制设备池(102)中的一个或者多个IPC以及多个现场设备(105)。相应地,本方案还公开了控制设备,冗余热备控制方法以及计算机可读存储介质。

Description

冗余热备控制系统、方法、控制设备及计算机可读存储介质 技术领域
本发明涉及一种冗余热备控制系统、方法、控制设备及计算机可读存储介质。
背景技术
通常在工业控制系统运行时,为了提高系统的可靠性,需要对系统中关键的控制器采取冗余热备的处理方案,这样,即使在某些异常情况发生的情况下,也能保持系统的连续运行。
在传统的冗余热备控制系统中,通常会分别为系统中的每一个关键控制器(也称为主控制器)配置一个备用控制器作为备份。系统正常运行时,主控制器和备用控制器可以同时接收相同的输入信号,同时对输入信号进行处理,但是正常情况下只有主控制器可以进行输出。而当某个主控制器发生故障时,由于备用控制器也在同时运行,备用控制器可以立即取代主控制器进行输出,从而可以保证系统的连续运行。可以看出,这种冗余热备控制系统可以为工业控制系统提供极大的可靠性和卓越的便利性,然而,这种主、备控制器1∶1的设置比例也将导致系统成本的成倍增加。
发明内容
为了解决上述问题,本发明提供一种冗余热备控制系统,该冗余热备控制系统包括:至少一个主控制设备101 1~101 n其上分别运行所述冗余热备控制系统的一个过程;备用控制设备池102,包括至少一个工业控制计算机(IPC);其中,在至少一个IPC上建立多个虚拟控制设备,并且在上述至少一个IPC上建立的多个虚拟控制设备分别与所述至少一个主控制设备101 1~101 n一对应,且运行与其对应的主控制设备相同的过程;控制总线103,其连接多个主控制设备101 1~101 n以及备用控制设备池102中的一个或者多个IPC,实现多个主控制设备101 1~101 n与多个虚拟控制设备之间的通信;以及现场总线104,其连接多个主控制设备101 1~101 n、备用控制设备池102中的一个或者多个IPC以及多个现场设备105,实现所述多个主控制设备101 1~101 n、多个虚拟控制设备与多个现场设备105之间的通信。
从上述冗余热备控制系统结构可以看出,通过在一个IPC上建立多个虚拟控制设备,来模拟多个物理的控制器,使得一个IPC可以同时分别作为多个主控制设备的备用控制 设备,从而改变了传统冗余热备方案中主、备控制器数量必须1:1的备份方式,变成由一个物理设备同时热备份多个主控制设备的备份方式,从而可以在没有损失控制系统可靠性的前提下,极大降低控制系统的硬件成本。
在本申请的实施例中,控制总线103和现场总线104可由基于工业以太网技术的标准总线实现。
由此可以看出,在本申请的实施例中,主控制设备101 1~101 n、备用控制设备池102、以及现场设备105和中央控制设备106都是通过控制总线和/或现场总线相互连接的,这种总线式的连接方式更为简单。而且,现场总线104可以用标准的基于工业以太网技术的总线实现,与传统的冗余热备控制系统中主控制器和备用控制器均需要分别连接到其对应的现场设备的连接方式相比,需要更少的连接,因而可以更进一步的节约控制系统的硬件资源,降低控制系统的硬件成本。
在本申请的实施例中,上述IPC包括:
IPC硬件201;所述IPC硬件(201)包括处理器、内存、磁盘以及输入/输出接口;
多个虚拟控制设备202 1~202 x,分别与多个主控制设备101 1~101 n中的多个主控制器设备一一对应,其上运行与其对应主控制设备相同的过程;
通用操作系统203,用于提供配置管理程序以及管理所述多个虚拟控制设备202 1~202 x的接口;以及
虚拟机监视器204,运行在IPC硬件201之上,用于为虚拟控制设备202 1~202 x配置硬件资源。
在本申请实施例中,通过在所述的IPC上设置虚拟机监视器204可以在IPC的硬件和操作系统(通用操作系统或者虚拟机)之间建立一个中间的软件层,其目的是将IPC的物理硬件从逻辑上划分为多个相对独立的部分,分别配置给不同的操作系统,从而将一个硬件设备模拟多个硬件设备。
应用虚拟机监视器204来创建和管理虚拟控制设备,可以更有效地实现由一个物理设备模拟多个物理备用控制器的软备用方案。
在本申请的实施例中,上述处理器为具有M个内核的多核处理器,其中M为大于1的整数;其中,在多核处理器的一个内核上运行所述通用操作系统203;在其余M-1个内核分别运行M-1个虚拟机,建立M-1个虚拟控制设备。
在上述方案中,每个虚拟控制设备独立运行在IPC多核控制器一个单独的内核之上, 这样,可以确保各个虚拟控制设备是并行独立运行的,而不需要在处理器进行进程排队处理,从而保证了虚拟控制设备的响应速度,并极大地减小了处理时延,进一步保证了控制系统的可靠性。
在本申请的实施例中,上述一个或者多个IPC的数量根据所述控制系统中运行的过程的个数以及所述多核处理器的内核的数量确定。
通过上述方法可以在控制系统的配置之初很明确地确定备用控制设备池102中IPC的数量,可以快速确定控制系统所需的硬件资源,便于实现。
本发明还提供了一种控制设备。该控制设备包括:
硬件201;所述IPC硬件(201)包括处理器、内存、磁盘以及输入/输出接口;
多个虚拟控制设备202 1~202 x,分别与多个主控制设备101 1~101 n中的多个主控制器设备一一对应,其上运行与其对应主控制设备相同的过程;
通用操作系统203,用于提供配置管理程序以及管理多个虚拟控制设备202 1~202 x的接口;以及
虚拟机监视器204,运行在所述硬件201之上,为虚拟控制设备202 1~202 x配置硬件资源。
在本申请实施例中,通过在所述的控制设备上设置虚拟机监视器204可以在控制设备的硬件和操作系统(通用操作系统或者虚拟机)之间建立一个中间的软件层,其目的是将控制设备的物理硬件从逻辑上划分为多个相对独立的部分,分别配置给不同的操作系统,从而将一个硬件设备模拟多个硬件设备。
应用虚拟机监视器204来创建和管理虚拟控制设备,可以更有效地实现由一个物理设备模拟多个物理备用控制器的软备用方案。
上述处理器为具有M个内核的多核处理器,其中M为大于1的整数;其中,在多核处理器的一个内核上运行所述通用操作系统203;在其余M-1个内核分别运行M-1个虚拟机,建立M-1个虚拟控制设备。
在上述方案中,每个虚拟控制设备独立运行在IPC多核控制器一个单独的内核之上,这样,可以确保各个虚拟控制设备是并行独立运行的,而不需要在处理器进行进程排队处理,从而保证了虚拟控制设备的响应速度,并极大地减小了处理时延,进一步保证了控制系统的可靠性。
本发明还公开了一种冗余热备方法,应用于运行至少一个虚拟控制设备的工业控制 计算机,该方法包括:
所述至少一个虚拟控制设备中的每个虚拟控制设备分别通过控制系统的控制总线周期性地接收来自与其对应主控制设备的心跳信号;其中,所述至少一个虚拟控制设备分别与控制系统中至少一个主控制设备一一对应且每个虚拟控制设备分别运行与其对应的主控制设备相同的过程;以及
当一个虚拟控制设备在预定的时间内没有通过所述控制总线收到来自其对应主控制设备的心跳信号时,通过控制系统的现场总线将自身输出信号输出至所述控制系统中与其对应的现场设备。
在上述方法中,通过在一个工业控制计算机上设置多个虚拟控制设备,在保证控制系统可靠性的同时还可以保证控制系统中作为备用控制设备的IPC的数量远远小于该控制系统中主控制设备的数量。也即,从物理设备的数量来看,作为备用控制设备的IPC的数量远小于主控制设备的数量。从而大大降低控制系统的硬件成本。
在本申请的实施例中,上述运行至少一个虚拟控制设备包括:在上述工业控制计算机的硬件之上运行虚拟机监控器;在所述虚拟机监控器之上运行通用操作系统,其中,所述通用操作系统提供一个配置管理程序以及配置管理接口;以及通过所述配置管理接口,在所述虚拟机监控器之上运行至少一个虚拟机,作为所述至少一个虚拟控制设备。
由此,通过在所述的工业控制计算机上设置虚拟机监视器可以在IPC的物理硬件和操作系统(通用操作系统或者是虚拟机)之间建立一个中间的软件层,其目的是将IPC的物理硬件从逻辑上划分为多个相对独立的部分,分别配置给不同的操作系统,从而实现一个硬件设备模拟多个硬件设备的目的。
而且,通过在工业控制计算机上运行虚拟机监视器来创建和管理虚拟控制设备,可以更有效地实现由一个物理设备模拟多个物理备用控制器的软备用方案。
更进一步,在本申请的实施例中,当工业控制计算机的处理器为具有多个内核的多核处理器时,建立的至少一个虚拟机可以分别与多核处理器的至少一个内核一一对应。这样,建立的每个虚拟控制设备可以独立运行在上述多核控制器一个单独的内核之上,这样,可以确保各个虚拟控制设备是并行独立运行的,而不需要在处理器进行进程排队处理,从而保证了虚拟控制设备的响应速度,并极大地减小了处理时延,保证了控制系统的可靠性。
本申请的实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,在处理器执行该计算机程序时实现上述冗余热备方法。
附图说明
下面将通过参照附图详细描述本申请的优选实施例,使本领域的普通技术人员更清楚本申请的上述及其它特征和优点,附图中:
图1是本申请一个实施例所述的冗余热备控制系统结构示意图;
图2是本申请一个实施例所述的备用控制设备池102中一个IPC内部逻辑结构示意图;
图3为本申请一个实施例所述的冗余热备方法流程示意图;以及
图4为根据本申请一个实施例的在一个作为备用控制设备的工业控制计算机上建立x个虚拟控制设备的具体方法流程示意图。
其中,附图标记如下:
101 1~101 n 主控制设备
102 备用控制设备池
103 控制总线
104 现场总线
105 现场设备
106 中央控制设备
201 IPC硬件
202 1~202 x 虚拟控制设备
203 通用操作系统
204 虚拟机监视器
301~304 步骤
3011~3013 步骤
具体实施方式
为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明 一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
本发明的说明书和权利要求书中的术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。
如前文所述,传统的冗余热备控制系统对系统中的每个关键主控制器,例如系统中的可编程逻辑控制器(PLC),分别设置一个备用控制器,建立主控制器和备用控制器的1∶1对应关系,以便在主控制器发生故障的时候可以由该发生故障的主控制器对应的备用控制器立即接替其继续工作,从而保证系统的连续运行。例如,假设一控制系统中存在M个关键过程,则在该系统中通常需要设置M个PLC来分别运行这M个关键过程。而且,如果该控制系统采用传统的冗余热备技术,则还需要额外设置M个PLC分别作为上述M个PLC的备用PLC。也就是说,该控制系统中一共需要2×M个PLC来保证该控制系统的正常运行。由此可以看出,如果采用传统的冗余热备技术,控制系统所需的控制器的数量将成倍增加,从而造成系统的硬件成本的成倍增加。
为此,本申请的实施例提供了一种基于备用控制设备池的冗余热备控制系统,可以在保证控制系统可靠性的同时极大地降低控制系统的硬件成本。
图1显示了本申请一个实施例所述的冗余热备控制系统结构示意图。如图1所示,该冗余热备控制系统包含如下部件:多个主控制设备101 1~101 n、备用控制设备池102、控制总线103、现场总线104以及多个现场设备105。其中,n为大于1的自然数。
其中,上述多个主控制设备101 1~101 n上分别运行控制系统的一个过程。
在本申请的实施例中,上述主控制设备101 1~101 n具体可以是PLC或者分布式控制系统(DCS)等在过程控制领域中使用的控制设备。
在本申请的实施例中,上述备用控制设备池102具体可以由一个或者多个工业控制计算机(IPC)组成。其中,在上述备用控制设备池102的一个IPC上可同时建立多个虚拟控制设备,使得在上述一个或者多个IPC上建立的多个虚拟控制设备可分别与上述多个主控制设备101 1~101 n一一对应,且每个虚拟控制设备上运行与其对应主控制设备相同的过程,从而分别作为其对应主控制设备101 1~101 n的备用控制设备。由于,每个IPC上都设置有多个虚拟控制设备,因此,在本申请的实施例中,可以保证备用控制设备池102中所包含的IPC的数量远远小于主控制设备101 1~101 n的数量。也即,从物理设备的数量 来看,作为备用控制设备的IPC的数量远小于主控制设备的数量。
上述控制总线103用于连接上述多个主控制设备101 1~101 n以及上述备用控制设备池102中的一个或者多个IPC,实现上述多个主控制设备101 1~101 n与在上述一个或多个IPC上建立的多个虚拟控制设备之间的通信。其中,虚拟控制设备可以是软PLC或者虚拟PLC(Soft PLC)。
在本申请的实施例中,上述控制总线103可以用于完成对多个主控制设备101 1~101 n和多个虚拟控制设备的故障检测。
上述控制总线103还用于连接上述多个主控制设备101 1~101 n、上述备用控制设备池102中的一个或者多个IPC以及上述一个或者多个中央控制设备106。上述一个或者多个中央控制设备106可以通过控制总线103获取上述多个主控制设备101 1~101 n以及上述多个虚拟控制设备的工作状态信息,从而实现对上述多个主控制设备101 1~101 n、上述备用控制设备池102的配置、监控以及管理。其中,中央控制设备106通常位于中央控制室内,为整个控制系统提供配置和管理人机交互接口。通常,上述中央控制设备106还可以称为上位机(Upper Computers)。中央控制设备106可以由一个或者多个计算机实现。当然,为了实现远程控制,中央控制设备106也可以通过云(Cloud)来实现。
具体而言,在本申请的实施例中,在正常的工作状态下,每个主控制设备101 1~101 n可分别通过控制总线103周期性地发送心跳信号至其对应的虚拟控制设备,各个虚拟控制设备则根据接收的与其对应的主控制设备的心跳信号确定其对应的主控制设备是否处于正常的工作状态。在计算机科学中,心跳信号(Heartbeat)是一种周期性的信号,由计算机硬件或者软件产生,用于指示计算机系统处于正常的工作状态或者进行同步等。在本申请的实施例中,上述心跳信号具体可以通过脉冲信号来实现,此外,为了在上述心跳信号上承载更多的信息,例如,主控制设备的标识信息,上述心跳信号具体也可以通过经过编码的脉冲信号来实现。在本申请的实施例中,如果在预定时间内虚拟控制设备没有在控制总线103上收到与其对应的主控制设备的心跳信号,则可以确定其对应的主控制设备出现故障,此时,该虚拟控制设备可即刻接替其对应的主控制设备控制现场总线104进行输出。
在本申请的实施例中,上述冗余热备控制系统还可以包括一个或者多个中央控制设备106。该中央控制设备106通过控制总线103连接到主控制设备101 1~101 n以及上述备用控制设备池102中的一个或者多个IPC。当虚拟控制设备确定其对应的主控制设备出现故障时,可以通过控制总线103向上述一个或者多个中央控制设备106上报该主控制 设备的故障信息,从而保证控制系统运行的连续性,并实现控制系统故障监测和报警。
在本申请的实施例中,上述控制总线103可以用基于工业以太网技术的标准总线来实现,例如,上述控制总线103可以使用符合由PROFIBUS国际组织(PROFIBUS International,PI)推出的PROFINET总线标准或者符合以太网控制自动化技术(EtherCAT)总线标准的总线实现。
上述现场总线104用于连接上述多个主控制设备101 1~101 n、上述备用控制设备池102中的一个或者多个IPC以及多个现场设备105,实现多个主控制设备101 1~101 n、多个虚拟控制设备与上述多个现场设备105之间的通信。
在本申请的实施例中,上述现场总线104可以实现主控制设备和其对应的虚拟控制设备对现场设备105输入输出的同步,使得主控制设备和其对应的虚拟控制设备之一对其对应的现场设备105进行控制。通常,上述现场设备105也可以称为I/O设备,所以现场总线的同步也可称为IO同步。
通常,现场总线104上的操作可分为从各个现场设备105读取数据和向各个现场设备105写数据两部分,其中,从现场设备105读取数据通常不需要同步,而向现场设备105写数据需要同步。一般常用的写数据同步方法包括:(1)第三方仲裁法,采用此方法时,主控制设备和备用控制设备都可以发出写信号,不直接连接现场设备105而是连接一总线仲裁设备,由该总线仲裁设备决定采用谁的信号转发给现场设备105;(2)备用控制设备在正常的工作状态下不发送写信号,而自主侦听主控制设备的心跳信号,在误发侦听到主控制设备的心跳信号后,则备用控制设备判断主控制设备发生故障,并发送写信号至现场设备105。
与控制总线103的实现方式类似,在本申请的实施例中,上述现场总线104也可以用基于工业以太网技术的标准总线来实现,例如,上述现场总线104可以使用符合PROFINET总线标准或者符合EtherCAT总线标准的总线实现。
上述控制总线103和现场总线104保证了主控制设备和对应的虚拟控制设备的故障检测,使得主控制设备和其对应的虚拟控制设备之一对其对应的现场设备105进行控制,并且保证了控制系统运行的连续性。
上述一个或者多个中央控制设备106可以通过控制总线103获取上述多个主控制设备101 1~101 n以及上述备用控制设备池102中的一个或者多个IPC的状态信息,例如主用/备用状态信息以及设备故障信息等。上述一个或者多个中央控制设备106还可以为该控制系统的管理员提供配置、监控以及管理主控制设备101 1~101 n、备用控制设备池102的 接口,使得控制系统的管理员可以通过该接口实现对上述多个主控制设备101 1~101 n、上述备用控制设备池102的配置、监控以及管理。
从上述图1所示的冗余热备控制系统结构可以看出,通过在一个IPC上建立多个虚拟控制设备,模拟多个物理的控制器,使得一个IPC可以同时分别作为多个主控制设备的备用控制设备,从而改变了传统冗余热备方案中主、备控制器数量必须1∶1的备份方式,变成由一个物理设备同时热备份多个主控制设备的备份方式。通常,也可以将一个物理的备用控制设备(IPC)模拟出的多个物理的备用控制设备(虚拟控制设备)称为软备用控制设备。本领域的技术人员可以理解,这种基于软备用控制设备的冗余热备控制方案可以在没有损失控制系统可靠性的前提下,极大降低控制系统的硬件成本。
更近一步,由于在本申请实施例提出的冗余热备控制系统中,主控制设备101 1~101 n、备用控制设备池102、以及现场设备105和中央控制设备106都是通过控制总线和/或现场总线相互连接的,这种总线式的连接方式更为简单。
而且如前所述,现场总线104可以用标准的基于工业以太网技术的总线实现,与传统的冗余热备控制系统中主控制器和备用控制器均需要分别连接到其对应的现场设备的连接方式相比,需要更少的连接,因而可以更进一步的节约控制系统的硬件资源,降低控制系统的硬件成本。
下面再结合附图详细说明根据本申请一个实施例所述的上述备用控制设备池102中一个IPC的内部逻辑结构。
图2给出了本申请实施例所述的一个IPC内部逻辑结构。如图2所示,在本申请的一个实施例中,一个IPC可以包括以下部分:IPC硬件201、多个虚拟控制设备202 1~202 x、通用操作系统(GPOS)203以及虚拟机监视器204。其中,x为大与1的自然数。
其中,上述IPC硬件201可以包括处理器、内存、磁盘以及输入/输出(I/O)接口等。
如前所述,上述多个虚拟控制设备202 1~202 x与上述控制系统中的x个主控制器设备具有一一对应的关系,在每个虚拟控制设备202 1~202 x上可分别运行与其对应的主控制设备相同的关键过程,也即每个虚拟控制设备202 1~202 x可以作为其对应主控制设备101 1~102 x的备用控制设备。
需要说明的是,在本申请的实施例中,并不限制一个IPC内可以建立的虚拟控制设备的数量x一定要大于或者等于控制系统中的主控制设备的数量n。当控制系统中的主控制设备的数量n小于或者等于上述一个IPC内可以建立的虚拟控制设备的数量x时, 则控制系统需要一个这样的IPC就可以实现对所有n个主控制设备的冗余热备。而当控制系统中的主控制设备的数量n大于上述一个IPC内可以建立的虚拟控制设备的数量x时,则控制系统可以使用多个IPC来实现对所有n个主控制设备的冗余热备。
具体而言,在本申请的实施例中,上述虚拟控制设备202 1~202 x可以通过虚拟机的方式实现。该虚拟机可以运行在虚拟机监视器204之上,由通用操作系统(GPOS)203进行配置和管理。
上述GPOS 203是一个通用的操作系统,提供了一个配置管理程序以及管理所有虚拟控制设备202 1~202 x的接口。控制系统的管理员可以通过GPOS 203提供的接口完成对所有虚拟控制设备202 1~202 x的配置和管理。此外,GPOS 203还可以监控和控制在上述虚拟控制设备202 1~202 x的主用/备用状态。例如,在GPOS 203通过控制总线103监控到某个主控制设备故障时可以将其对应的虚拟控制设备的主用/备用状态由“备用”设置为“主用”,并可以进一步将虚拟控制设备的主用状态通过控制总线103上报给中央控制设备106。这样,GPOS 203可以确保该控制系统只有一个控制设备(主控制设备或对应的虚拟控制设备)能够控制控制系统中的现场设备105。
在本申请实施例中,通过在所述的IPC上设置虚拟机监视器204可以在IPC的物理硬件和操作系统(通用操作系统或者是虚拟机)之间建立一个中间的软件层,其目的是将IPC的物理硬件从逻辑上划分为多个相对独立的部分,分别配置给不同的操作系统,从而实现一个硬件设备模拟多个硬件设备的目的。
本领域的技术人员可以理解,Hypervisor是一种运行在物理硬件和操作系统之间的中间软件层,可作为一种虚拟机监视器允许多个操作系统和应用共享硬件。Hypervisor通常应用在服务器上,可以访问服务器上包括磁盘和内存在内的所有物理硬件设备。当服务器启动并执行Hypervisor时,它会加载所有虚拟机客户端的操作系统同时会分配给每一台虚拟机适量的内存、处理器、网络资源和磁盘硬件资源。
基于上述信息,在本申请的实施例中,可以应用Hypervisor技术,在IPC上运行Hypervisor来创建和管理多个虚拟机,并由这多个虚拟机分别实现上述多个虚拟控制设备。具体而言,上述Hypervisor204直接运行在IPC硬件201之上,控制IPC硬件201,为虚拟控制设备202 1~202 x分配适量的硬件资源。由此可以看出,通过在IPC上运行Hypervisor来创建和管理虚拟控制设备,可以更有效地实现由一个物理设备模拟多个物理备用控制器的软备用方案。
然而,虽然在一个IPC上创建多个虚拟控制设备可以实现由一台物理设备同时热备 份多个主控制设备,达到降低系统成本的目的,但是,可能会出现由于IPC的CPU资源有限所导致的虚拟控制设备处理时延的问题,从而造成主用/备用控制器之间切换不及时,降低了系统的可靠性。为此,在本申请的实施例中,为了保证在主控制设备出现故障时,其备用的虚拟控制设备能够快速地接替该主控制设备,减少虚拟控制设备的处理时延,可以采用多核处理器来实现这一目的。
下面将详细说明本申请的一个实施例所述的在IPC上建立多个虚拟控制设备202 1~202 x的方法。
具体而言,在本申请的实施例中,每个IPC的处理器均为多核处理器,例如,如果上述IPC采用英特尔酷睿i7作为其处理器,该处理器将具有4个内核;如果上述IPC采用英特尔酷睿i9作为其处理器,该处理器将具有10个内核。假设所述多核处理器具有M个计算引擎(内核),其中M为大于1的自然数。那么,在本申请的实施例中,可以在所述多核处理器的一个内核上运行GPOS 203,而在其余M-1个计算引擎上分别运行M-1个虚拟机。其中,所述M-1个虚拟机与所述多个主控制器设备101 1~101 n中的M-1个主控制设备具有一一对应的关系,且每个虚拟机上分别运行与其对应的主控制设备相同的关键过程。在这种情况下,每个虚拟机可以分别作为一个虚拟控制设备202 1~202 M-1,成为一个主控制设备的备用控制设备。而GPOS 203提供了配置和管理上述M-1个虚拟控制设备202 1~202 M-1的接口,管理员可以通过GPOS 203提供的接口完成对所有虚拟控制设备202 1~202 M-1的配置和管理,例如,将各个虚拟控制设备202 1~202 M-1与多核处理器的M-1个内核映射起来等等。
从上述在IPC上建立多个虚拟控制设备202 1~202 M-1的方法可以看出,一个IPC上建立的虚拟控制设备的数量与其多核处理器的内核数有关。如此可以确定,在本申请的实施例中,上述备用控制设备池102所包含的IPC的数量与控制系统中运行的关键过程的个数以及上述IPC的多核处理器的内核的数量有关。具体而言,上述备用控制设备池102所包含的IPC的数量可以根据控制系统中运行的关键过程的个数以及上述IPC的多核处理器的内核的数量计算得到。例如,在本申请的实施例中,假设在控制系统中存在N个关键过程,且作为备有控制设备池的一个IPC的多核处理器有M个内核,那么,在本申请的实施例中,该控制系统将包含N个主控制器101 1~101 N,其备用控制设备池102将包含CEIL(N/(M-1))个IPC,其中,CEIL()代表向上取整函数,也即其返回值为大于或者等于括号内指定表达式的最小整数。举个例子,当N=3,M=4,也即控制系统中存在3个关键过程,且作为备有控制设备池的一个IPC的多核处理器有4个计算引擎(内核) 时,本申请所述的冗余热备控制系统只需要3个主控制器设备和1个作为备用控制设备池的IPC。而传统的冗余热备系统一共需要6个控制器设备(3个主控制器设备以及3个备用控制器设备)。通过上述计算方法可以在控制系统的配置之初很明确地确定备用控制设备池102中IPC的数量,可以快速确定控制系统所需的硬件资源,便于实现。
由此可以看出,采用本申请的方法可以大大减少备用控制设备的数量,节约控制系统的硬件成本,特别是在控制系统的关键过程数量较多时,这种基于软备用控制设备的冗余热备系统可以极大地节省系统硬件成本。
并且,在上述方案中,每个虚拟控制设备独立运行在IPC的多核控制器一个单独的内核之上,这样,可以确保各个虚拟控制设备是并行独立运行的,而不需要在处理器进行进程排队处理,从而保证了虚拟控制设备的响应速度,并极大地减小了处理时延,保证了控制系统的可靠性。
当然,需要说明的是,本实施例仅仅是一个本发明的一个实例,本发明并不限制在一个处理器内核上只能建立一个虚拟控制设备(虚拟机),当然也可以根据控制系统的实时性要求选择在一个处理器内核上建立一个或者多个虚拟控制设备,从而进一步降低控制系统所需IPC的数量或者降低对IPC处理器内核数量的要求,以实现进一步降低控制系统硬件成本的目的。
对应上述冗余热备控制系统,本申请的实施例还公开了一种控制设备,可以作为控制系统的备用控制设备。该控制设备的内部逻辑结构如图2所示,可以包括以下部分:硬件201、多个虚拟控制设备202 1~202 x、通用操作系统(GPOS)203以及虚拟机监视器204。每个部件的具体功能、结构以及实现方式都如前文所述,在此不再赘述。
在本申请实施例中,通过在上述备用控制设备上设置虚拟机监视器204可以在工业控制计算机的硬件和操作系统(通用操作系统或者虚拟机)之间建立一个中间的软件层,其目的是将工业控制计算机的物理硬件从逻辑上划分为多个相对独立的部分,分别配置给不同的操作系统,从而将一个硬件设备模拟多个硬件设备。
其中,在本申请的实施例中,上述虚拟机监视器204可以为Hypervisor。应用Hypervisor技术作为虚拟机监视器204,来创建和管理虚拟控制设备,可以更有效地实现由一个物理设备模拟多个物理备用控制器的软备用方案。
在本申请的实施例中,上述工业控制计算机硬件中的处理器可以为具有M个内核的多核处理器,其中M为大于1的整数;其中,在多核处理器的一个内核上运行所述通用操作系统203;在其余M-1个内核分别运行M-1个虚拟机,建立M-1个虚拟控制设备。 在上述方案中,每个虚拟控制设备可以独立运行在IPC多核控制器一个单独的内核之上,这样,可以确保各个虚拟控制设备是并行独立运行的,而不需要在处理器进行进程排队处理,从而保证了虚拟控制设备的响应速度,并极大地减小了处理时延,进一步保证了控制系统的可靠性。
对应上述备用控制装置,本申请的实施例还公开了一种冗余热备方法,该方法应用于运行至少一个虚拟控制设备的工业控制计算机(IPC)。图3显示了本申请实施例所述的冗余热备方法的流程图。如图3所示,该方法包括:步骤301:上述至少一个虚拟控制设备中的每个虚拟控制设备分别通过控制系统的控制总线周期性地接收来自与其对应主控制设备的心跳信号。其中,上述至少一个虚拟控制设备分别与控制系统中至少一个主控制设备一一对应且每个虚拟控制设备分别运行与其对应的主控制设备相同的过程。
步骤302:当一个虚拟控制设备在预定的时间内没有通过上述控制总线收到来自其对应主控制设备的心跳信号时,通过控制系统的现场总线将自身输出信号输出至该控制系统中与其对应的现场设备。
在该步骤中,当一个虚拟控制设备在预定的时间内没有通过上述控制总线收到来自其对应主控制设备的心跳信号时,该虚拟控制设备可判定其对应的主控制设备出现故障,将自身的主用/备用状态从“备用”修改为“主用”,并可以进一步将上述主用/备用状态信息通过控制总线反馈给控制系统的中央控制设备。
在上述方法中,通过在一个工业控制计算机上设置多个虚拟控制设备,可以保证控制系统中作为备用控制设备的IPC的数量远远小于该控制系统中主控制设备的数量。也即,从物理设备的数量来看,作为备用控制设备的IPC的数量远小于主控制设备的数量。从而大大降低控制系统的硬件成本。
在本申请的实施例中,在上述作为备用控制设备的工业控制计算机上运行至少一个虚拟控制设备,其具体的实现方法可以如图4所示,具体包括如下步骤:
步骤3011:在工业控制计算机的硬件之上运行虚拟机监控器;
步骤3012:在该虚拟机监控器之上运行通用操作系统,其中,所述通用操作系统提供一个配置管理接口;
步骤3013:通过该配置管理接口,在虚拟机监控器之上运行至少一个虚拟机,作为上述至少一个虚拟控制设备。
在本申请实施例中,通过在所述的工业控制计算机上设置虚拟机监视器可以在IPC的物理硬件和操作系统(通用操作系统或者是虚拟机)之间建立一个中间的软件层,其 目的是将IPC的物理硬件从逻辑上划分为多个相对独立的部分,分别配置给不同的操作系统,从而实现一个硬件设备模拟多个硬件设备的目的。
具体而言,在本申请的实施例中,上述虚拟机监视器可以应用Hypervisor技术,也即,在工业控制计算机硬件201之上直接运行Hypervisor,控制工业控制计算机硬件,为各个虚拟机分配适量的硬件资源。由此可以看出,通过在工业控制计算机上运行Hypervisor来创建和管理虚拟控制设备,可以更有效地实现由一个物理设备模拟多个物理备用控制器的软备用方案。
更进一步,在本申请的实施例中,当工业控制计算机的处理器为多核处理器时,上述步骤3013中,建立x个虚拟机可以分别与多核处理器的x个内核一一对应。这样,建立的每个虚拟控制设备可以独立运行在上述多核控制器一个单独的内核之上,这样,可以确保各个虚拟控制设备是并行独立运行的,而不需要在处理器进行进程排队处理,从而保证了虚拟控制设备的响应速度,并极大地减小了处理时延,保证了控制系统的可靠性。
当然,需要说明的是,本实施例仅仅是一个本发明的一个实例,本发明并不限制在一个处理器内核上只能建立一个虚拟控制设备(虚拟机),当然也可以根据控制系统的实时性要求选择在一个处理器内核上建立一个或者多个虚拟控制设备,从而进一步降低控制系统所需IPC的数量或者降低对IPC处理器内核数量的要求,以实现进一步降低控制系统硬件成本的目的。
本申请的实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,在处理器执行该计算机程序时可以实现上述的冗余热备方法。
应当理解,虽然本说明书是按照各个实施例描述的,但并非每个实施例仅包含一个独立的技术方案,说明书的这种叙述方式仅仅是为清楚起见,本领域技术人员应当将说明书作为一个整体,各实施例中的技术方案也可以经适当组合,形成本领域技术人员可以理解的其他实施方式。
上文所列出的一系列的详细说明仅仅是针对本发明的可行性实施例的具体说明,它们并非用以限制本发明的保护范围,凡未脱离本发明技艺精神所作的等效实施方案或变更,如特征的组合、分割或重复,均应包含在本发明的保护范围之内。

Claims (11)

  1. 冗余热备控制系统,其特征在于,所述冗余热备控制系统包括:
    至少一个主控制设备(101 1~101 n),其上分别运行所述冗余热备控制系统的一个过程;
    备用控制设备池(102),所述备用控制设备池(102)包括至少一个工业控制计算机IPC,其中,在至少一个IPC上建立多个虚拟控制设备,且在所述至少一个IPC上建立的多个虚拟控制设备分别与所述多至少一个主控制设备(101 1~101 n)一一对应,以及运行与其对应的主控制设备相同的过程;
    控制总线(103),其连接所述多个主控制设备(101 1~101 n)、所述备用控制设备池(102)中的一个或者多个IPC;以及
    现场总线(104),其连接所述多个主控制设备(101 1~101 n)、所述备用控制设备池(102)中的一个或者多个IPC以及多个现场设备(105)。
  2. 如权利要求1所述的冗余热备控制系统,其特征在于,所述控制总线(103)和现场总线(104)由基于工业以太网技术的标准总线实现。
  3. 根据权利要求1或2所述的冗余热备控制系统,其特征在于,所述IPC包括:IPC硬件(201)、多个虚拟控制设备(202 1~202 x)、通用操作系统(203)以及虚拟机监视器(204);其中,
    所述IPC硬件(201)包括处理器;
    所述多个虚拟控制设备(202 1~202 x)分别与所述多个主控制设备(101 1~101 n)中的多个主控制器设备一一对应,其上运行与其对应主控制设备相同的过程;
    所述通用操作系统(203)用于提供配置管理程序以及管理所述多个虚拟控制设备(202 1~202 x)的接口;以及
    所述虚拟机监视器(204)运行在所述IPC硬件(201)之上,为所述虚拟控制设备(202 1~202 x)配至硬件资源。
  4. 根据权利要求3所述的冗余热备控制系统,其特征在于,所述处理器为具有M个内核的多核处理器,其中M为大于1的整数;其中,在所述多核处理器的一个内核上运行所述通用操作系统(203);在其余M-1个内核分别运行M-1个虚拟机,建立M-1个虚拟控制设备。
  5. 根据权利要求4所述的冗余热备控制系统,其特征在于,所述一个或者多个IPC的数量根据所述控制系统中运行的过程的个数以及所述多核处理器的内核的数量确定。
  6. 控制设备,其特征在于,所述控制设备包括:
    硬件(201),其包括处理器;
    多个虚拟控制设备(202 1~202 x),用于分别与所述多个主控制设备(101 1~101 n)中的多个主控制器设备一一对应,运行与其对应主控制设备相同的过程;
    通用操作系统(203),用于提供配置管理程序以及管理所述多个虚拟控制设备(202 1~202 x)的接口;以及
    虚拟机监视器(204),运行在所述硬件(201)之上,用于为所述虚拟控制设备(202 1~202 x)配置硬件资源。
  7. 根据权利要求6所述的控制设备,其特征在于,所述处理器为具有M个内核的多核处理器,其中M为大于1的整数;其中,在所述多核处理器的一个内核上运行所述通用操作系统(203);在其余M-1个内核分别运行M-1个虚拟机,建立M-1个虚拟控制设备。
  8. 冗余热备方法,应用于运行至少一个虚拟控制设备的工业控制计算机,其特征在于,该方法包括:
    所述至少一个虚拟控制设备中的每个虚拟控制设备分别通过控制系统的控制总线周期性地接收来自与其对应主控制设备的心跳信号,其中,所述至少一个虚拟控制设备分别与控制系统中至少一个主控制设备一一对应且每个虚拟控制设备分别运行与其对应的主控制设备相同的过程;以及
    当一个虚拟控制设备在预定的时间内没有通过所述控制总线收到来自其对应主控制设备的心跳信号时,通过控制系统的现场总线将自身输出信号输出至所述控制系统中与其对应的现场设备。
  9. 根据权利要求8所述的方法,其特征在于,所述运行至少一个虚拟控制设备包括:在所述工业控制计算机的硬件之上运行虚拟机监控器;在所述虚拟机监控器之上运行通用操作系统,其中,所述通用操作系统提供一个配置管理程序以及配置管理接口;以及通过所述配置管理接口,在所述虚拟机监控器之上运行至少一个虚拟机,作为所述至少一个虚拟控制设备。
  10. 根据权利要求9所述的方法,其特征在于,所述工业控制计算机的处理器为具有多个内核的多核处理器,所述至少一个虚拟机分别与多核处理器的至少一个内核一一 对应。
  11. 计算机可读存储介质,其上存储有计算机程序,其特征在于,在处理器执行所述计算机程序时实现如权利要求8~10任一项所述的冗余热备方法。
PCT/CN2018/089283 2018-05-31 2018-05-31 冗余热备控制系统、方法、控制设备及计算机可读存储介质 WO2019227401A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP18920922.4A EP3789834A4 (en) 2018-05-31 2018-05-31 BACKUP REDUNDANCY CONTROL SYSTEM, METHOD, CONTROL DEVICE AND COMPUTER READABLE INFORMATION MEDIA
PCT/CN2018/089283 WO2019227401A1 (zh) 2018-05-31 2018-05-31 冗余热备控制系统、方法、控制设备及计算机可读存储介质
US17/059,282 US12013769B2 (en) 2018-05-31 2018-05-31 Hot-standby redundancy control system, method, control apparatus, and computer readable storage medium
CN201880093866.8A CN112204482B (zh) 2018-05-31 2018-05-31 冗余热备控制系统、方法、控制设备及计算机可读存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/089283 WO2019227401A1 (zh) 2018-05-31 2018-05-31 冗余热备控制系统、方法、控制设备及计算机可读存储介质

Publications (1)

Publication Number Publication Date
WO2019227401A1 true WO2019227401A1 (zh) 2019-12-05

Family

ID=68696827

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/089283 WO2019227401A1 (zh) 2018-05-31 2018-05-31 冗余热备控制系统、方法、控制设备及计算机可读存储介质

Country Status (4)

Country Link
US (1) US12013769B2 (zh)
EP (1) EP3789834A4 (zh)
CN (1) CN112204482B (zh)
WO (1) WO2019227401A1 (zh)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113467223A (zh) * 2020-03-31 2021-10-01 霍尼韦尔国际公司 控制器的过程中迁移以利用io池
CN115037674A (zh) * 2022-05-16 2022-09-09 郑州小鸟信息科技有限公司 一种中央控制系统单机及多设备冗余备份方法
US11762742B2 (en) 2020-03-31 2023-09-19 Honeywell International Inc. Process control system with different hardware architecture controller backup
US11874938B2 (en) 2020-11-03 2024-01-16 Honeywell International Inc. Admittance mechanism
US11989084B2 (en) 2020-09-23 2024-05-21 Honeywell International Inc. Self-healing process control system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021101898A1 (en) * 2019-11-19 2021-05-27 Arris Enterprises Llc Method to support redundancy switching of virtual mac cores
CN113741248B (zh) * 2021-08-13 2023-07-14 北京和利时系统工程有限公司 一种边缘计算控制器和控制系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050256591A1 (en) * 2004-01-30 2005-11-17 Thomas Rule Virtual field controller
CN1945480A (zh) * 2006-10-17 2007-04-11 南京科远自动化集团有限公司 通用工业控制器
CN103324156A (zh) * 2012-03-23 2013-09-25 横河电机株式会社 过程控制系统

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7000069B2 (en) * 1999-04-05 2006-02-14 Hewlett-Packard Development Company, L.P. Apparatus and method for providing very large virtual storage volumes using redundant arrays of disks
US7305520B2 (en) * 2004-01-30 2007-12-04 Hewlett-Packard Development Company, L.P. Storage system with capability to allocate virtual storage segments among a plurality of controllers
US8990397B2 (en) * 2009-07-31 2015-03-24 Ntt Docomo, Inc. Resource allocation protocol for a virtualized infrastructure with reliability guarantees
CN101876926B (zh) * 2009-11-26 2012-06-20 北京航空航天大学 一种非对称结构的软件三机热备容错方法
EP2525292A1 (en) * 2011-05-20 2012-11-21 ABB Technology AG System and method for using redundancy of controller operation
US9853453B2 (en) 2012-04-20 2017-12-26 Siemens Aktiengesellschaft Wind park control system
CN103514043B (zh) 2012-06-29 2017-09-29 华为技术有限公司 多处理器系统及该系统的数据处理方法
CN102932444B (zh) * 2012-10-29 2015-11-25 上海银商资讯有限公司 金融实时交易系统中的负载均衡模块
US9424148B2 (en) * 2013-08-21 2016-08-23 Dell Products L.P. Automatic failover in modular chassis systems
US9501300B2 (en) 2013-09-16 2016-11-22 General Electric Company Control system simulation system and method
JP2016031658A (ja) 2014-07-29 2016-03-07 株式会社東芝 プラント制御装置、及びプラント制御方法
CN104869654B (zh) * 2015-04-07 2018-06-19 北京邮电大学 一种资源调配系统、基站、设备及方法
CN106572047A (zh) * 2015-10-09 2017-04-19 东软集团股份有限公司 物理网络安全设备及其控制方法
JP2017151585A (ja) 2016-02-23 2017-08-31 三菱電機株式会社 管路管理システム及び表示端末
US20180052451A1 (en) * 2016-08-19 2018-02-22 Rockwell Automation Technologies, Inc. Remote industrial automation site operation in a cloud platform
US10372561B1 (en) * 2017-06-12 2019-08-06 Amazon Technologies, Inc. Block storage relocation on failure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050256591A1 (en) * 2004-01-30 2005-11-17 Thomas Rule Virtual field controller
CN1945480A (zh) * 2006-10-17 2007-04-11 南京科远自动化集团有限公司 通用工业控制器
CN103324156A (zh) * 2012-03-23 2013-09-25 横河电机株式会社 过程控制系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3789834A4 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113467223A (zh) * 2020-03-31 2021-10-01 霍尼韦尔国际公司 控制器的过程中迁移以利用io池
EP3896538A1 (en) * 2020-03-31 2021-10-20 Honeywell International Inc. On-process migration of controller(s) to utilize an io pool
US11294843B2 (en) 2020-03-31 2022-04-05 Honeywell International Inc. On-process migration of controller(s) to utilize an IO pool
US11762742B2 (en) 2020-03-31 2023-09-19 Honeywell International Inc. Process control system with different hardware architecture controller backup
US11989084B2 (en) 2020-09-23 2024-05-21 Honeywell International Inc. Self-healing process control system
US11874938B2 (en) 2020-11-03 2024-01-16 Honeywell International Inc. Admittance mechanism
CN115037674A (zh) * 2022-05-16 2022-09-09 郑州小鸟信息科技有限公司 一种中央控制系统单机及多设备冗余备份方法
CN115037674B (zh) * 2022-05-16 2023-08-22 郑州小鸟信息科技有限公司 一种中央控制系统单机及多设备冗余备份方法

Also Published As

Publication number Publication date
EP3789834A1 (en) 2021-03-10
US12013769B2 (en) 2024-06-18
EP3789834A4 (en) 2022-04-13
US20210216417A1 (en) 2021-07-15
CN112204482A (zh) 2021-01-08
CN112204482B (zh) 2024-07-26

Similar Documents

Publication Publication Date Title
WO2019227401A1 (zh) 冗余热备控制系统、方法、控制设备及计算机可读存储介质
WO2020047780A1 (zh) 冗余热备控制系统、控制设备、冗余热备方法及计算机可读存储介质
US20200104222A1 (en) Systems and methods for managing server cluster environments and providing failure recovery therein
US3303474A (en) Duplexing system for controlling online and standby conditions of two computers
US9423956B2 (en) Emulating a stretched storage device using a shared storage device
US9183101B2 (en) High availability across geographically disjoint clusters
US10331470B2 (en) Virtual machine creation according to a redundancy policy
EP2614436A2 (en) Controlled automatic healing of data-center services
CN105159851A (zh) 多控存储系统
JP6299640B2 (ja) 通信装置
US9442811B2 (en) Emulating a stretched storage device using a shared replicated storage device
CN108984320A (zh) 一种消息队列集群防脑裂方法及装置
CN114189429B (zh) 一种服务器集群故障的监测系统、方法、装置及介质
CN114531373A (zh) 节点状态检测方法、节点状态检测装置、设备及介质
CN112000286B (zh) 一种四控全闪存储系统及其故障处理方法、装置
CN118214648A (zh) 一种双机热备的管理方法及计算设备
TW202001556A (zh) 虛擬機器群組的容錯方法及其容錯系統
CN113626147A (zh) 基于虚拟化技术的海洋平台计算机控制方法及系统
CN111740864A (zh) 一种带外网口切换管理方法及系统
CN111026239B (zh) 服务器和用于控制cpu的方法
CN115473761B (zh) 基于dcs系统的can总线的通信方法、系统、设备及介质
CN114124651B (zh) 云平台管理节点的控制方法、装置及云平台服务器集群
US11947431B1 (en) Replication data facility failure detection and failover automation
JP2019040331A (ja) 分散制御システムおよびノード
CN117520060A (zh) 基于zfs的双机集群高可用的实现方法、装置及计算机设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18920922

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018920922

Country of ref document: EP

Effective date: 20201130