1. Introduction
In order to improve system availability and its tolerance to failures, SCADA systems with redundant architecture are commonly chosen for servers, controllers, and other devices.
A typical redundant architecture can be seen in the chart below:
In this scenario, it is important to make some considerations on how Hot Standby works and on how it must be configured properly under these conditions.
Hot Standby settings are based on the server machines’ names and on integrity IPs to identify to identify the statuses in each server. With this information, the server decides whether to remain active or to go on standby.
Basically, each server checks its pair and the integrity IPs in it, according to the rules described in the table below:
Since each machine is linked to a single IP, you cannot set up these two servers with two distinct IPs, one in each controller, because it would keep hot-standby from working. If there is more than one IP in the same server, the servers may not be able to find their pairs, yet both will continue accessing the integrity IPs when one of the controllers stops answering; or then they will continue accessing their partner machines, but not the integrity IPs. Therefore, it could be possible for both servers to be simultaneously Active or in standby.
To avert this type of situation, we recommend using controllers that support NIC Team. Most servers, such as Intel and Broadcom, already have this type of controllers.
2. NIC TEAM settings
In the following example, a team will be created based on Intel controller, model Intel Pro 1000 PT Dual Port Gigabit. To do so, follow these procedures:
1. Access the Device Manager and select the folder Network Adapters.
2. Access the controller’s properties supporting the team.
3. Access Teaming tab and enable Team this adapter with others adapters option.
4. Create a new team via New Team button.
5. On the next window, select the controllers that will be part of the team.
6. On the next window, select Adapter Fault Tolerance option as the team type.
7. Move to the next window and finish the setup.
8. Notice a new network adapter has been created with the name of the established team.
3. Network settings
Depending on the installed IT structure, we must follow one of the following paths: 1) when the network has a network Domain with a DNS server; or 2) when there is no domain, only a taskforce.
3.1. Domain with DNS
In the system, the DNS server is responsible for keeping a list with the machines’ names, and for assigning IPs to said names. Therefore, each machine will receive its IP automatically, and you will only need to confirm that the network adapter is enabled to be automatically set up, according to the following instructions:
1. Access the window that contains the network adapters.
2. Access the adapter’s settings with the recently created team.
3. Access the properties at Internet Protocol Version 4 (TCP/IPv4) option.
4. Check whether Obtain an IP address automatically option on General tab is enabled.
3.2. Taskforce with no DNS
When there is no DNS server in the system, you will need to set up the network IP manually, in addition to recording in each machine the list with the names and IPs of all machines on the network.
3.2.1. Setting up the IP manually
1. Follow steps 1, 2, and 3 from item 3.1.
2. On Internet Protocol Version 4 (TCP/IPv4) properties window, set up Use the following IP address option on General tab. You must use the same IP number available on the network.
3.2.2. Registering the machine’s name and IP
Both the machine’s name and IP are recorded in the hosts file, at C:\Windows\System32\Drivers\etc\
This file has documentation on how to set them up, but basically what you must do is to add a new line with its IP and name to the end of the file. For each server taking part in Hot-Standby, a new line will have to be created.
The same settings must be replicated in all computers involved in the application, in the Elipse servers, and in the Viewer machines.
3.2.3. Setting up Hot-Standby
The Hot-Standby must be set up as described in the product’s manual; however, with systems with redundant networks, you should register several integrity IPs, as seen next.
These settings make your solution safer, because the servers will only regard the network as faulty (or inaccessible) if all those IPs stop answering (or become inaccessible), thus avoiding any failures in an integrity device to interfere with the supervisory.