阅读说明：本技术 自动化系统、创建自动化系统的方法和计算机可读介质 (Automation system, method for creating an automation system, and computer-readable medium ) 是由 托马斯·格罗施 于 2020-09-30 设计创作，主要内容包括：本发明涉及自动化系统、创建自动化系统的方法、和计算机可读介质,自动化系统包括至少一个待控制的、设立在设施位置处的自动化设施以及两个经由同步路径彼此以通信技术耦联的控制应用程序,控制应用程序的计算资源被设置在不同的位置处,控制应用程序经由因特网或类似的计算机网络与自动化设施以通信技术连接,控制应用程序中的一个作为主机工作并且另一个作为备用机工作,当作为主机工作的控制应用程序发生故障时,作为备用机工作的控制应用程序接管其作为主机工作的功能,针对控制应用程序选择计算资源的位置,使得控制应用程序经由两个不同的、优选不具有共同的通信节点或具有最小数量的共同的通信节点的通信路径与自动化设施连接。(The invention relates to an automation system, a method for creating an automation system, and a computer-readable medium, the automation system comprising at least one automation installation to be controlled, which is set up at a installation location, and two control applications which are communicatively coupled to one another via a synchronization path, the computing resources of the control applications being arranged at different locations, the control applications being communicatively connected to the automation installation via the Internet or a similar computer network, one of the control applications operating as a master and the other as a backup, the control application operating as a backup taking over its function of operating as a master in the event of a failure of the control application operating as a master, the location of the computing resources being selected for the control applications such that the control applications communicate with the automation installation via two different communication paths which preferably do not have a common communication node or have a minimum number of common communication nodes And connecting chemical facilities.)

1. Redundant automation system (1) comprising at least one automation installation (2) to be controlled, which is set up at an installation location, and two control applications (7) which are communicatively coupled to one another via a synchronization path (8) and are provided for controlling the automation installation (2) and form part of a cloud computing structure, the computing resources of which are provided at different locations and which are communicatively connected to the automation installation (2) via the internet or a similar computer network, wherein the internet or the similar computer network has a plurality of communication nodes (4) and communication paths (5) which connect the communication nodes to one another, wherein one of the control applications (7) operates as a host and the other control application (7) operates as a backup, wherein, in the event of a failure of the control application (7) operating as a master, the control application (7) operating as a backup takes over the function of the control application operating as a master, and wherein the location of the computing resources is selected for the control application (7) such that the control application (7) is connected to the automation installation (2) via two different communication paths (5) which preferably do not have a common communication node or have a minimum number of common communication nodes (4).

2. The automation system (1) according to claim 1, characterised in that the synchronization path (8) connecting the control applications (7) to each other is a communication path (5) of the internet or of the similar computer network, wherein the synchronization path (8) and the two communication paths (5) connecting the control applications (7) with the automation installation (2) do not have a common communication node or have a minimum number of common communication nodes (4).

3. Automation system (1) according to claim 1 or 2, characterized in that the computing resource for the control application (7) is a computing center (6).

4. Automation system (1) according to one of the preceding claims, characterized in that the computing resources for control applications (7) are decoupled from each other with respect to energy supply.

5. Method for creating a redundant automation system (1), in particular according to one of the preceding claims, wherein the method has the following steps:

a) providing information about the network topology of the internet or similar computer network, including information about the structure of said internet or similar computer network for communication nodes (4) and about communication paths (5) connecting said communication nodes to each other;

b) providing information about a computing center (6) present within the network topology, the information comprising information about a location of the computing center;

c) identifying a facility location of an automation facility (2) to be controlled within the network topology;

d) identifying at least one pair of computation centers (6) which can be connected within the network topology to the automation installation (2) via the communication paths (5) and which have a minimum number of crossing and/or common communication nodes (4), in particular no crossing and/or common communication nodes (4); and is

e) Selecting the pair of computation centers (6) identified in step d) comprises selecting the affiliated communication path (5).

6. Method according to claim 5, characterized in that in step b) additional information about the power supply and/or about the current load factor and/or about the computing capacity of the computing center (6) is provided and in step e) the selection is made taking into account at least one of the additional information.

7. Method according to claim 5 or 6, characterized in that it has the further step of:

f) providing two control applications (7) which are provided for controlling the automation installation (2), wherein the control applications (7) are provided such that one of the control applications (7) operates as a master and the other control application (7) operates as a backup, and, in the event of a failure of the control application (7) operating as a master, the control application (7) operating as a backup takes over the function of the control application operating as a master;

g) storing the control application (7) in the computing center (6) selected in step e);

h) coupling the control application (7) via a synchronization path (8); and is

i) Connecting the control application (7) to the automation installation (2) via the communication path (5) selected in step e).

8. The method according to claim 7, characterized in that the synchronization path (8) selected in step h) is selected such that the synchronization path (8) and the two communication paths (5) connecting the control application (7) to the automation installation (2) do not have a common communication node or have a minimum number of common communication nodes (4).

9. A computer-readable medium, on which a computer program comprising program code means is stored, which, when said computer program is executed on at least one computer, causes the at least one computer to carry out the steps of the method according to any one of claims 5 to 8.

10. A computer-readable medium comprising instructions which, when executed on at least one computer, cause the at least one computer to perform the steps of the method according to any one of claims 5 to 8.

Technical Field

The invention relates to a redundant automation system comprising at least one automation installation to be controlled, which is set up at an installation location and has associated peripheral units, and two control applications for controlling the automation installation, which are communicatively coupled to one another and communicatively connected to the automation installation via a synchronization path. One of the control applications operates as a host and the other control application operates as a backup, wherein the control application operating as a backup takes over its function of operating as a host in the event of a failure of the control application operating as a host. The invention further relates to a method for creating such a redundant automation system. The invention also relates to a computer program and a computer readable medium for performing the method.

Background

In automation environments, there is an increasing demand for high-availability solutions which are suitable for minimizing the possible downtime of automation installations. Against this background, automation systems of the type mentioned at the outset have already been proposed. The automation system is characterized in that: the two control applications synchronized with one another are connected to the peripheral unit of the automation installation, so that the function of the control application operating as a master can be taken over at any time in the event of a failure by the control application operating as a backup. With regard to the frequency of synchronization and the synchronization range, it is possible to distinguish between different performances, in particular warm standby and hot standby.

Recently, the feasibility of placing control applications in the cloud has been increasingly discussed. The cloud is in particular an infrastructure which is available, for example, via the internet and which generally provides storage space, computing power and/or application software without the need to install and store the respective infrastructure on a local computer. For clouds, the hardware is typically not run or provided by the application or the user of the application itself. Cloud or cloud computing can be understood in particular as providing IT-infrastructure as a service, possibly from a remote location. The cloud can be accessed via the internet or can also be run by a company as a so-called private cloud in which IT infrastructure can be accessed via a network, e.g. the company's intranet.

When outsourcing the control application into the cloud, consideration is given to: hours of downtime per year are expected in all large cloud providers. Month-based considerations even indicate that the MTTF (MTTF: mean time to failure) must be expected to be less than a month, wherein failure occurs with downtime of several minutes to several hours. For example, analysis of the failures of cloud providers that differ in 2019 by 3 months thus yields an average down time of about 17 minutes over a 30 day period, where the two cloud providers with the longest time to failure are not considered. Thus, users of cloud-based services must assume that their applications are unavailable for a few minutes per month. In control applications, this inevitably leads to a shutdown of the automation installation, which may not be acceptable to the installation operator. Note that under this relationship: programmable logic controllers today have an average service life of 10 years and longer, depending on the type.

As a result, the cloud service availability or cloud service MTTF available today appears to be sufficient for current applications (i.e. e.g. Web servers or databases). For these applications, it is common to attempt to increase availability through either the cold standby system or the warm standby system and then to start either the cold standby system or the warm standby system in the event of a failure. However, this availability is not considered sufficient for applications in automation technology, since the state of the control application and thus of the automation process must be maintained in the event of a fault. This can only be achieved by using a so-called hot standby system.

Disclosure of Invention

Based on this prior art, it was an object of the present invention to provide an alternative redundant automation system and a method for creating such an automation system.

In order to achieve the object, the invention provides a redundant automation system comprising at least one automation installation to be controlled, which is set up at an installation location, and two control applications which are communicatively coupled to one another via synchronization paths and are provided for controlling the automation installation and form part of a cloud computing structure, the computing resources of the control applications being provided at different locations and communicatively connected to the automation installation via the internet or via a similar computer network having a plurality of communication nodes and communication paths connecting the communication nodes to one another, wherein one of the control applications operates as a host and the other control application operates as a backup, wherein, in the event of a failure of the control application operating as a host, the control application operating as a backup takes over its function operating as a master and the locations of the computing resources are selected for the control application such that the control application is connected to the automation installation via two different communication paths which preferably do not have a common communication node or have a minimum number of common communication nodes. Thus, in accordance with the present invention, control applications are outsourced to the cloud. In order to improve the MTTF (mean time to failure), the control application is connected to the automation installation or its peripheral units via a separate internet or similar computer network using communication technology. Here, it is ensured that the communication paths do not have a common communication node or a minimum number of common communication nodes, since the facility location and/or the location of the computing resources for controlling the application cannot have a common communication node with respect to the topology of the internet or of a similar computer network. This has the following advantages: if a communication path between the control application operating as a master and the automation installation fails, a function of securing the communication path between the control application operating as a backup and the automation installation is ensured, and the control application operating as a backup can take over the function of the control application operating as a master. This results in an improvement of the MTTF of the control application to a value useful for automation technology.

According to one embodiment of the invention, the synchronization paths connected to one another in the control application are communication paths of the internet or a similar computer network, wherein the synchronization paths and the two communication paths connecting the control application to the automation installation do not have a common communication node or have a minimum number of common communication nodes. This also leads to an improvement in the MTTF for control applications.

Preferably, the computing resources used for controlling the application are a computing center, i.e. a building or a site in which one or more companies' central computing technology devices are located. The advantages are that: leveraging already existing resources.

Advantageously, the computing resources for controlling the application are decoupled from one another in terms of energy supply technology. The computing resources are, for example, different computing centers which are decoupled from one another with respect to energy supply technology, thus also providing the availability of the automation system if the energy supply of the computing center fails. In particular, the locations of the computing resources used to control the applications are supplied with energy by island networks that are completely decoupled from each other. For example, the locations can be selected such that they are arranged in different regions or countries having an uncoupled energy supply.

Furthermore, the invention proposes a method for creating a redundant automation system, in particular an automation system according to the invention, wherein the method comprises the following steps: a) providing information about the network topology of the internet or similar computer network, including information about the structure of their communication nodes and about the communication paths over which these communication nodes are connected to each other; b) providing information about the computing centers present within the network topology including information about their locations; c) identifying a facility location of an automation facility to be controlled within a network topology; d) identifying at least one pair of computing centers that are connectable to the automation installation via communication paths within the network topology and that have a minimum number of intersecting and/or common communication nodes, in particular no intersecting and/or no common communication nodes; and e) selecting the pair of computation centers identified in step d), including selecting an affiliated communication path.

In a first step a), information about the network topology of the internet or similar computer networks, i.e. information about the specific arrangement of the devices and lines forming the internet or computer networks via which the computers are connected to each other and exchange data, is collected and provided, wherein the term "line" is understood not only as a transmission route for wired connections, but also as a transmission route based on radio. The information can be acquired on the basis of static information, i.e. for example a map of the currently existing deep ocean cables and/or by means of a network topology or the like derived by means of a network management protocol. In a further step b), information is provided about the computing centers present within the network topology, including providing information about their location. In step c), a facility location of the automation facility to be controlled within the network topology is identified. After the execution of steps a) to c), there is essentially all the information required for connecting the automation installation to be controlled or its peripheral units to one of the computation centers. In a further step d), at least one pair of computation centers is identified, which can be connected to the automation installation via communication paths within the network topology and have a minimum number of intersections and/or a minimum number of common communication nodes, in particular no intersections and/or no common communication points. Thus, a computation center is identified which can be connected to the automation installation as far as possible on completely mutually independent communication paths of the known network topology. Then, in step e), one of the pairs of computation centers identified in step d) is selected, including selecting an affiliated communication path. Accordingly, the maximum MTTF is achieved for the case where one of the communication paths between the automation system and one of the two compute centers would fail.

Advantageously, in step b), additional information is provided about the power supply and/or about the current load factor and/or about the computing capacity of the computing center, wherein in step e) the selection is made taking into account at least one of the additional information. For example, a plurality of potential pairs of computation centers are obtained in step d), to which the automation installation is connected via different communication paths, so that the selection in step e) is made on the basis of further criteria. For example, it is possible to check: which pairs of compute farms have independent power supplies so that only the pairs of compute farms that are independent power supplies are included in the narrower selection. Alternatively or additionally, the current load factor of the computation center of the pair identified in step d) can be checked. Accordingly, pairs of computation centers with lower load rates are preferred when selecting in step e). Alternatively or additionally, in step e) the computing capacity of the respective computing center can be taken into account as a selection criterion, wherein computing centers with high computing capacity are prioritized. If a plurality of additional criteria are included in the selection in step e), a priority or importance characteristic number can be assigned to each criterion.

According to one embodiment of the invention, the method has the further steps of: f) providing two control applications which are provided for controlling the automation installation, wherein the control applications are provided such that one of the control applications operates as a host and the other control application operates as a backup, and, in the event of a failure of the control application operating as a host, the control application operating as a backup takes over the function of the control application operating as a host, g) storing the control application in the computing center selected in step e); h) coupling a control application via a synchronization path; and i) connecting the control application to the automation installation via the communication path selected in step e).

In this case, the synchronization path is preferably selected in step h) such that the synchronization path and the two communication paths connecting the control application to the automation installation do not have a common communication node or have a minimum number of common communication nodes.

Another subject of the invention is a computer-readable medium on which a computer program comprising program code means is stored, which program code means, when the program is implemented on at least one computer, causes the at least one computer to carry out the steps of the method according to the invention.

Furthermore, the invention relates to a computer-readable medium comprising instructions which, when executed on at least one computer, cause the at least one computer to carry out the steps of the method according to the invention.

The computer readable medium can be, for example, a CD-ROM or DVD or USB memory or flash memory. It should be noted that: the computer-readable medium should not be understood as a tangible medium, but can also be in the form of a data stream and/or a signal representing a data stream, for example.

Drawings

Other features and advantages of the present invention will become apparent from the following description, which proceeds with reference to the accompanying drawings. Shown here are:

FIG. 1 schematically shows a flow chart of method steps of a method according to an embodiment of the invention;

FIG. 2 shows a schematic diagram of a topology of a network;

fig. 3 shows a view according to fig. 2 with a supplementary computing center;

fig. 4 shows the view according to fig. 3 with a supplementary automation installation;

FIG. 5 shows the view according to FIG. 4 with a supplementary communication path between the automation installation and the selected computing center;

FIG. 6 shows the view according to FIG. 5 with complementary, selected synchronization paths between selected computing centers;

fig. 7 shows a schematic illustration of an automation system according to an embodiment of the invention, which was created when the method shown in fig. 1 was performed.

Detailed Description

Fig. 1 schematically shows method steps a) to i) of a method according to an embodiment of the invention for creating a redundant automation system 1 for an automation installation 2 to be controlled.

In a first step a), information about the topology of the computer network 3 is provided. Currently, the computer network 3 is the internet. Alternatively, however, the computer network 3 can also be a similar computer network, i.e. for example an intranet of a company, which connects a plurality of enterprise locations to one another in a communication technology. The information provided in step a) is at least information about the structure or substructure of the computer network 3, which is formed by the communication nodes 4 and the communication paths 5 connecting the communication nodes to each other. The communication path 5 can be a wired and/or radio-based transmission route. Currently, this information is obtained based on static information, like for example maps corresponding to the currently existing deep sea cables and radio-based transmission routes. Furthermore, the information is also obtained by deriving the network topology by means of a network management protocol. In addition, supplementary information about the computer network 3 can be provided in step a), i.e. for example information about the transmission speed of the individual communication paths 5, and information about the probability of failure of the communication nodes 4 and/or communication paths 5 collected from failure statistics, etc. Fig. 2 shows an exemplary network topology of a computer network 3 composed of communication nodes 4 and communication paths 5, a large number of communication nodes 4 and communication paths 5 being omitted for the sake of clarity.

In a further step b), information is provided about the computing center 6 present within or coupled to the network topology shown in fig. 2, including providing information about the location of the computing center. This is schematically illustrated in fig. 3.

If it is now necessary to create an automation system 1 for the automation installation 2, the installation position of the automation installation 2 within the network topology is identified in step c), see fig. 4.

Then, in a subsequent step d), at least one pair of computation centers 6 is identified, which can be connected to the automation installation 2 within the network topology via the communication path 5 and have a minimum number of intersections and/or a minimum number of common communication nodes 4, in particular no intersections and/or no common communication nodes. In the example shown, a total of 22 such pairs can be formed. Each of these pairs includes a computing center 6 in africa and a computing center 6 disposed outside africa.

Then, in a further step e), the pair of computation centers 6 identified in step d) is selected, including the selection of the affiliated communication path 5. If, as is the case in the present case, a plurality of pairs of computation centers 6 is identified in step d), a selection can be made in step e) on the basis of other criteria, for example on the basis of the previously mentioned transmission speeds of the individual communication paths 5, the probability of failure of the communication nodes 4 and/or the communication paths 5, etc. Preferably, in step b), additional information about the power supply of the computation center 6 and/or about the current load rate and/or about the computation capacity is also provided, which can be taken into account in step e) for selecting the best pair. Thus, in step e), for example, it is possible to check: which pairs of computing centers 6 have independent power supply, wherein then only the pairs of computing centers 6 having independent power supply are in a narrower choice. Alternatively or additionally, the current load factor of the computation centers 6 can be checked, wherein pairs of computation centers 6 with low load factors are preferred. Alternatively or additionally, the relatively high computing power of the two computing centers 6 of a pair may also be decisive for the selection. A weighting factor can be associated with each additional criterion in order to weight the criterion more or less strongly in the selection to be derived in step e). Fig. 5 shows the selections that are ultimately made in the present example.

Then, two control applications 7 provided for controlling the automation installation 2 are provided in step f). The control applications 7 are arranged such that one of the control applications 7 operates as a host and the other control application 7 operates as a backup, wherein the control application 7 operating as a backup takes over the function of the control application operating as a host in case of a failure of the control application 7 operating as a host.

In step g), the control application 7 is stored in the computing center 6 selected in step e).

Then, in step h), the control application 7 is coupled via a synchronization path 8, which is preferably selected such that the synchronization path 8 and the two communication paths 5 connecting the control application 7 with the automation installation 2 do not have an intersection and/or have a minimum number of common communication nodes 4. If this is not possible, the communication path 5 and the synchronization path 8 are selected such that they have as few intersections as possible and/or as few nodes 4 in common as possible.

In step i), the control application 7 is connected to the automation installation 2 via the communication path 5 selected in step e) and to the computation center 6 via the selected synchronization path 8. The result is the arrangement shown in fig. 6 or the automation system shown in fig. 7.

A computer program is currently proposed, which comprises program code means for causing at least one computer to carry out the steps of the method described previously, when the program is carried out on the at least one computer. The identification of the facility location only has to be done by user input.

Despite the fact that the control application 7 of the automation system forms part of a cloud computing structure, the automation system 1 according to the invention is characterized by a very high availability. This availability can be further optimized by the type of synchronization mechanism that is synchronized with the control application 7 and by the way and method how the output data in the redundant automation system 1 is operated. In this case, reference is made in particular to the method disclosed in EP2657797B1 for operating a redundant automation system 1, which method can also be transferred to a redundant automation system 1 according to the invention.

Although the invention has been illustrated and described in detail by means of preferred embodiments, the invention is not limited by the disclosed examples and other variants can be derived therefrom by the person skilled in the art without departing from the scope of protection of the invention.