Filter
Top Products
4
68 Series 90-70 Hot Standby CPU Redundancy User’s Guide – December 1993
GFK-0827
Specific fault actions are described in Section 2 of this Chapter. However, you can
configure whether or not a stand-alone CPU (after failure of the other CPU) will stop if
another fault occurs.
You can select the fault actions (either diagnostic or fatal) for when a given CPU is
operating without a backup available. This will allow you to choose between fault
tolerant operation and a safety system where a shutdown is preferred.
If you do choose to set these fault actions to be diagnostic when the system is running,
but not synchronized, the unit may remain the active unit even after the backup unit has
been placed in RUN mode. Also, a unit with the fault actions set to diagnostic may be
placed in RUN mode and become the active unit even though it may have a diagnostic
fault which would be logged as fatal in a synchronized system.
For example, if you were to configure ”Loss of or Missing Rack” failures as diagnostic,
then the following conditions would apply:
If an expansion rack fails when the units are synchronized, the unit with the rack
failure will transition to STOP/FAULT mode and the other unit will become a
stand-alone unit.
If an expansion rack fails after a unit becomes a stand-alone unit, a diagnostic fault
will be logged on that unit but the unit will stay in RUN mode and continue to
control the process.
If after the above situation occurs, the other unit transitions to RUN, the unit with
the failed expansion rack will stay in RUN mode and may, depending on the
configuration, remain in control of the process. With this situation, you may want to
include logic to shut down the faulted unit if this is an undesired operation.
If an expansion rack fails while in STOP mode or while transitioning to RUN mode,
a diagnostic fault is logged; however, the unit will still transition to RUN and may,
depending on configuration, become the active unit. You may want to include logic
to shut down the faulted unit if this is an undesired operation.
STOP to RUN Mode Transition
A resynchronization will occur at all STOP to RUN mode transitions. The time to
perform this resynchronization may be very large and will exceed the current transition.
The STOP to RUN mode transition has two separate paths.
1. If the CPU performing the transition is doing so alone or both CPUs are
transitioning at the same time, then a normal STOP to RUN mode transition is
performed (clear non-retentive memory and initialize FST_SCN and FST_EXE).
2. If the other CPU is active when this CPU performs a STOP to RUN mode transition,
then non-retentive references will be cleared followed by a resynchronization with
the active CPU.
Background Window Time
In a redundancy system, this value may be set to zero. Unlike other CPU models which
have a default of 0 ms, the default value for the CPU 780 is 5 ms.