Diagnostic of Fault-tolerant System S7-400H

In a standard technical or PLC programmer praxis we meet in our daily with an obligation to know to diagnose control processing units CPUs, industrial network or devices which are connected to the CPU. We can remove failures very quickly in dependence on the right fault recognition. There is a lot of industrial applications which are required continuous production. Stop such production can means large material claims. In a worse occurrence it means risk to person. Because of these, we choose control system SIMATIC S7-400H as a system, which we will monitor. These control systems are used for more difficult and demanding industrial solutions, where requires on a redundancy exist. This article provides you information about using of system and standard blocks in the operating system of CPU for SIMATIC S7-400H. We will show one way how to read out diagnostic datas from CPU through SZL function. We will use WinCC flexible for simply results visualization.


Introduction
In the present automatic era resolutions big or smaller industrial applications are builted on programmable logic automats PLCs.We can see PLCs in a wide range of using.This could ensure easy and reliable runnig various technologies.At the beginning it is important to define type of a suitable CPU in accordance with customers requires and technology difficulties.
In this article we will pay attention to the CPU from a line of SIMATIC S7-400H, concrete to CPU 416 PN/DP.It is a redundant control system which is resistent to failures.
The reason of using such automation systems is to reduce production downtimes, regardless of whether the failures are cause by an error/fault or are due to maintenance work (Parrot & Venayagamoorthy, 2008).
The higher the costs of production stops, the greater the need to use a fault-tolerant system and at last the generally higher investment costs of fault-tolerant systems are soon recovered since production stops are avoided.

Redundant Automation System
Redundant automation systems are used in practice with the aim of achieving a higher degree of availability or fault tolerance.The S7-400H is a fault-tolerant automation system.We may only use it to control safety related processes if we have programmed and configured it in accordance with the rules for F systems (SIEMENS AG, 2012).
The S7-400H automation system satisfies the high demands on availability, intelligence, and decentralization placed on modern automation systems.It also provides all functions required for the acquisition and preparation of process data, including functions for the open-loopcontrol, closed-loop control, and monitoring of assemblies and plants (SIEMENS AG, 2012).
We also use redundant input/output modules to obtain a certain redundant automation system.Input/output modules are termed redundant when they exist twice and they are configured and operated as redundant pairs.The use of redundant I/O provides the highest degree of availability, because the system tolerates the failure of a CPU or of a signal module (Pfeffer, 2006).
The redundant structure of the S7-400H ensures requirements to reliability at all times.This means: all essential components are duplicated.This redundant structure includes the CPU, the power supply, and the hardware for linking the two CPUs.

SIMATIC S7-400H System
The basic SIMATIC S7-400H system consists of the hardware components required for a fault-tolerant controller.We can see hardware components for this system on the Figure 2. The basic system can be expanded with S7-400 standard modules (SIEMENS AG, 2012).
The two CPUs are the heart of the S7-400H.Use the switch on the rear of the CPU to set the rack numbers (SIEMENS AG, 2012).We will refer to the CPU in rack 0 as CPU 0, and to the CPU in rack 1 as CPU 1.
The UR2-H rack supports the installation of two separate subsystems with nine slots each, and is suitable for installation in 19" cabinets.We can also set up the S7-400H in two separate racks (SIEMENS AG, 2012).
The synchronization modules are used to link the two CPUs.They are installed in the CPUs and interconnected by means of fiber-optic cables (Franeková, Kállay, Peniak, & Vestenický, 2007).A fault-tolerant system requires 4 synchronization modules of the same type.The following Table 1 shows an overview of the LED displays on the CPU 416-5H PN/DP (SIEMENS AG, 2012).The hardware of the CPU and operating system provide monitoring functions to ensure proper operation and defined reactions to errors.Various errors may also trigger a reaction in the user program.We can diagnostic some errors from the way of lightening LED signals.

Read Out Diagnostic Information by Step 7
For read out diagnostic datas by software Step 7 it is possible use som of the system blocks, which are integrated in this sotware.
With system function SFC 51 "RDSYSST (read system status), we read a system status list or a partial system status list (SIEMENS AG, 1995-2012).
We start the reading by assigning the value 1 to the input parameter REQ when SFC 51 is called.If the system status could be read immediately, the SFC returns the value 0 at the BUSY output parameter.If BUSY has the value 1, the read function is not yet completed (SIEMENS AG, 1995-2012).

Structure of SFC 51
By this function we can read out number of information in dependence on the actual type of CPU.
Basic system function structure we can see in the Table 3.

SSL_HEADER
The SSL_HEADER parameter is a structure defined as follows: SSL_HEADER: STRUCT LENTHDR: WORD N_DR: WORD END_STRUCT LENTHDR is the length of a data record of the SSL list or the SSL partial list.
• If you have only read out the header information of an SSL list, N_DR contains the number of data records belonging to it.
• Otherwise, N_DR contains the number of data records transferred to the destination area.
List, which we could read by the system function SFC 51, we can define by SSL_ID parameter.This also depends on the CPU type.It is possible to read about specify information in the Help in Step 7 or in manuals (SIEMENS AG, 2012).

Diagnostic Program
You can see how we can read out LED signals status on the practical example.We was working with SIMATIC station S7-400H with CPU 416-5H PN/DP.It is automatic redundant system.
Figure 5 shows our system hardware.You can see CPU and operator panel which are both connected on the Industrial Ethernet.We use SIMATIC HMI Station for results visualisating.
We have programed a function block in the Step 7, where we have inserted SFC 51 function with SSL_ID defined to 0174.We could obtain the status of the module LEDs.
If the H CPUs are in a non-redundant H mode, we obtain the LED status of the CPU addressed.If the H CPUs are in the RUN-REDUNDANT mode, the LED status of all redundant H CPUs is returned.
Figure 6 shows our programed function SFC 51 according our requirements.The index in this block contains required LEDs code.In our case it is LED signal for RACK 0. We can see output structure SZL_HEADER which was desribed thereinbefore.Figure 7 shows data Block (DB) with just structure.

LEDs Status
We have loaded our program for reading out LEDs status to the control system.This control system consists from 2 CPUs, one of them works as a MASTER, the other works as a STANDPY CPU.
At the Figure 9, we can see both CPU`s status and on the HMI vizualization we can see LED`s status.We can read out all this information by using SFC 51 functions which we call regularly in the organization block OB1 every scan.
We have switched the second CPU to MASTER's task.We can see this change from the actual state LEDs in the both CPU.See Figure 10.

Conclusion
In the present exist really high requirements to automation systems.This could be why are redundant automation systems used.These are used in practice with the aim of achieving a higher degree of availability or fault tolerance.Reduction production downtimes is a big advantage such control system.
We have chosen this automation system to describe it in this article for its popularity in the present automation world.
This system consists from two redundant control units, where one works as a MASTER and the other is in the STANDBY mode.In the case of crashing MASTER CPU, the second CPU is switched from STANDBY to MASTER function.
It is possible to do detailed diagnostic by various ways on the automation system.We have showed it by using system function SFC 51 with defined SSL_ID.
The results of our experiments are visible on the Figures 9 and 10.We can see there LEDs status both CPU.At the end we can assure about availability this function for diagnostic's purpose.
This article does not solve communication between HMI station an redundant automation system.This could be another topic.

Figure 1 .
Figure 1.Possibilities of redundant automation systems (SIEMENS AG, 2012) Figure3shows how to connect remote input/output modules to the automation system.

Figure 4 .
Figure 4. Operator control and display elements on the CPU

Figure 5 .
Figure 5. Hardware configuration control automation system

Figure 7 .
Figure 7. Data block with SZL_HEADER structure

Table 1 .
LED displays on the CPU Table 2 below for LEDs RUN and STOP on the CPU (SIEMENS AG, 2012).

Table 2 .
RUN and STOP LEDs diagnostic (SIEMENS AG, 2012)/restart was initiated.The cold restart/warm start may take a minute or longer, depending on the length of the called OB.If the CPU still does not change to RUN, there might be an error in the system configuration, for example.

Table 3 .
Structure of SFC -2012)ction(SIEMENS AG, 1995-2012) Destination area of the SSL list read or the SSL partial list read: • If you have only read out the header information of an SSL list, you must not evaluate DR but only SSL_HEADER.•Otherwise, the product of LENTHDR and N_DR indicates how many bytes were entered in DR.

Table 4 .
Meaning variables in the record for diagnostic