High-available%20SIMATIC%20S7-400H

1
Automation and Drives
S
IMATIC S7-400H
The Fault-tolerant Automation System
2
Different Concepts
Redundant automation systems
Overview
Fault-tolerant 1-out-of-2 systems Objective Redu
ce the probability of production losses by
switching to a standby system
Fail-safe 1-out-of-2 systems Objective Protect
life, the environment and investments by safely
disconnecting to a secure off position
3
Overview

• Why do we have fault-tolerant programmable logic
  controllers?
• The objective of using high-availability
  programmable logic controllers is a reduction
  of production losses. It does not matter whether
  the losses are caused by an error or as a result
  of maintenance work.
• The higher the costs of a stoppage, the more
  worthwhile it is to use a fault-tolerant
  system. The generally higher investment costs of
  fault-tolerant systems are quickly compensated by
  avoiding production losses.

4
Benefits

• Avoidance of control system failures due to
  individual faults
• This is attained primarily through a redundant
  configuration
• Fault-tolerance is required in the following
  cases
• When processing valuable materials
• When downtimes or production failures would be
  expensive
• When a control system failure would result in
  high restart costs
• In order to enable operation without supervisory
  or maintenance personnel

Overview
5
Software redundancy
In a large number of applications, requirements
for the quality of redundancy or the number of
system sections that necessitate redundant PLCs
are not high enough to warrant the use of a
specific fault-tolerant system. Frequently,
simple software mechanisms are sufficient to
allow continuation of a failed control task on a
substitute system in the event of an error. The
SIMATIC S7 Software Redundancy options software
can run on S7-300 and S7-400 standard systems to
control processes that tolerate transfer times to
a substitute system within seconds, such as water
works, water treatment systems or traffic flows.
Overview
6

• Hardware Redundancy
• For Fast Processes Switch Over
  time few M. Sec.
• Software Redundancy
• For Slow Processes Switch Over
  time few Sec.

Overview
7
Industries (1)

• Power generation and distribution(oil, gas,
  electricity)
• Power plants
• Pipelines
• Offshore
• District heating systems
• Chemical, electrochemical, petrochemical and
  pharmaceutical industries
• Mining
• Environmental engineering
• Water treatment
• Refuse incineration
• Pulp and paper
• Steel and metal

Overview
8
Industries (2)

• Food and beverages
• Glass industry
• Semiconductor industry (utilities)
• Transport
• Tunnel automation
• Marine automation
• Airports
• Runway lighting
• Baggage transport

Overview
9
System architecture
Overview
Clients Parallel redundancy
Management level
Server Parallel redundancy With archive-matching
PC network/terminal bus
Fault-tolerantcommunication
Ethernet
Media redundancy
Process level
H CPUs Hot stand-by
SW redundancy Warm stand-by
Redundant power supply
ET 200M
Field level
Redundant PROFIBUS
Redundant IM 153
10
System integration

• Hidden redundancy
• Transparent programming(programming same as for
  non-redundant systems)
• Standard system parameterization
• Standard handling
• All SIMATIC programming languages can be used
  without
  restriction
• Platform for F andFH systems

Overview
11
Sample System
12
ConfigurationRedundant link
Replaceable Sync modules
Fiber-optics (FO)
Configuration
Fiber-optics (FO)
13
Hardware of the S7-400H base system Minimum
Configuration
Central processing units At the heart of the
S7-400H are the two central processing units.
Setting of the synchronization submodules, which
have to be plugged into the CPU, defines the rack
numbers. In the following we will refer to the
CPU in rack 0 as CPU 0,and to the CPU in rack 1
as CPU 1.
14
Setting the Rack Number
15
ConfigurationHighlights new CPUs

• Performance Increase
• Average Increase
• 417-4H appr. x 2,5-3
• 414-4H appr. x 1,2-2,2
• More Memeory
• 417-4H from 4 MB to 20MB
• 414-4H from 768KB to 1,4MB
• Higher Reliability
• Memory with automatic Error Detection and
  Correction (EDC)
• New Feature
• Distance between the Controller up to 10km
  (before 500m)

Konfiguration
16
ConfigurationTechnical specifications for the
CPUs

• Two CPU types available
• CPU 417-4H with 20MB onboard
• CPU 414-4H with1,4MB onboard
• General technical specifications,e.g. CPU 417-4
  or CPU 414-3
• 4 integrated interfaces
• Two for the Sync modules
• One DP interface
• One MPI/DP interface

Configuration
17
Central Controller Configuration

• Distance between the Controller up to 10m
• Use of the Sync-Modules for Patch Cables up to
  10m
• MLFB Module 6ES7 960-1AA04-0XA0
• MLFB FO-Cable 1m 6ES7 960-1AA04-5AA0
• MLFB FO-Cable 2m 6ES7 960-1AA04-5BA0
• MLFB FO-Cable 10m 6ES7 960-1AA04-5KA0
• Distance between the Controller up to 10km
• Use of the Sync-Modules for Cables up to 10km
• MLFB Module 6ES7 960-1AB04-0XA0
• Monomode FO-Cable LC/LC Duplex crossed 9/125µ

Konfiguration
18
Expanding the Working Memory of the CPU 417-4 H
with Memory Modules
19
Expanding the Working Memory of the CPU 417-4 H
with Memory Modules
20
Mounting rack for S7-400H

• It is recommended that you use the UR2-H
  mounting rack for the S7-
• 400H. The mounting rack makes it possible to
  configure two
• separate subsystems, each containing nine
  slots, and is suitable for
• installation in 19 cabinets.
• Alternatively, you can also configure the
  S7-400H on two separate
• mounting racks.
• Two mounting racks, the UR1 and UR2, are
  available for this purpose.

21
Central controller configurations

• With two standard subracks

Redundant power supply (PS) optional
PS
PS
CPU
PS
PS
CPU
Max. cable length 10km
With H subrack (with split backplane bus)
Configuration
PS
PS
CPU
PS
PS
CPU
22
Power supply

• As a power supply, you will require for each
  fault-tolerant CPU a
• power supply module from the standard range
  of the S7-400.
• Power supply modules for rated input voltages
  of 24 VDC and
• 120/230 VAC are available with 10 and 20 A
  output current.
• Redundant Power Supply
• To enhance the availability of the power supply,
  you can also use two redundant power supplies in
  each subsystem. In this case you should use the
  PS 407 10A R power supply module for rated
  voltages of 120/230 VAC with an output power of
  10 A.

Configuration
23
What is single-channel, one-way I/O?

• With the single-channel, one-way configuration
  single input/output modules are present
  (single-channel). The input/output modules are
  located in just one of the subsystems and are
  only addressed by that subsystem.
• A single-channel, one-way I/O configuration is
  possible in
• Central controllers and expansion units
• Distributed I/Os
• The single-channel, one-way I/O configuration is
  to be recommended for individual input/output
  channels for which normal availability of the I/O
  is sufficient.

Configuration
24
Failure of the single-channel, one-way I/O

• In the event of a malfunction the S7-400H with a
  single-channel, one-way I/O behaves like a
  standard S7-400 system, in other words
• When the I/O fails, the defective I/O is no
  longer available.
• When a subsystem fails, the entire process I/O
  of that subsystem is not
• available any more.

25
Using Single-Channel, Switched I/O

• In Redundant mode they
• may be addressed by both
• subsystems.
• In single mode, the master
• subsystem can always
• address all switched
• I/O .

Configuration
26
Using Single-Channel, Switched I/O

• ET 200M distributed I/O device equipped with an
  active backplane bus and a redundant PROFIBUS-DP
  slave interface module IM 153-2 or IM 153-2FO.
  permissible IM are
• IM153-2 6ES7 153-2AA02-0XB0 version 7
  or later
• IM 153-2FO 6ES7 153-2AB01-0XB0 version 6 or
  later

Configuration
27
Using Single-Channel, Switched I/O

• Rules
• When you use a single-channel, switched I/O, the
  configuration must
• always be symmetrical, in other words
• The fault-tolerant CPU and other DP masters
  must be located in
• identical slots and both subsystems (e.g.
  in slot 4 on both subsystems)
• The DP masters must be connected on both
  subsystems to the same
• integrated interface (e.g. to the
  PROFIBUS-DP interfaces of the two
• fault-tolerant CPUs).

Configuration
28
I/O configurationSwitched I/O
Redundant IM 153-2
PROFIBUS DP
ET 200M with active backplane bus
L
L
Configuration
Special bus module (BM)
IM
Active backplane bus
IM
29
I/O configurationSwitched I/O mode of operation

• Both DP masters are active
  and functioning properly
• Reading inputsThe inputs are read only from
  the preferred channelside (active IM)
• Writing outputsThe data are accepted by both
  channels.Only the data in the preferred channel
  are forwarded to the outputs.

Configuration
30
I/O configurationConnecting PROFIBUS PA via PA
link
PROFIBUS DP
2 x IM 157
DP-PA link
Configuration
31
I/O configurationY-Link
Rack 0
Rack 1
IM 153-2 with ET 200M

• The Y-link bus coupler creates a network portal
  from the redundant DP master system to a
  one-channel DP master system

Configuration
IM 157 with PA bus
Y-Link with DP bus
32
I/O configurationY-Link hardware configuration

• IM 157
• 6ES7 157-0AA82-0XA0
• Y-Link
• 6ES7 197-1LB00-0XA0
• Bus module BM IM 157
• 6ES7 195-7HD80-0XA0
• Bus module BM Y-Link
• 6ES7 654-7HY00-0XA0
• Collective Order No.
• 6ES7 197-1LA02-0XA0

Y-Link
IM 157
Configuration
33
I/O configurationY-Link configuration
Configuration
34
Installation notes

• Insert the synchronization submodules into the
  CPUs. Then screw up
• the additional front bezels to activate them
  .
• Connect the fiber-optic cables (always connect
  the two upper
• synchronization submodules and the two lower
  synchronization
• submodules of the CPUs). Lay the fiber-optic
  cable so that it is protected
• from any damage.
• Make sure with the route wires in addition that
  the two fiber-optic
• cables are always laid so that they are
  isolated from each other. Laying
• them separately enhances their availability
  and protects then from
• potential dual faults in the event, say, of
  simultaneous interruption of
• the fiber-optic cables.
• In addition, make sure that the fiber-optic
  cables are plugged into the
• two CPUs before turning on the power supply
  or turning on the system.

35
Setting the Rack Number
36
Sample System
37
Installation notes

• Connect the programming device to the first
  fault-tolerant CPU
• (CPU0). This CPU should be the master CPU
  of the S7-400H.
• A high-quality RAM test is performed after
  power on. It requires
• approximately 8 seconds per megabyte of
  RAM. During this time the
• CPU cannot be addressed via the multipoint
  interface and the STOP
• LED flashes. If there is a backup battery,
  the test will not be
• performed on further POWER ONs.
• Perform a memory reset for both CPUs using the
  mode selector. This
• applies the set mounting rack numbers of
  the synchronization
• modules to the operating system of the CPU.
• Switch the two CPUs of the S7-400H to STOP.
  Load the user program
• into CPU0
• Start the S7-400H PLC by switching the mode
  selector, first for CPU0
• and then for CPU1, to RUN-P.

38
Installation notes

• Result
• CPU0 starts up as the master CPU and CPU1 as the
  standby CPU.
• After the link-up and update of the standby CPU
  the S7-400H switches to redundant system mode and
  executes the user program (run light on digital
  output module).

39
What does active redundancy mean?

• Active redundancy, frequently referred to as
  functional redundancy
• too, means that all redundant resources
  are constantly in operation
• and are simultaneously involved in the
  execution of the control task.
• This means for the S7-400H that the user
  program in the two CPUs is
• completely identical and is executed
  simultaneously (synchronously)
• by the two CPUs.
• To identify the two subsystems, we use the
  traditional expressions of
• master and standby for two-channel
  fault-tolerant systems in this
• description. The standby always operates
  so that it is synchronized
• with the events on the master.
• The standby CPU switches to STOP mode in the
  event of the redundant
• link failing, whereas the master CPU
  remains in RUN mode.

40
Redundancy principle (1)
Redundancy with identical components(homogeneous
redundancy)
Redundancy features
Passive redundancy
Active redundancy
Majority redundancy
A
B
m-v-n
A
R
?1
1-v-2
1-v-2
2oo2
2oo2
A
B
C
Fault-tolerant
Hot stand-by automatic switchover lt 100
ms Warm stand-by automatic switchover in
seconds range
Redundancy principle S7-400H
m-of-n Fault-tolerant and failsafe
A
B
?
2-v-2
A
R
1-v-2
1oo2
HW or SW voting
2oo2
Cold stand-by manual switchover
Failsafe
41
Redundancy principle (2)
Synchronization, information and status exchange
Redundancy features
IM
DI
AI
AO
DO
IM
FM
Process
42
Bumpless master-stand-by switchover

• Switchover time
• Switchover time lt 100ms
• Outputs are retained during switchover
• No information or alarm/interrupt is lost
• Switchover criteria
• Master failure
• Power supply
• Rack
• Sync module
• Sync cable
• CPU
• Failure of a DP string or DP slave interface
  module does not force a switchover

Redundancy features

• Switchover

43
Master/standby assignment

• When the S7-400H is turned on for the first time,
  the first CPU to be stated up becomes the master
  CPU the other CPU becomes the standby CPU.
• Once the master/standby assignment has been
  established, it remains like that upon
  simultaneous POWER ON.
• The master/standby assignment is modified by
• 1. The standby CPU starting before the master CPU
  (interval of at least 3 s)
• 2. Failure or STOP of the master CPU in redundant
  system mode

44
Automatic event synchronization

• Synchronization procedure

Event synchronization
Redundancy features
Cycle synchronization
Time synchronization
Command synchronization
No synchronization

• Synchronization

Subcontroller B
Subcontroller A
Subcontroller A
Subcontroller B
Subcontroller A
Subcontroller A
Subcontroller B
Subcontroller B
45
Automatic event synchronization

• Principle

Redundancy features
Synchronization, Information and status exchange

• Synchronization

A
I 10.0
A
I 10.0
S
O 8.0
S
O 8.0






Value
Synchronization
L
PW100
L
PW100
Ackn.
L
DW 10
L
DW 10

F

F
Synchronization
T
PW130
Switchover

46
Automatic event synchronization

• Cycle

Redundancy features

• Synchronization

Self-test
Self-test
PII exchange
PII
PII
Synchronization

User program
User program
Match-up
PIO
PIO
47
Automatic event synchronization

• Customer benefits
• Transparent programming
• All standard SIMATIC-S7 programming languages
• No command restrictions
• Easy porting of the user programfrom standard
  CPU to fault-tolerant CPU
• Bumpless switchover
• No loss of information
• No loss of alarms/interrupts
• Because all redundancy-specific functions are
  handled by the operating system, the user can
  feel assured that he/she has done everything
  right as far as redundancy is concerned

Redundancy features

• Synchronization

48
Comprehensive self-test functions

• Self-test
• Scope
• CPU
• Memory
• Synchronization link
• Organization
• Startup self-test
• Complete test
• Self-test in cyclic mode
• Executes permanently as
  background task
• Executes in its entirety within a specifiable
  amount of time (default 90 minutes)

Redundancy features

• Self-test

49
Programming

• Handling, programming, configuring and
  communication are the
• same in SIMATIC S7-400H programmable
  controller systems as in
• standard systems.
• Redundancy-specific functions are performed by
  the operating
• system.
• S7-H Package is required to configure the
  hardware.
• When both CPUs are in STOP mode and you want
  to load a
• configuration, you must make sure you load
  User Program into the
• master CPU. Only then are the system data
  blocks transferred to the
• I/O modules. Hardware Config can be
  downloaded to each CPU.

50
Online programming

• Online modifications same as for standard system
• All modifications are automatically copied to
  both CPUs
• Connecting a PG
• At MPI interface
• Via bus

Redundancy features

• Programming

PROFIBUS/Ethernet
MPI/DP
51
Online programming

• Programming/parameter assignmentSIMATIC Manager
  H-station view

Redundancy features

• Programming

52
Online Programming

• Programming Hardware configuration

Redundancy features

• Programming

53
Configuration in RUN (CIR)

• CPU memory configuration
• Adding or removing
• Central I/O or CP
• DP slaves
• PA interface and PA slaves
• Y-link and slaves
• Modules in modular DP slaves
• CPU parameter

Redundancy features

• CIR

54
Automatic CPU re-incorporation following repair

• Connect and update stand-by CPU (1)

MASTER
STAND-BY
Redundancy features
RUN solo
STOP
Stand-by requests link-up
DisableDelete, Copy and Generate Blocks functions
Master copies all data to stand-by
Execute start routine and self-test

• Online repair

CPU 1 requests update
Terminate communication via configured
links. Disable low-priority alarms
Master copies dynamic data
User program
OS
55
Automatic CPU re-incorporation following repair

• Connect and update stand-by CPU (2)

MASTER
STAND-BY(link-up)
Redundancy features
Disable all alarms/ interrupts
Dynamic data which have changed since the last
update
Inputs, outputs, timers, counters, memory bits

• Online repair

Enable alarms/interrupts and communication
Redundant, synchronous operation
56
(No Transcript)
57
Replacing modules in RUN mode

• Modules which can be removed and inserted in Run
  mode
• I/O and CP
• Sync module
• Redundant IM 153-2
• Redundant power supplies
• Redundant components which can be replaced with
  the power off
• Standard power supplies
• Central IM
• CPU
• CPU is automatically updated following
  replacement(program and data)

Redundancy features

• Online repair

58
Procedure to change a central processing unit

• Requirements for a replacement
• has the same operating system version / revision
  as the failed CPU and the same main memory and
  load memory as the failed CPU.

Redundancy features
59
Examples of Fault-Tolerant System Response to
Faults

• Example 1 Failure of a central processing unit
  or power supply
• Initial situation The S7-400H is in redundant
  system mode.
• 1. Cause CPU0 to fail by turning off the power
  supply.
• Result The LEDs REDF, IFM1F and IFM2F light on
  CPU1. CPU1 goes into
• solo mode, and the user program continues to run.
• 2. Turn the power supply back on.
• Result
• CPU0 performs an automatic LINK-UP and UPDATE.
• CPU0 changes to RUN and now operates as the
  standby CPU.
• The S7-400H is now in redundant system mode.

Redundancy features
60
Examples of Fault-Tolerant System Response to
Faults

• Example 2 Failure of a fiber-optic cable
• Initial situation The S7-400H is in redundant
  system mode. The mode selector of each CPU is at
  the RUN or RUN-P position.
• 1. Disconnect one of the fiber-optic cables.
• Result The LEDs REDF and IFM1F or IFM2F
  (depending on which fiber-optic
• cable was disconnected) now light on the two
  CPUs. The original master CPU (CPU0) changes to
  single mode and the user program continues to
  run.
• 2. Reconnect the fiber-optic cable that you
  disconnected earlier.
• 3. Restart the original standby CPU (CPU1), which
  is now at STOP, by means of STEP7 operating
  status, for example.
• Result
• CPU1 performs an automatic LINK-UP and UPDATE.
• The S7-400H reverts to redundant system mode.

Redundancy features
61
Communications via Fault-tolerant S7 Connections
Communication
62
Communications via Fault-tolerant S7 Connections

• The hardware configuration of the two subsystems
  integrated in a fault-tolerant system must be
  identical. This is especially true of the slots.
• Depending on the network being used, the
  following CPs can be used for
• fault-tolerant communications
• Industrial Ethernet
• S7 CP 443-1
• PROFIBUS
• S7 CP 443-5 Extended (not configured as DP
  master system)
• To be able to use fault-tolerant S7 connections
  between a fault-tolerant system and a PC, you
  must install the S7-REDCONNECT software package
  on the PC.

Communication
63
Redundant communicationPrinciple

• Redundant communication is attained through
  redundant connections, which are then used when a
  problem occurs. Redundant connections can be
  created from H stations to
• Other H stations (one- or two-channel)
• HMI PCs (software Redconnect required)

Active connection
Stand-by connection
Communication
64
Redundant communicationConfiguration with
redundant bus (1)
Ethernet
H-CPU in single mode
Equivalent circuit diagram
Communication
PS
Bus
CP
CP
PS
CPU
CPU
PS
Bus
CP
CP
PS
CPU
CPU
65
Redundant communicationConfiguration with
redundant bus (2)
Ethernet
H-CPU in single mode
Equivalent circuit diagram
Communication
CP
CP
PS
CPU
CPU
PS
Bus
CP
CP
CP
CP
Bus
PS
CPU
CPU
PS
CP
CP
66
Redundant communicationConfiguration with single
bus
Ethernet
H-CPU in single mode
Equivalent circuit diagram
Communication
PS
CPU
CP
CP
CPU
PS
Bus
PS
CPU
CP
CP
CPU
PS
67
Redundant communicationConfiguration with ring
bus
Ring bus
S7-400H
S7-400H
H-CPU in single mode
Equivalent circuit diagram
Communication
PS
CPU
CP
CP
CPU
PS
Bus
PS
CPU
CP
CP
CPU
PS
Bus
68
Redundant I/O
New Redundant IO
Redundant Communication
Redundant Controller
PROFIBUS DP
Redundant Profibus
Sensor/control element
Redundant I/O
Redundant IM
69
Redundant I/OPossible redundancy structures (1)
Central I/O modules
Distributed I/O modules
Redundant I/O
70
Redundant I/OPossible redundancy structures (2)
Distributed switchedI/O modules
H-CPU in single mode
Redundant I/O
71
Redundant I/ORedundant quality stages

• Highest quality level
• Use of F-IO by exploiting the high-quality
  diagnostic functions required for failsafe
  operation
• Medium quality level
• Use of modules with diagnostic functions
• Low-cost quality level
• Use of modules without diagnostic functions

Redundant I/O
72
Redundant I/OHardware configuration

• Slot
• DP address
• Redundant DI
• Time discrepancy in ms
• Response time followingdiscrepancy
• Possible options
• AND gate
• OR gate
• Use last valid value

Redundant I/O
73
Redundant I/OHardware configuration

• Redundancy tabAppears only for
  redundancy-capable modules.
• Type of redundancy(none or 2)
• Station 2,PROFIBUSaddress 3,slot 4 contains a
  compatiblemodule. This module is selected as
  
  redundant
  DI

Redundant I/O
74
Redundant I/O Wiring digital inputs
With two sensors
With one sensor
DI
Master I/O
Both Inputs are read in parallel. The correct
value is selected and processed automatically
Redundant Profibus
Redundant I/O
Redundant I/O
DI
Since the function is not suitable for all module
types, the manual or Internet should be
consulted to find out which modules can
currently be used.
75
Redundant I/O Wiring analog inputs
With voltage sensor
With current sensor
With 2 sensors
With current sensor
AI-I
AI-I
I
4-wire transducers only
AI
Master I/O
The CPU reads both inputs. The correct value is
selected and processed automatically
I
R
Redundant Profibus
Redundant I/O
Redundant I/O
AI
Since the function is not suitable for every
module type, the manual or Internet should be
consulted to find out which modules can
currently be used.
76
Redundant I/O Wiring digital outputs
Without diodes
With diodes
Dependant on the module type
DQ
DQ
DO
Master I/O
Actuator
Both Outputs are set
Redundant Profibus
Redundant I/O
Redundant I/O
DO
Since the function is not suitable for every
module type, the manual or Internet should be
consulted to find out which modules can
currently be used.
77
Redundant I/O Wiring analog outputs
Each Output outputs half the value. When one of
the modules fails, the output that is still
intact provides the full value
AO
Master I/O
Actuator
Both Outputs are set
I
Redundant Profibus
Redundant I/O
Redundant I/O
AO
Since the function is not suitable for all module
types, the manual or Internet should be
consulted to find out which modules can
currently be used
78
Redundant I/O Integrating the user program

• The user program is integrated with the
  "Functional I/O Redundancy" library, which is
  part of STEP7 V5.3
• The redundant I/O are available to the user for
  programming as transparent I/O
• The rules state that the lowest address must
  always be used for programming.
• Method of operation
• The inputs are read by FB RED_IN and copied back
  to the POI following the discrepancy analysis
• The user writes the outputs to the lowest address
  in the usual manner. FB RED_OUT automatically
  copies the relevant value to the second address.

Redundant I/O
79
Block library Functional I/O Redundancy

• The Functional I/O Redundancy block library,
  which offers support for redundant I/O, contains
  the following blocks
• FC 450 RED_INIT Initialization function
• FC 451 RED_DEPA Trigger depassivation
• FB 450 RED_IN Function block for reading
  redundant inputs
• FB 451 RED_OUT Function block for
  controlling redundant outputs
• FB 452 RED_DIAG Function block for
  diagnostics of redundant I/O
• FB 453 RED_STATUS Function block for
  redundancy status information
• The blocks are located in the library Redundant
  IO(V1) under
• STEP 7\S7_LIBS\RED_IO.

80
Activities

• Reading the system status list (SSL) with SFC51
• CPU 1/0 ? Master/Standby (H status)
• Reading the connection status with SFC87
• Error OBs
• OB70

81
Reliability of modules

• The reliability of SIMATIC components is
  extremely high as a consequence of wide-ranging
  quality assurance measures in development and
  manufacture.
• The following average values apply to SIMATIC
  modules
• MTBF of a central processing unit 15 years
• MTBF of an I/O module 50 years

82
Thank you