Siemens Industry Online Support
Siemens AG
Entry type: Product note Entry ID: 4339989, Entry date: 04/24/1998

Software Based Fault-Tolerant S7 PLC

  • Entry
  • Associated product(s)

Concerns products with the Catalog No.'s:                                   


6ES7 862-0AC00-0YA0   Software redundancy, FB on CD ROM, single license     

6ES7 862-0AC00-0YA1   Software redundancy, FB on CD ROM, copy license       

6ES7 153-3AA00-0XB0   IM 153-3 redundant link                               



The Software Redundancy software package permits fault tolerant control of  

processes or critical parts of processes with standard S7-300 and/or S7-400 



The concept has been designed for single-channel distributed I/Os of the    

ET 200M system with a redundant IM 153-3 DP slave interface. The two DP     

interfaces of the IM are connected to the master station A and to the       

standby station B via separate PROFIBUS lines.                              


The Software Redundancy software is installed on the CPUs of both stations  

together with the user program and ensures that control is transferred from 

master to standby. It is possible to have redundant control for the whole   

process or only a critical part of the process.                             


Software redundancy takes care of the following failures:                   


- Failure of the redundant components (PS, CPU, DP master) in a central     


- Failure of a CPU due to hardware or software faults.                      

- Break in a bus cable to the redundant slave interface module.             

- Break in the redundancy link.                                             

- Fault in a PROFIBUS module of the redundant DP slave interface.           


Possible applications are processes where a master-standby switch over in   

the range of seconds is acceptable, e.g.:                                   


- Control of waterworks or water purification plants.                       

- Control of cooling water plants.                                          

- Monitoring and control of traffic.                                        

- Monitoring and control of temperatures and levels.                        


_Master-standby switchover time:_                                           


The time taken for switching over or from the moment of master failure      

until the standby takes control depends on:                                 

- Communication performance of the employed CPU.                            

- Communication medium, type of connection used and transmission speed.     

- Quantity of data transmitted.                                             

- Cause of the error.                                                       

- Baud rate of the PROFIBUS DP network and number of DP slaves.             



In the case of a system consisting of two CPU 414-2DPs linked by means of   

PROFIBUS or Industrial Ethernet and four ET 200M stations with 4 Kbytes of  

data to be transmitted, the switchover time will be 1.2 seconds when the    

master fails. If the link is via MPI and the configuration the same, the    

switchover will take 1.5 seconds. The outputs remain frozen during switch-  

over so that there is no immediate impact on the process. After switchover, 

the new master will continue control of the process on the basis of the     

data last received.                                                         


In view of the fact that these data may be a few cycles old it becomes      

apparent that software redundancy is suitable only for processes not depen- 

dent on short switchover times. We suggest that the switchover time, i.e.   

the period during which control of the process is interrupted should be     

used as a decision criterion. This time can be calculated with the help of  

the instructions provided in the user documentation (chapter 4.3).          


It is available free of charge from the Internet to owners of the SIMATIC   



http://www.ad.siemens.de/simatic-cs  --> manuals                            

                                 -->  STEP 7 (on left-hand margin)          

                             -->  Software Redundancy                       

If you have no Internet access or no SIMATIC card, please speak to your     

SIMATIC coontact at your local Siemens office.                              


Software prerequisites:                                                     


- STEP 7 Basic, version 4.02 and higher.                                    

- NCM S7 for PROFIBUS for configuration and communication.                  


Software Redundancy is suitable for the S7 CPU 315-2DP and all S7-400 CPUs. 


_Communication between CPUs:_                                               


- MPI, PROFIBUS or Industrial Ethernet. Existing communications links can   

  also be used.                                                             


- Suitable modules of the ET 200M distributed I/O system:                   

- IM 153-3 redundant DP slave interface module.                             

- All ET 200M digital and analog modules.                                   

- FM 350 counter module.                                                    


Connection of WinCC operator stations:                                      


The scope of supply of Software Redundancy includes an image software       

block for WinCC with the following functions:                               

- Initiate master-standby switchover.                                       

- Disable/enable master-standby switchover.                                 

- Display the status of the redundancy link.                                

- Display the status of the DP slave.                                       


Your SIMATIC contact at your local Siemens office will answer any further   

questions you may have.                                                     




Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit