Main/backup architecture

Owned by Wolfgang Granzer
Last updated: May 27, 2020 by Reinhard Mayr (Unlicensed)
2 min read

Our main/backup solution is based on hot standby redundancy. This means both servers are running but only one server is active – the other one is in standby mode.

Active means that server has taken over control, i.e. it is doing all the work:

  • connecting to the field network, communicate with the devices and send/receive data point changes
  • running the BMS functions: alarm handling, scheduling, trending, logic execution, ...
  • accepts connections from visualization clients
  • allow configuration changes via the Web Manager

Standby means that the server is running but in an inactive state. It does not perform any of the above mentioned tasks. However, it receives all state changes (data point values, BMS function configurations, ...) from the active server via a synchronization link. Thus, the main and the backup server have the same process image of the underlying building automation system.

Scenarios

Normal operation

The following figure shows the normal situation when both servers are working properly. The main server is active, the backup server is inactive – the backup server is getting all information via the synchronization link.

Main server failure

Now suppose the main server is down due to a hardware crash or a Windows reboot. In this case, the synchronization link is lost and interrupted. The backup server recognizes this and switches from standby to active state. This means that it takes over control, connects to the field devices and performs the BMS functions. In addition, the visualization clients are switching to the backup server.

Main server recovery

Now lets assume that the main server recovers and gets back online again. Since the backup server is continuously trying to reestablish the synchronization link to the main server, the backup server recognizes that the main server is up again. After the synchronization link is reestablished, the backup server transfers the current state (data point values, BMS function configurations, ...) to main server. The main server then resumes control while the backup switches back to standby mode. The visualization clients are switching back to the main server.