In industrial automation, how control units of a system work has a great importance. For example, it is undesirable to stop the process in a 24/7 factory. If there is only one unit controlling, the process will stop in case of any failure. For this reason, backing up the control unit is a solution that eliminates this problem. Some control units have more than one backup in vitally important systems such as aircraft. As explained earlier, having more than one unit in a system that can do the same is the basis of the redundancy principle.

For PLC and automation systems: smartuslu@gmail.com

On the other hand, in some critical systems, a failure that may occur in a control unit can be harmful to the environment and even people. If there is only one unit controlling the system, these results may not be avoided. For example, if a unit controlling the refrigerant unit in a nuclear power plant performs erroneous calculations, it may cause large-scale explosions. For this reason, it may be a solution if two units do the same calculation at the same time. In this way, the outputs from the two controllers are compared and the system can be instantly switched into a safe state in case of inconsistency. In the scope of this thesis work, both redundancy and safety structure are obtained with the same configuration which consists of standard PLCs. As an important point to note here, these structures are constructed only at logic solver level. In other words, any input or output units are not duplicated or established in a special structure. In Figure the network of field equipments can be seen.

In the given figure above, PN stands for PROFINET while IE represents Industrial Ethernet. PN/IE gives information about the communication protocol utilized and the physical interface of the protocol. For these devices to communicate each other, as the basis of ethernet communication, they have to be in the same sub-network. In other words, first three octets of their IP addresses have to be identical.

According to the purpose of this project, the Petri Net design of the conveyor belt system is carried out simultaneously in PLC A and PLC B. After deciding the system structure, PLC FS evaluates the outputs received from these two PLCs accordingly and transmits them to the system. If the redundant structure is decided, PLC FS transmits outputs from only one PLC directly to the system. However, the other PLC continues to do the same operations simultaneously. In case of a malfunction in the priority PLC, PLC FS immediately receives the outputs from the other PLC and transmits it to the system and possible disruptions are prevented. This established structure coincides exactly with the hot standby redundancy described in other section. In Figure the targeted redundant structure is given.

In the structure given above, PLC A is given priority over the other. This means that as long as this PLC is running, PLC FS takes the outputs produced by this PLC and transmit it to the system.

In case of the safe structure is selected for the system, PLC FS takes the outputs from both PLCs and makes comparisons between them. In order for the outputs to be
transmitted to the system, they must be fully consistent with each other. Otherwise, the system does not operate. Additionally, in case of any power supply malfunction or connection error taking place in any PLC, since the agreement is spolied, the system is switched into a safe state and the operation is stopped. After errors are corrected, the system continues from where it left off with the approval of the operator concerned. The targeted safe structure is given.

Considering the information given in the section 3.4, it can be easily said that the structure in Figure is a form of 1oo2 structure whereas the structure in other Figure represents 2oo2 structure.