Hi,.....
i am developing a product. The same requires Hot redundancy of the two microcontrollers. The input & Outputs will be comman for both controllers. HMI & keyboard will be comman for the both. The failure of one controller shall be taken care by another. Is it possible to do the same. If any other option is available please suggest.
1) I have to control 6 VFD in parallel. These 6 VFD’s to be connected to this controller. 2) VFD communication will be through serial communication. 3) VFD speed reference command can be given through communication or through analog output. Preference should be given to serial communication based. 4) There will be another communication port for the communicating controller to central control system. 5) The Display shall be touch screen type 6) There must be provision for connecting 6 Analog inputs. 7) There may provision of 20 DI & 20 DO 8) Controller will react depending Analog inputs given from the central controller.
But none of the above has anything with redundancy to do. It's just a list of a normal (typically non-redundant) system without any analysis of failure modes and recovery alternaties.
Redundancy would discuss what happens if a VFD fails. Who drives the VFD (data and power). Who supplies the data to display? What failures should be possible to detect? What fallback should a detected failure result in? How is a real failure separated from a broken sensor claiming to have detected a failure? How is everything powered? What happens if that power supply fails? What if the central control system fails? Or the link to the central control system? How do you know if the touch input works? What is implication of broken touch function? How do you know if a digital input is low because that is the correct value, or low because it is broken? What if the analog values are measured using a damaged voltage reference, giving huge scale errors?
It isn't meaningful to think about redundant controllers until you have evaluated every part of the total system and figured out all failure modes and what that would mean. It really is far more likely that your I/O fails or your software contains bugs, compared to probability of a controller failure.
Just for fun - what happens if one controller gets an issue with the oscillator, making it run at wrong speed. Which of the microcontrollers would know it has correct speed and the other runs at wrong speed? Asynchronous communication would obviously be very problematic with one processor running at wrong speed and probably having the baudrate similarly off.