Secure Redundancy

OPC Router redundancy settings

Configuration of the Secure Redundancy

Project synchronisation

In order for the primary and secondary services to be able to synchronise a project, it must be set in both how their respective management in the network can be achieved for the other. The actual synchronisation can be carried out later via the redundancy status in the header menu:

In addition to the basic status, it is also possible to view whether or when a project synchronisation has taken place and to trigger it if required.

Redundancy mode

Primary service

The primary service receives heartbeat signals from the secondary service. If the heartbeat signals are interrupted, a warning is displayed. If the primary service is no longer available, the secondary service takes over.

Pre-shared key	Character string that is used to authenticate the OPC Router. A secure character string can be generated using the ‘Generate’ button. This key must be the same for the primary and secondary service. An empty key is invalid and prevents the connection from being established.
Timeout (s)	Time in seconds after which the secondary service is considered disconnected if no heartbeat has been sent.

Secondary service

The secondary service is on standby as long as the primary service is available and starts as soon as the primary service is no longer available. The connection to the opposite service can be tested via "Test heartbeat". Test project synchronisation" can be used to check whether all the necessary communication paths of the OPC routers involved can be established and the necessary data can be exchanged. It is not possible to check whether the necessary settings have been made or whether synchronisation has actually been successful.

note

For the connection test to work, the redundancy configuration must be switched to productive.

Pre-shared key	Character string that is used to authenticate the OPC Router. A secure character string can be generated using the ‘Generate’ button. This key must be the same for the primary and secondary service. An empty key is invalid and prevents the connection from being established.
Trusted certificates	If an HTTPS address is specified, the certificates to be trusted can be selected here: All (unsafe): Every certificate is accepted. Router: A connection is authorised if the certificate is in the router's certificate management and is trusted. Windows: A connection is authorised if the certificate is available in the Windows certificate store.
Address	Address of the primary service. This is specified in URL format (http(s):host name/IP address:port). The port used to access the Web Management (the web interface of the OPC Router) must be specified as the port. Example: https://example.local:5001
Heartbeat Interval (s)	The interval in seconds in which the secondary service attempts to reach the primary service. Note: This value must be below the timeout of the primary service so that the connection in the primary service is not constantly regarded as disconnected.

Deactivated

In this mode the redundancy is inactive.

note

Note: The Web Management port of the primary service must be enabled in the firewall so that the secondary service can connect.

The status changes caused by the redundancy are logged. A log entry is created when the redundancy becomes active (Primary router has failed) or becomes inactive again (Primary router is accessible again).

Environment variables

Several settings for redundancy behaviour can be set via Configurable environment variables for redundancy.

note

Settings set via environment variables always overwrite settings made via the UI.

warning

Warning: SAP®-Trigger can be problematic in redundant operation with identical user data. Problems arise because the plug-ins are also initialised in the secondary system and want to access the same user data.