1. CODESYS Group
  2. Products
  3. Runtime
  4. Redundancy

CODESYS® Redundancy

- fail-safe control applications based on IEC 61131-3

CODESYS Redundancy

Fail-safe control applications based on IEC 61131-3

With CODESYS Redundancy, you can implement highly available control systems in which two independent controllers simultaneously execute the same application and monitor each other. This ensures maximum operational reliability and prevents production downtime.

What is CODESYS Redundancy?

CODESYS Redundancy expands the proven CODESYS Development System with functions for implementing redundant control solutions. Two PLC systems (soft PLC or hardware PLC) run in parallel and continuously exchange their status. If one controller fails, the passive controller takes over control of the system without interruption.

Why CODESYS Redundancy?

Maximum availability

No downtime in production thanks to seamless switching between redundant controllers

Flexibility

Can be used on soft PLCs and hardware PLCs, supports common fieldbuses

Easy integration

Can be configured directly in the familiar CODESYS Development System

Industry standard

Based on the globally established IEC 61131-3 programming system

Future-proof

Developed for modern industrial applications – from manufacturing to process automation

Overview of the functions

Automatic switchover

If one controller fails, the second PLC takes over without interruption (hot standby).

Synchronous execution

Both PLCs execute identical IEC 61131-3 applications and synchronize continuously.

Manual switchover

Switching between active/passive is also possible manually, e.g. via function call or visualization. This allows, for example, planned replacement of a controller.

Redundancy configuration in the project

Easy creation and management in the CODESYS Development System via the “Redundancy Configuration” object

Automatic switchover

If one controller fails, the second PLC takes over without interruption (hot standby).

Synchronous execution

Both PLCs execute identical IEC 61131-3 applications and synchronize continuously.

Manual switchover

Switching between active/passive is also possible manually, e.g. via function call or visualization. This allows, for example, planned replacement of a controller.

Redundancy configuration in the project

Easy creation and management in the CODESYS Development System via the “Redundancy Configuration” object

Status monitoring

Display of the current states (active, passive, stand-alone, simulation, error, synchronization) of both PLCs at runtime

Synchronization of debugging information

Forced variables and timers are synchronized.

Flexible fieldbus support

Support for CODESYS EtherCAT and CANopen as well as for proprietary I/O systems

Automatic update

Boot application and memory areas are automatically synchronized as needed.

Time synchronization

IEC timers (TIME, TON, TOF, etc.) are always synchronized.

Event recording

Relevant events are documented for diagnostic purposes.

Limitations and requirements

  • Device support: Redundancy is only available for CODESYS-compatible systems.
  • Limited by the connection: A direct TCP/UDP-based interconnection between the two controllers is required. Synchronization must be performed within the cycle. Otherwise, redundancy will fail. Therefore, the amount of data that can be synchronized when using CODESYS Redundancy is limited. Other limiting factors are the speed of the hardware and the cross-connection.