Redundancy sounds impressive. We duplicate controllers, networks and servers. All to ensure that a failure in one component doesn’t bring production to a halt. It sounds like the perfect plan. Factory owners love it. Equipment suppliers love it even more.
Let’s be realistic, though. In practice, duplicating everything indiscriminately is simply absurd. Over-engineered architecture doesn’t always save the day. Often, it simply inflates the budget, complicates the code and introduces entirely new points of failure. So the key question isn’t “should we implement redundancy?” at all. The question is “where do we draw the line?”
When duplication makes sense: a rigorous risk assessment
The matter is, in essence, quite simple. Redundancy makes sense where downtime hits hardest. We’re talking about continuous processes – in large-scale chemical plants, the energy sector, or steelworks. In such settings, a sudden shutdown of the plant risks causing an explosion, a fire, or losses running into millions due to damaged materials.
In such situations, a primary-standby configuration is absolutely essential. Has the main PLC failed? The backup takes over in a fraction of a second. The process continues. The operator often doesn’t even notice a blip on the graphs. But let’s not forget, these are truly critical situations.
On a standard bottling or assembly line, the situation is quite different. If a controller fails, the line stops. Maintenance replaces the equipment within an hour or two. Production starts up again. There are losses, of course, but they are acceptable. Implementing such a fully redundant system in packaging goes against the business objective.
A false sense of security. Beware of single points of failure
This is where the biggest design pitfall lies: a false sense of security. Do you have two powerful controllers? Great. Two independent network cards? Brilliant. But what’s the point if you’re powering both systems from the same distribution cabinet? Or running the communication cables through the same cable tray?
This phenomenon is known as a Single Point of Failure (SPOF). A single point of failure. A water pipe bursts and floods both cabinets at once. A forklift operator cuts through the main power cable supplying the hall. Then the whole system – a duplicated investment – collapses like a house of cards.
When designing redundant systems, it is essential to consider the physical separation of equipment. Without separate cable routes, independent power supplies and adequate fire separation, duplicating the electronics is merely a costly illusion of protection.
What exactly are we duplicating? From the power supply to the controllers
In automation, almost anything can be duplicated. Let’s start with the basics: the power supply. Two independent power circuits and a robust UPS are standard practice today. But cramming this into small, insignificant facilities is overkill. The situation is similar with communication networks. Two transmission paths do a great job of stabilising the operation of large systems. However, in small machines where there is no critical drive synchronisation, it is simply style over substance.
Let’s look at the bigger picture. Having PLCs running in parallel ensures continuity in the event of hardware failure. That’s brilliant. But writing complex synchronisation code for a simple packaging machine is a mistake in engineering practice. And what about SCADA servers? Here, it’s worth having a backup machine. On the other hand, we must remember that a temporary loss of visibility very rarely halts the production process itself.
The same applies to field instruments. Dual sensors ensure reliable readings. However, if a particular measurement is used by engineers solely for statistical purposes or general monitoring, duplicating it is simply a waste of budget. A single, robust transducer is sufficient.
Hidden maintenance costs. A complexity that comes back to haunt you years later
All too often, we overlook one crucial aspect. Redundancy isn’t just a one-off purchase of a second controller. It represents a significant and lasting increase in the complexity of the entire system. Someone has to write the sophisticated switching logic. Someone has to test it rigorously. And then someone has to maintain it on site for years to come.
A complex system is harder to understand in a stressful situation. Maintenance teams then face a major challenge in diagnosing the problem quickly. Replacing a faulty component in a redundant system often requires specific, rigid procedures. One small mistake by a technician can bring the entire system down.
Sometimes you can fix a simple, standalone system in fifteen minutes with your laptop on your lap. Restoring stability in a poorly designed, redundant behemoth can take engineers up to two working days.
The limits of profitability. When to say ‘stop’
Every industrial project has its logical limit. The break-even point is reached precisely when costs and increasing complexity outweigh the actual risk of downtime. Duplicating a control system often costs twice as much as the basic equipment itself. You have to pay for additional licences, hundreds of engineering hours and complex acceptance tests.
A good automation engineer knows when to cut their losses. Instead of duplicating the entire line, they safeguard just one critical bottleneck. They ensure they have a reliable and up-to-date backup of the software. They keep essential spare parts in stock.
In many cases, this is more than enough to ensure peace of mind. After all, the trick isn’t to spend a million zlotys on spare equipment. The real trick is to do so sensibly and with sound business reasoning.
Summary
Redundancy in industrial automation is a powerful tool, but only when it stems from a rigorous risk assessment rather than an engineer’s ego. It is not about mindlessly duplicating every sensor, cable and controller on the production floor. It is about providing targeted, surgical protection for those areas where a failure would cost the company the most. Well-designed redundancy saves a plant from disaster, whereas excessive and poorly designed redundancy merely drains budgets and causes maintenance teams a constant headache.
