Patent Grant
11989084
This application incorporates by reference in its entirety, application Ser. No. 16/377,237 entitled “CONTROL HIVE ARCHITECTURE ENGINEERING EFFICIENCY FOR AN INDUSTRIAL AUTOMATION SYSTEM”, filed Apr. 7, 2019 (“HIVE Patent”) and application Ser. No. 16/502,692 entitled “REDUNDANT CONTROLLERS OR INPUT-OUTPUT GATEWAYS WITHOUT DEDICATED HARDWARE”, filed Jul. 3, 2019 (“Redundancy Patent”).
A process control system is used by a variety of industries to achieve a production level of consistency, efficiency, and safety, which could not be achieved purely by human manual control. It is implemented widely in industries such as oil refining, pulp and paper manufacturing, chemical processing and power generating plants. For example, a process control system can sit in proximity to a plant, and can manipulate a valve, start a motor, run a chiller or mixing unit as needed.
Process control systems are required to diagnose control equipment faults, to prevent an unmanaged problem such as improper control action. One example is a watchdog timer. A watchdog timer can take actions, such as taking a machine to its prescribed fail state if the timer expires due to a hardware or in some cases a software fault. It might, for example, initiate closing a valve, stopping a motor, or maintaining the last controlled state of the device. A maintenance engineer can use an optimal replacement unit to replace the faulty part that caused the watchdog timer to time out. Software is used to refresh the watchdog timer to let the electronics know that the processor and its executable code is still behaving properly. This is a traditional method that requires manual intervention by a human to restore full operation including redundancy of the control electronic.
A problem arises when there is a transitory fault, such as a bus fault on a memory line between a program and a processor. In such a case, a software refresh of a watchdog timer will not fix the problem. One solution to this problem is to use redundancy, but when a fault occurs, the control device is in a non-redundant mode of operation such that a second fault will cause loss of automatic control. It is preferable to self-heal the faulty device and restore full redundancy (if redundant) or restore/maintain automatic operation even when non-redundant.
One implementation is a method which includes monitoring a logic block and a memory block to detect a fault condition, determining a subset of the logic block or the memory block that is impacted by the fault condition, swapping the subset of the logic block or the memory block for a second logic block or a second memory block, the second logic block or the second memory block being capable of carrying out the functions of the subset of the logic block or the memory block, disabling the subset of the logic block or the memory block, automatically repairing the subset of the logic block or the memory block, and performing at least one action with respect to the subset of the logic block or the memory block.
Another implementation is for a device comprising a monitor module configured to monitor a logic block and a memory block to detect a fault condition, a fault location module configured to determine a subset of the logic block or the memory block that is impacted by the fault condition, a swap module configured to swap the subset of the logic block or the memory block for a highly integrated virtual environment (HIVE), the HIVE being capable of carrying out the functions of the subset of the logic block or the memory block, an orchestrator module configured to disable the subset of the logic block or the memory block, and a repair module configured to perform at least one action with respect to the subset of the logic block or the memory block.
Another implementation is for one or more hardware-based non-transitory memory devices storing computer-readable instructions which, when executed by the one or more processors disposed in a computing device, cause the computing device to monitor a logic block and a memory block to detect a fault condition, determine a subset of the logic block or the memory block that is impacted by the fault condition, and perform at least one action on the logic block and the memory block.
In addition, some circuit components and designs allow for hardware reset. This may include full power reset of select subsystems at any level (see, for example, levels 1-5 of the Purdue model or other process control system). By way of example, since electronic design component geometries have shrunk and been laid out in multiple layers, a new class of faults are resistant to classic on-line correction (e.g. memory parity EDAC and ECC) but which are transitory faults that do not reoccur once corrected. An example is bit latching, where one or more RAM bits latch and persist in an incorrect and non-correctable state, without a full hardware circuit power-cycle. Another example is a soft error in the gate or memory of a field-programmable logic (FPL), a field-programmable gate array (FPGA), or a system-on-chip device (SoC), which also persists in an incorrect and non-correctible state without a full hardware circuit power-cycle.
In previous designs, such a fault would force the device to enter a failure state requiring human servicing (e.g. physical device removal and replacement). As process control and other industrial automation devices become both more integral to the manufacturing operation, as well as physically distant from human-manned central control rooms, it is essential to repair this class of transitory fault in a manner that is as autonomous and self-healing at any level of any plant 101a-101n, including a machine controller 114, a unit controller 122, a plant controller 130, or any other controller.
The self-healing control system includes a monitor module 235. In operation, the monitor module 235 waits until the subset of the system 205 fails. For example, the subset of the system 205 could enter a fail state and have stuck bits. In this case, the monitor module 235 detects that there is a fault in the system. The fault location module 240 determines that the subset of the system 205 has entered the fail state. In the present example, a plurality of additional subsets of the system 206 do not enter a fail state. It is the task of the fault location module 240 to identify which of the subsets has entered the fail state. The subsets of the system 205 and 206 include circuitry, software, memory, and/or firmware in which stuck bits are possible in some error states.
When one of the subsets of the system 205 or 206 enters a fail state (in this case it is assumed that subset 205 fails), a repair module corrects the fault condition and returns the system to a normal state. For example, repair module 230 can cause subset 205 to automatically reboot from its stored program memory. In this manner, the fault can be cleared through memory subsystem power of the failed subset of the system, 205. In another example, the repair module 230 can repair a failed node in the subset of the system 205 with a stuck bit, by resetting the memory and restoring a database 299. Once the repair module 230 repairs the failed node it can return the system to an operational status.
Control system 200 also can write to a fault log 250 and an event log 260. In one example, when the control system 200 automatically repairs the subset 205, it also updates the fault log 250. The fault log 250 can be sent to the database 299 so there is a record of each action the control system 200 takes. In the example where control system 200 performs successive repairs on the subset of the system 205 and/or the same fault it updates the event log 260. The event log 260 can be used by a human operator to understand that a portion of the overall system has degraded behavior and might need to take additional actions.
For example, the primary device or system 305 have stuck bits. In this case, the monitor module 235 detects that there is a fault in the system. The fault location module 240 determines that the primary device or system 305 has entered the fail state. Since the primary device or system 305 is in a fail state, a swap module 345 replaces the primary device or system 305 with the secondary device or system 306. An orchestrator module 350, which can assign workloads based on a node's availability and/or health, disables the primary device or system 305 so it is no longer used by the rest of the system while in a fail state. In this way, the secondary device or system 306 becomes the primary device and the primary device or system 305 is taken offline for repair. The secondary device or system 306 is capable of replacing the functionality of the failed node and allows the system to continue normal operation.
The repair module 230 is configured to repair the primary device or system 306 while it is offline. The repair module 230 could, for example, force a power cycle on the primary device or system 305 it in the memory area that identified the fault. In one example, a user command to reset or repair the failed node can be used by a repair module 230 to fix the failed node. In other examples, it can be repaired automatically by the repair module 230. This eliminates the need to have someone physically interact with the node, which is especially useful when control nodes are located in a process area and it is desirable not to have to travel to the node. This may also eliminate the need to open the cabinet enclosure, which could require a work permit.
In another example, the primary device or system 305 can be caused to automatically reboot from its stored program memory. In this manner, the fault can be cleared through memory subsystem power of one of the failed nodes by the repair module 230. In another example, the repair module 230 can repair a failed node with a stuck bit by resetting the memory and restoring a database 399. An error correction module 355 can also be used. For example, once the repair module 230 reloads the database 399, the error correction module 355 can use an internal checkpoint and diagnose that a flash memory and database checksum are intact. Once the repair module 230 repairs the failed node it can return the system to an operational status with the repaired failed node as a secondary subsystem with the current replacement node as the primary. More details on how redundant systems can operate are shown in the Redundancy Patent and omitted here for brevity.
Control system 300 also can write to a fault log 250 and an event log 260. In one example, when the control system 300 automatically repairs the fault, it also updates the fault log 250. The fault log 250 can be sent to the database 399 so there is a record of each action the control system 300 takes. In the example where control system 300 performs successive repairs and/or the same fault it updates the event log 260. The event log 260 can be used by a human operator to understand that a portion of the overall system has degraded behavior and might need to take additional actions.
In one example, the HIVE functionality block 405 comprises cooperating control nodes 440, 450, and 460. The node with a non-correctable fault would shed its workloads as per HIVE redundancy design, and then auto-reboot with a power cycle of the memory region with the bit fault. This returns the failed node to operational mode. Thereafter, the orchestrator module 350 can assign workloads back to the subset of the system 410 as per the needs of the HIVE. More details on how the HIVE can operate are shown in the HIVE Patent and omitted here for brevity. It should be noted, however, that the repaired node 410 can return to operational status as a member of the HIVE and would typically not receive the same workload it had before the fault condition occurred. In a manner similar to that described with respect to
To that end, the repair module 230 is configured to repair the subset of the system 410 while it is offline. Control system 400 also can write to a fault log 250 and an event log 260. In one example, when the control system 400 automatically repairs the fault, it also updates the fault log 250. The fault log 250 can be sent to a historical database 499 so there is a record of each action the control system 300 takes. In the example where control system 400 performs successive repairs and/or the same fault it updates the event log 260. The event log 260 can be used by a human operator to understand that a portion of the overall system has degraded behavior and might need to take additional actions.
At step 520, the failed subset of the system is disabled. At step 530, the system determines whether the subset of the system has been repaired. This can occur, for example, via a repair module or other mechanism that is capable of isolating the subset of the system that failed and automatically cause it to be repaired. One manner in which this occurs can be having a power cycle forced upon it in the memory area that identified the fault. In another example, a user command to reset or repair the failed node can be used by a repair module to fix the failed node. In yet another example, one of the failed nodes can be caused to automatically reboot from its stored program memory. In this manner, the fault can be cleared through memory subsystem power of one of the failed nodes by the repair module. In yet another example, the repair module can repair a failed node with a stuck bit by resetting the memory and restoring the database. Once the system is repaired, an action is performed, which could include updating a fault log and/or an event log at step 540.
When a secondary node is swapped for a failed primary node, the primary node is disabled at step 620. At step 640, at least one action is performed on the failed node. In one example, this includes a memory reset and/or a database operation on the failed node. The database operation could be, for example, a database synchronization with an active primary. Thereafter, at step 640 the system determines whether the failed node is repaired. Step 640 repeats until the failed node is repaired, in which case at step 650, the repaired, failed node is used as a secondary node to the current primary node. In other examples, the repaired, failed node could become the primary node. Other schemes are possible as well.
At step 740, the system determines whether the failed node has been repaired. If not, step 740 repeats. After the failed node is repaired, it is used in the future, in one example, as part of the HIVE and can be assigned workloads by an orchestrator as needed. It should be noted that, after the fault condition is repaired, the repaired node typically has a differing workload than before and is integrated into the HIVE. There may no longer be a need for the repaired node to continue operation using the same workload it had before it failed.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4133027 | Hogan | Jan 1979 | A |
| 4888726 | Struger et al. | Dec 1989 | A |
| 4958270 | McLaughlin et al. | Sep 1990 | A |
| 5088021 | McLaughlin et al. | Feb 1992 | A |
| 5361198 | Harmon et al. | Nov 1994 | A |
| 5432927 | Grote et al. | Jul 1995 | A |
| 5546301 | Agrawl et al. | Aug 1996 | A |
| 5933347 | Cook et al. | Aug 1999 | A |
| 5963448 | Flood et al. | Oct 1999 | A |
| 6008985 | Lake et al. | Dec 1999 | A |
| 6088679 | Barkley | Jul 2000 | A |
| 6138049 | McLaughlin et al. | Oct 2000 | A |
| 6170044 | McLaughlin et al. | Jan 2001 | B1 |
| 6272386 | McLaughlin et al. | Aug 2001 | B1 |
| 6442663 | Sun et al. | Aug 2002 | B1 |
| 6560330 | Gabriel | May 2003 | B2 |
| 7237148 | Czajkowski et al. | Jun 2007 | B2 |
| 7313448 | Petrich et al. | Dec 2007 | B2 |
| 7434047 | Sharma | Oct 2008 | B2 |
| 7436797 | Shepard et al. | Oct 2008 | B2 |
| 7515972 | Kumar et al. | Apr 2009 | B2 |
| 7555752 | Groot et al. | Jun 2009 | B2 |
| 7577575 | Donner et al. | Aug 2009 | B1 |
| 7630777 | Rudnick et al. | Dec 2009 | B2 |
| 8280530 | Kase | Oct 2012 | B2 |
| 8570922 | Pratt, Jr. et al. | Oct 2013 | B2 |
| 8676219 | Pratt, Jr. et al. | Mar 2014 | B2 |
| 8948067 | Chernoguzov et al. | Feb 2015 | B2 |
| 9128479 | Reichard et al. | Sep 2015 | B2 |
| 9665089 | Schreder et al. | May 2017 | B2 |
| 9843624 | Taaghoi | Dec 2017 | B1 |
| 9875207 | Lv et al. | Jan 2018 | B2 |
| 9935828 | Tal et al. | Apr 2018 | B2 |
| 9873346 | McLaughlin et al. | May 2018 | B2 |
| 9990286 | McLaughlin et al. | Jun 2018 | B1 |
| 10175682 | Peake et al. | Jan 2019 | B2 |
| 10176606 | Jammikunta et al. | Jan 2019 | B2 |
| 10178177 | McLaughlin et al. | Jan 2019 | B2 |
| 10237712 | Gopalakrishnan et al. | Mar 2019 | B2 |
| 10296515 | Nikhra et al. | May 2019 | B2 |
| 10348704 | Figueira | Jul 2019 | B2 |
| 10354343 | Bodanapu et al. | Jul 2019 | B2 |
| 10441832 | Trivelpiece et al. | Oct 2019 | B1 |
| 10565046 | Tran et al. | Feb 2020 | B2 |
| 10997113 | Reineke et al. | May 2021 | B1 |
| 11036656 | Mclaughlin et al. | Jun 2021 | B2 |
| 20030028538 | Eikenbery | Feb 2003 | A1 |
| 20040158713 | Aneweer et al. | Aug 2004 | A1 |
| 20040233237 | Randow | Nov 2004 | A1 |
| 20050022065 | Dixon | Jan 2005 | A1 |
| 20050022078 | Subramanian | Jan 2005 | A1 |
| 20050276233 | Shepard et al. | Dec 2005 | A1 |
| 20060130021 | Plum et al. | Jun 2006 | A1 |
| 20060236198 | Lintz et al. | Oct 2006 | A1 |
| 20070100472 | Johnson et al. | May 2007 | A1 |
| 20080015714 | Rudnick et al. | Jan 2008 | A1 |
| 20080074998 | Becker et al. | Mar 2008 | A1 |
| 20080120125 | Chavez | May 2008 | A1 |
| 20080208361 | Grgic | Aug 2008 | A1 |
| 20090031403 | Huang | Jan 2009 | A1 |
| 20090222654 | Hum et al. | Sep 2009 | A1 |
| 20100064137 | Mcgrew et al. | Mar 2010 | A1 |
| 20100271989 | Chernoguzov et al. | Oct 2010 | A1 |
| 20100315298 | Biswas et al. | Dec 2010 | A1 |
| 20110178611 | Daraiseh et al. | Jul 2011 | A1 |
| 20110258433 | Pulini et al. | Oct 2011 | A1 |
| 20120076007 | Nelson | Mar 2012 | A1 |
| 20120078391 | Zornio et al. | Mar 2012 | A1 |
| 20120117416 | Mclaughlin | May 2012 | A1 |
| 20120300420 | Muldowney et al. | Nov 2012 | A1 |
| 20130268799 | Mestery et al. | Oct 2013 | A1 |
| 20140032366 | Spitz et al. | Jan 2014 | A1 |
| 20140068579 | Dawson et al. | Mar 2014 | A1 |
| 20140173246 | Sandstrom | Jun 2014 | A1 |
| 20140173336 | Bennah et al. | Jun 2014 | A1 |
| 20140245077 | Kanso et al. | Aug 2014 | A1 |
| 20140298091 | Carlen et al. | Oct 2014 | A1 |
| 20150018977 | Law et al. | Jan 2015 | A1 |
| 20150019191 | Maturana et al. | Jan 2015 | A1 |
| 20150149767 | Oualha et al. | May 2015 | A1 |
| 20150154136 | Markovic et al. | Jun 2015 | A1 |
| 20150215300 | Buonacuore et al. | Jul 2015 | A1 |
| 20150278144 | McLaughlin et al. | Oct 2015 | A1 |
| 20150323910 | McLaughlin et al. | Nov 2015 | A1 |
| 20150341364 | Basso et al. | Nov 2015 | A1 |
| 20150378356 | Hefeeda et al. | Dec 2015 | A1 |
| 20160062350 | Prall et al. | Mar 2016 | A1 |
| 20160103431 | Ganapathi et al. | Apr 2016 | A1 |
| 20160139999 | Gabler et al. | May 2016 | A1 |
| 20160299497 | McLaughlin et al. | Oct 2016 | A1 |
| 20160320759 | Macha et al. | Nov 2016 | A1 |
| 20160327923 | Papenbreer et al. | Nov 2016 | A1 |
| 20170126404 | Unagami et al. | May 2017 | A1 |
| 20170185055 | Nakajima et al. | Jun 2017 | A1 |
| 20170199515 | Bhat et al. | Jul 2017 | A1 |
| 20170228225 | Rachlin | Aug 2017 | A1 |
| 20170277607 | Samii et al. | Sep 2017 | A1 |
| 20170300024 | Nixon et al. | Oct 2017 | A1 |
| 20170359222 | Dutta et al. | Dec 2017 | A1 |
| 20180046487 | Matters et al. | Feb 2018 | A1 |
| 20180121843 | Connely, IV et al. | May 2018 | A1 |
| 20180259923 | De et al. | Sep 2018 | A1 |
| 20180299873 | Chauvet et al. | Oct 2018 | A1 |
| 20180321662 | Nixon et al. | Nov 2018 | A1 |
| 20180324609 | Diancin | Nov 2018 | A1 |
| 20180364673 | Van et al. | Dec 2018 | A1 |
| 20190042378 | Wouhaybi et al. | Feb 2019 | A1 |
| 20190050342 | Drayton | Feb 2019 | A1 |
| 20190056719 | Ong | Feb 2019 | A1 |
| 20190102226 | Caldato et al. | Apr 2019 | A1 |
| 20190104437 | Bartfai-Walcott et al. | Apr 2019 | A1 |
| 20190140989 | Wise et al. | May 2019 | A1 |
| 20190174207 | Cella et al. | Jun 2019 | A1 |
| 20190179678 | Banerjee et al. | Jun 2019 | A1 |
| 20190245716 | Coombes et al. | Aug 2019 | A1 |
| 20190274084 | Daniels et al. | Sep 2019 | A1 |
| 20190324874 | Gill et al. | Oct 2019 | A1 |
| 20190340269 | Biernat et al. | Nov 2019 | A1 |
| 20190370118 | Salapura et al. | Dec 2019 | A1 |
| 20200012569 | Natanzon et al. | Jan 2020 | A1 |
| 20200026575 | Guim et al. | Jan 2020 | A1 |
| 20200029086 | Zou et al. | Jan 2020 | A1 |
| 20200103861 | Flood | Apr 2020 | A1 |
| 20200104153 | Shibayama et al. | Apr 2020 | A1 |
| 20200127411 | Pakimo et al. | Apr 2020 | A1 |
| 20200136943 | Banyai et al. | Apr 2020 | A1 |
| 20200236162 | Bouzon et al. | Jul 2020 | A1 |
| 20200253067 | Pakimo et al. | Aug 2020 | A1 |
| 20200310394 | Wouhaybi et al. | Oct 2020 | A1 |
| 20200313960 | Rosa-Bian et al. | Oct 2020 | A1 |
| 20200319623 | McLaughlin et al. | Oct 2020 | A1 |
| 20200333765 | Biernat et al. | Oct 2020 | A1 |
| 20210096759 | Thakkilapati | Apr 2021 | A1 |
| 20210152495 | Craig et al. | May 2021 | A1 |
| 20220138335 | Rachlin | May 2022 | A1 |
| Number | Date | Country |
|---|---|---|
| 103354190 | Oct 2013 | CN |
| 104241972 | Dec 2014 | CN |
| 109522051 | Mar 2019 | CN |
| 0416891 | Mar 1991 | EP |
| 2184903 | May 2010 | EP |
| 3789834 | Mar 2021 | EP |
| 2404261 | Jan 2005 | GB |
| 9423367 | Oct 1994 | WO |
| 2011041413 | Apr 2011 | WO |
| 2015169352 | Nov 2015 | WO |
| 2017064560 | Apr 2017 | WO |
| 2019227401 | Dec 2019 | WO |
| Entry |
|---|
| Cheatham, Jason A., John M. Emmert, and Stan Baumgart. “A survey of fault tolerant methodologies for FPGAs.” ACM Transactions on Design Automation of Electronic Systems (TODAES) 11, No. 2 (2006): 501-533. (Year: 2006). |
| T. Panhofer and M. Delvai, “Self-Healing Circuits for Space-Applications,” 2007 International Conference on Field Programmable Logic and Applications, Amsterdam, Netherlands, 2007, pp. 505-506, doi: 10.1109/FPL.2007.4380701. (Year: 2007). |
| M. R. Boesen, J. Madsen and D. Keymeulen, “Autonomous distributed self-organizing and self-healing hardware architecture—The eDNA concept,” 2011 Aerospace Conference, Big Sky, MT, USA, 2011, pp. 1-13, doi: 10.1109/AERO.2011.5747476. (Year: 2011). |
| C. Popa and A. Stan, “A self-healing single core architecture using dynamically reconfigurable devices,” 2012 16th International Conference on System Theory, Control and Computing (ICSTCC), Sinaia, Romania, 2012, pp. 1-6. (Year: 2012). |
| G. D. Moiş, M. Hulea, S. Folea and L. Miclea, “Self-healing capabilities through wireless reconfiguration of FPGAs,” 2011 9th East-West Design & Test Symposium (EWDTS), Sevastopol, Ukraine, 2011, pp. 22-27, doi: 10.1109/EWDTS.2011.6116410. (Year: 2011). |
| M. Balaz and S. Kristofik, “Generic Self Repair Architecture with Multiple Fault Handling Capability,” 2015 Euromicro Conference on Digital System Design, Madeira, Portugal, 2015, pp. 197-204, doi: 10.1109/DSD.2015.118. (Year: 2015). |
| Yu-jen Huang, Da-ming Chang and Jin-fu Li, “A Built-In Redundancy-Analysis Scheme for Self-Repairable RAMs with Two-Level Redundancy,” 2006 21st IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, Arlington, VA, USA, 2006, pp. 362-370, doi: 10.1109/DFT.2006.6. (Year: 2006). |
| A. Alzahrani and R. F. DeMara, “Fast Online Diagnosis and Recovery of Reconfigurable Logic Fabrics Using Design Disjunction,” in IEEE Transactions on Computers, vol. 65, No. 10, pp. 3055-3069, Oct. 1, 2016, doi: 10.1109/TC.2015.2513762. (Year: 2016). |
| Vierhaus, Heinrich Theodor. “Combining fault tolerance and self repair in a virtual TMR scheme.” In 2013 Signal Processing: Algorithms, Architectures, Arrangements, and Applications (SPA), pp. 12-18. IEEE, 2013. (Year: 2013). |
| T. Koal, H. T. Vierhaus and D. Scheit, “A Concept for Logic Self Repair,” 2009 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools, Patras, Greece, 2009, pp. 621-624, doi: 10.1109/DSD.2009.238. (Year: 2009). |
| C. Gleichner, T. Koal and H. T. Vierhaus, “Effective logic self repair based on extracted logic clusters,” Signal Processing Algorithms, Architectures, Arrangements, and Applications SPA 2010, Poznan, Poland, 2010, pp. 1-6. (Year: 2010). |
| M. B. Tahoori, “High Resolution Application Specific Fault Diagnosis of FPGAs,” in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 19, No. 10, pp. 1775-1786, Oct. 2011, doi: 10.1109/TVLSI.2010.2056941. (Year: 2011). |
| “Experian CEE-based Controllers and 1/0 Overview, Doc# EP03-290-400, Release# 400”, Honeywell—Technical Information, Version 1.0, Jul. 2010 (43 pages total). |
| Thomas Goldschmidt et al, “Container-based architecture for flexible industrial control applications”, Journal of Systems Architecture, NL, (Mar. 6, 2018), vol. 84, doi:10.1016/j.sysarc.2018.03.002, ISSN 1383-7621, pp. 28-36, XP055516260 (9 pages total). |
| Richter Daniel et al, “Highly-Available Applications on Unreliable Infrastructure: Microservice Architectures in Practice”, 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), IEEE, (Jul. 25, 2017), doi:10.1109/QRS-C.2017.28, pp. 130-137, XP033139427 (8 pages total). |
| Extended European Search Report dated Nov. 17, 2020 issued in connection with corresponding EP Application No. 20180114.9 (9 pages total). |
| Extended European Search Report dated Aug. 2020 issued in connection with corresponding EP Application No. 20166066.9 (7 pages total). |
| Wikipedia, “DNA Rail”; Retrieved from “https://en.wikipedia.org/w/index.php?title=DIN_rail&oldid=946791884”, Retrieved on: Sep. 23, 2020 (4 pages total). |
| “Everything You Need to Know About DIN Rails”, RS Components, downloaded Apr. 21, 2020, https://uk.rs-online.com Retrieved on: Sep. 23, 2020 (5 pages total). |
| Honeywell, High-Performance Process Manager Planning, HP02-500, Release 530, CE Compliant, Revision 05—Mar. 20, 1998 (330 pages total). |
| Arnold Offner, “Din-Rail in the Electrical Control Cabinet and Junction Box”, Presented on Nov. 12, 2008 at the IEEE SC2 Committee Meeting in Tucson, Arizona. (13 pages total). |
| “DeltaV™ Virtualization—High Availability and Disaster Recover”, DeltaV Distributed Control System, Whitepaper, Emerson Process Management, Oct. 2014 (10 pages total). |
| Extended European Search Report dated Mar. 21, 2022 issued in connection with corresponding EP Application No. 21205397.9 (9 pages total). |
| Extended European Search Report dated Mar. 10, 2022 issued in connection with corresponding EP Application No. 21195635.4 (18 pages total). |
| Indian Examination Report dated Apr. 11, 2022, issued in connection with corresponding Indian Application No. 202114041005 (8 pages total). |
| “Experion CEE-based Controllers and I/O Overview, Doc # EP03-290-400, Release # 400”, Jul. 2010, Version 1.0 (retrieved from https://www.nexinstrument.com/assets/images/pdf/TK-PR.pdf on Sep. 4, 2020) (43 pages total). |
| Australian Examination Report dated Sep. 1, 2022, issued in connection with corresponding AU application No. 2021229183 (3 pages total). |
| European Examination Report dated Feb. 11, 2022, issued in connection with corresponding EP Application No. 20165415.9 (10 pages total). |
| Extended European Search Report dated Jul. 9, 2021 for corresponding EP Application No. 21164736.7 (8 pages total). |
| Extended European Search Report dated Aug. 20, 2021, issued in connection with corresponding European Patent Application No. 21165382.9 (10 pages total). |
| Extended European Search Report dated Jul. 27, 2020, issued in connection with corresponding European Patent Application No. 20165416.7 (9 pages total). |
| Extended European Search Report dated Jun. 29, 2021, issued in connection with corresponding European Patent Application No. 21156993.4 (8 pages total). |
| Extended European Search Report dated Nov. 18, 2021, issued in connection with corresponding European Patent Application No. 21177860.1 (8 pages total). |
| Extended European Search Report dated Oct. 23, 2020, issued in connection with corresponding European Patent Application No. 20180113.1 (8 pages total). |
| Extended European Search Report dated Sep. 21, 2021, issued in connection with corresponding European Patent Application No. 21164739.1 (8 pages total). |
| Indian Examination Report dated Feb. 14, 2022; issued in connection with corresponding Indian Application No. 202114012845 (7 pages total). |
| Indian Examination Report dated Feb. 7, 2022; issued in connection with corresponding Indian Application No. 202114013519 (6 pages total). |
| Number | Date | Country | |
|---|---|---|---|
| 20220091922 A1 | Mar 2022 | US |
