My first thought was that your anecdotes are silly, particularly the second one. I may be more convinced if you described the system where "money is no object" that "never ran for 24 hours without errors". A lot is left to the imagination when you provide
zero technical details.
However, there's
a lot to be said about your message. Redundancy
necessarily adds complexity (read
points of failure) to a system to provide additional reliability! In some cases it is worked out. Consider a RAID 1 (mirrored) volume. The increased complexity of the RAID controller versus disk controller is negligible compared to the added protection of having mirrored data. You can even have dual controllers. Adding hardware to go from a single hard drive to a RAID 1 array will provide a statistical advantage. But, behind the scenes, there's a complex driver and hardware that some group spent a lot of time engineering well - orders of magnitude more time than your PLC project. A crappy driver (redundancy guts) would make the whole system less reliable than just using a single drive.
The lesson behind the story - if there's a working redundancy product, go for it. I haven't heard of any PLC manufacturers that can come up with a generalized redundant scheme that's seamless to the PLC program. If they have, that's another matter.
If you're trying to set up your own redundancy scheme, you will likely fail. I've seen attempts like John's. OP, this is particularly true since you "have no experience at it".
I think that redundancy is so immature with PLCs because they don't fail often, and it's an incredibly difficult problem to solve in general. Ask anyone here how important "stability" is - they'll go on to no end. PLCs are pretty stable and having a "hot backup" is simple and effective. To do the job right, you're probably talking a ten-fold in cost for added minutes of uptime. This doesn't even take I/O and everything else into account.
John Gaunt said:
OK culi, I will shut up.
But first I do have some experience with redundancy.
I work with S7-400 PLC's and have seen several attempts at using them as redundant pairs. On one system it was such a disaster, they had spent all their time (money) trying to get redundancy to work they had totally neglected the rest of the system and it was running totally manually.
A couple of years ago I worked on the software for a North Sea oil and gas system off the coast of Scotland using 4 computers for redundancy. The oil and gas is an industry where truly "money is no object" The system allways worked well using a single computer. It simply never failed. With two or four computers it never ran for 24 hours without errors. The whole project was so tied up with customer specifications that it simply could not be fixed without going outside those specs.
Ok, I'll shut up now. Good luck.