ABB 800xA DCS system is fully redundant all the way down to the I/O.
Controllers are redundant and synchronized, with switchover typically <10 ms, so you barely notice anything.
Networks are redundant and use ABB’s RNRP (Redundant Network Routing Protocol).
Security follows a proper 5-layer model, and you can place firewalls and IDS/IPS on every layer if needed.
Connectivity servers are redundant too, so a single failure won’t even cause a bump in data collection; for big plants you can stack them for load-balancing.
Aspect (HMI/visualization) servers are redundant—usually up to 3 (in special cases to 7). Even with one failure (sometimes two), the operator view keeps running.
Logs and events are fully redundant as well.
Windows domain integration lets you do very fine-grained user rights.
There are proper thick clients, not just thin or terminal-server sessions. Clients connect over redundant networks to the aspect servers.
Thin clients are available too, but usually via VMware Horizon with individual virtual desktops, not plain RDP farms.
Control and visualization networks are segregated, and each layer is redundant.
ABB provides tested, certified security patches, delivered through an approved method with a layer-2 gateway and an external server in layer-3 (DMZ).
System hardening to international standards for critical infra is included in the portfolio.
Protocols: IEC 61850, IEC 60870-5-101/-104, DNP3, Profibus, Profinet, Modbus, OPC DA/HDA/AE on controller and HMI. OPC UA is HMI level only.