I think the biggest problem with using something like a JACE for direct equipment control, is the lack of segregation it tends to encourage. Using the above mentioned chiller plant example - The JACE's extensibility would lead someone to try to use one to control the entire chiller room (it's not just a JACE thing, our brand new chiller plant has a single Alerton VLX controlling the chiller room). The problem with this is fail recovery. If the controller goes down, what happens with the chiller enable point, what happens with the valves for the running AND the off-line chillers... what happens with the pumps.. the towers... etc. However, if instead, you had a very cheap and simple smart IO/application controller dedicated to each chiller, and IT controlled that chillers own valves and pumps, and all you had to do was load a request point into it from your sequencing controller, it would allow the global to fail, come down, reboot, etc, and not have an immediate impact on plant operations. Have some simple failover logic in the application controller that if it has not gotten an update watchdog from the global for a given time, you can then have it go to a desired failed state (either enabled or disabled, depending on the plant use/configuration).
I think your case is also manufacturer specific on what happens during a failure. For Loytec some options:

1. Use smart programmable I/O. Each I/O has an individual program put into each specific I/O running autonomously. Each I/O program is backed up to the L-INX with intercommunication. I/O is hot swappable and auto-downloads from the L-INX. The L-INX can be backed up (week/day/hourly) so that replacement for that is setting the same IP address as the existing controller. The complete configuration is restored from the latest backup.
2. Use connected I/O. Still hot swappable. L-INX backed up but if the L-INX goes down the connected I/O default to failsafe.
3. Use independent programmable I/O and Bind/Map data sharing between them. Default to failsafe.

I like that Loytec has a backup system. I don’t need to use any software or hook up to the device with a PC to replace hardware. I would say this is less field management work. Don't need to think about which tech has what software on his PC.