Virtualization technology has been extensively applied in IT systems. Several aspects ranging from server, storage, applications, desktops, to operating systems and more have been virtualized.

Server virtualization is the most common use of virtualization. It involves partitioning a physical server into several smaller virtual servers. Each of these virtual servers can run their own operating system and applications, making it seem as though they are individual machines. This helps to optimize resources and reduce costs. Storage virtualization involves pooling physical storage from multiple network storage devices into a single storage device that is managed from a central console.

This helps in backup and archiving, improving efficiency and speed. Similarly, application virtualization allows running of applications in a self-contained virtual environment without the need for dedicated host computers. Desktop virtualization involves hosting a desktop operating system within a virtual machine that runs on a server. This means that the server does all the processing, and the users just need a small device (called thin or zero-clients) to connect to the server. This reduces the hardware requirements for the users and increases data security.

Virtualization technology has dramatically changed the way IT resources are used, and services are delivered, enhancing efficiency, flexibility, and scalability. However, the benefits of virtualization have yet to benefit industrial operations in any significant way. Industrial Automation and Control Systems (IACS) hardware resources in these environments continue to exist as discrete resources. With digitization, the number of such hardware resources has risen rapidly and so has the time and expense of monitoring, updating, and troubleshooting, which could require extended downtimes and result in productivity losses.

In this article, we will describe the benefits manufacturers can expect to see by virtualizing their IACS systems, what is holding them back, and the solutions that can help them get there.

What can virtualization do for your operations?

Manufacturing facilities stand to gain a lot by virtualization. They can consolidate Programmable Logic Controllers (PLC), Industrial PCs (IPC), Human Machine Interfaces (HMI), Gateways, and other physical compute resources currently on their factory floors onto local virtual machines which run on a hyperconverged compute and storage infrastructure.

Figure 1 shows how several individual PLCs can be replaced by a centralized pool of virtual PLCs. This arrangement has many advantages:

Scalable and agile operations: Virtualization enables manufacturers to easily scale their operations by adding or removing virtual machines as required instead of purchasing and deploying new hardware. It also facilitates adding new applications, making updates, and adapting to changing conditions, product redesigns, etc., easier.

Increased security: Removing discrete hardware from the factory floor minimizes potential avenues that an attacker can exploit to gain unauthorized access to manufacturing assets and processes. Virtualization can improve the security of IACS by isolating critical control systems. By separating networks and implementing security measures at the virtualization layer, manufacturers can minimize the risk of malware propagation. And in case of a successful breach, the compromised virtual control system can easily be shut down and replaced by a newly deployed virtual machine.

Improved disaster recovery: Virtualization allows for efficient backup, replication, and restoration of virtual machines, making disaster recovery planning and execution more streamlined. It enables manufacturers to recover from system failures or disasters, reducing downtime and minimizing any impact more quickly on production.

Testing and development: Virtualization provides an ideal environment for testing and development activities. Manufacturers can create virtual replicas of their production systems for testing new software, configurations, or system updates, ensuring they do not impact the actual production environment.

Reduced costs: Virtualization can help reduce both operating and capital expenses. Hardware upfront purchase costs can be reduced by running multiple virtual machines on a single server. Fewer physical servers also mean fewer machines to maintain and repair. Virtualization often comes with management tools that simplify and automate the maintenance of virtual machines. This can reduce the need for manual administration and raise productivity.

Better sustainability: Consolidation of computing and storage resources into a set of central services helps reduce the total energy requirements. In addition, easier access to more processing data can help increase efficiencies, reduce waste, and lower energy consumption.

Why is virtualizing industrial control systems so hard?

Even with these benefits, virtualization of control systems is not yet mainstream in the manufacturing sector. Manufacturers are hesitant to change their tried-and-true processes and systems without assurance of a solution that addresses challenges in the transformation. An effective virtualization strategy would require:

Precision timing: Industrial control systems mostly require real-time performance with deterministic responses. These systems control physical equipment where delays can lead to serious problems, including safety issues. Virtualization could add latency that may be unacceptable in these environments. The network must be deterministic and ensure adequate performance.

Industrial protocols: Traditionally, industrial control systems and machinery have been designed to communicate via Layer 2 network given the emphasis on precision timing requirements. Layer 2 connectivity has the advantage of having fewer network hops and avoiding routing resulting in lower latency. Replacing individual controllers with a central computing environment would require a Layer 3 network as packets will need to be routed between the machines and controlling applications. Not only would a Layer 3 network need to tunnel Layer 2 traffic, but it would also need to satisfy strict timing and packet loss requirements.

Resiliency and reliability: Substituting a Layer 2 network with a routed Layer 3 adds new links and network functions between the machines and controlling applications, that exposes manufacturing processes to risk of interruptions. A resilient network able to withstand link and device failures can ensure continuity of operations.

Security: With more connected industrial assets and a greater dependence on the network, securing operations in a virtualized environment becomes even more important. The solution must provide detailed visibility, be able to spot vulnerabilities, segment the network granularly, and monitor connected devices continually for any breaches.

Scalability and flexibility: The network infrastructure should be scalable to accommodate the growing demands on virtualized systems. This includes considering factors such as network capacity, scalability of switches and routers, and the ability to add, remove, and reconfigure virtual machines as needed.

The network is the key to IACS virtualization

The network is the key to migrating individual PLCs, HMI, IPCs, and other discrete hardware resources to central hyperconverged environments. A simplified architecture that illustrates the major components and their connectivity is shown in Figure 2.

The following are the main elements of this architecture:

1. Industrial Ethernet switches provide high-capacity packet switching and lossless resiliency required for uninterrupted connectivity of IACS applications with the controlled machines.
2. An intelligent network management system directs all functions of the network starting from onboarding devices, initial and ongoing configurations, performance monitoring, proactive troubleshooting, networking and security policies, and everything else needed for maintaining network performance and security. It enables the software-defined fabric and ensures that the network is always ready.
3. AAA policy repository and server ensures secure network access and enforces security policies. It allows organizations to control access to their network and the resources they can access.
4. Visibility application running within industrial switches helps identify connected assets, identify network traffic, and uncover security vulnerabilities. Using this level of visibility, you can define zones and conduits as per ISA/IEC 62443 and enforce segmentation using the policy server and industrial switches
5. The centralized hyperconverged infrastructure brings together computing, networking and storage in a single system to power applications, including virtualization.
6. Virtual PLC is an integrated development system (IDE) in accordance with IEC 61131-3 for programming the control logic and contains various textual and graphical editors.

Time to get started is now

Admittedly, virtualization of IACS is not mainstream, and it may not be on your radar quite yet. But with all the benefits it can offer, it is easy to see how it will be a gamechanger soon. In fact, Audi, the German manufacturer of technologically advanced luxury cars, has embraced virtualization and is transforming its production lines.

Watch Dr. Henning Löser, head of Production Labs, Audi, explain how they intend to transform their next-generation smart factories. Click button below.

It is not too early to start laying the networking foundation for the future of manufacturing.

Vivek Bhargava, Product Marketing Manager at Cisco, and Roland Wagner, Head of Product Marketing at CODESYS