Co-authored by Roland Wagner, CODESYS.
Virtualization is nicely accepted in enterprise IT. Creating digital variations of computing assets comparable to servers and storage, permits the consolidation of a number of bodily assets right into a single digital setting. This permits for extra environment friendly utilization of {hardware} and higher useful resource administration. The worth derived contains diminished capital expenditures, decrease upkeep prices, improve flexibility and improved cybersecurity.
Nevertheless, virtualization is just not so prevalent in industrial environments. Industrial Automation and Management Techniques (IACS) {hardware} assets in these environments, comparable to Programmable Logic Controllers (PLC), Industrial PCs (IPC), and Human Machine Interfaces (HMI), have existed as discrete assets. With digitization, the variety of such {hardware} assets has risen quickly and so has the time and expense of monitoring, updating, and troubleshooting, which may require prolonged downtimes and productiveness losses. An extra consideration is Trade 4.0 that will increase the quantity of compute assets in manufacturing programs with information assortment and evaluation.
IACS compute belongings may be virtualized to reap its advantages, however it requires particular issues. Manufacturing processes are considerably extra delicate than IT processes to community points like delay, latency, jitter, and packet loss.” Since virtualization removes direct or shut connectivity of compute belongings with the managed machines, the community should step up and cling to stricter efficiency necessities.
Why virtualization on the manufacturing facility flooring?
Virtualization can deliver a number of advantages in industrial sectors. Producers can consolidate PLCs, IPCs, HMIs, Gateways, and different bodily compute assets at present on their manufacturing facility flooring onto native digital machines which run on a hyperconverged compute and storage infrastructure. Present PCs and workstations (IPCs and HMIs) may be changed by skinny purchasers with a smaller footprint related to the corresponding digital desktop. Digital PLCs (vPLC) operating within the hyperconverged infrastructure would interface with the sensors, actuators, and machines they management through the converged community. This association has many benefits:
- Scalable and agile operations: Virtualization permits producers to simply scale their operations by including or eradicating digital machines as required. It additionally facilitates the deployment of latest purposes or updates with out disrupting manufacturing processes. Adapting to altering circumstances, product redesigns, and so on., is less complicated by updating working parameters in software program IACS.
- Elevated safety: Eradicating discrete {hardware} from the manufacturing facility flooring minimizes the potential avenues that an attacker can exploit to achieve unauthorized entry to manufacturing belongings and processes. Virtualization can enhance the safety of IACS by isolating essential management programs. By separating networks and implementing safety measures on the virtualization layer, producers can decrease the danger of unauthorized entry or malware propagation.
- Improved catastrophe restoration: Virtualization permits for environment friendly backup, replication, and restoration of digital machines, making catastrophe restoration planning and execution extra streamlined. It permits producers to get better from system failures or disasters, decreasing downtime and minimizing any influence extra rapidly on manufacturing.
- Higher sustainability: Consolidation of compute and storage assets right into a set of central companies helps cut back the entire power necessities. As well as, simpler entry to extra processing information might help improve efficiencies, cut back waste, and decrease power consumption.
- Testing and improvement: Virtualization supplies a super setting for testing and improvement actions. Producers can create digital replicas of their manufacturing programs for testing new software program, configurations, or system updates, making certain they don’t influence the precise manufacturing setting.
In abstract, as Dr. Henning Loeser from Audi (see interview hyperlink under) states, producers can transfer from a mannequin the place they purchase a brand new “field” to get extra options within the plant to 1 the place they purchase new software program to get extra options.
Determine 1. From direct wired to virtualized management programs powered by CODESYS
What are the networking necessities for IACS virtualization?
IACS virtualization requires particular networking necessities to make sure the dependable and safe operation of virtualized programs. Some key networking issues for IACS virtualization embrace:
- Help for tunneling Layer 2 protocols: Virtualization of IACS strikes PLCs with direct or a easy Layer 2 connection to managed tools, to a knowledge middle, which necessitates traversal via routers, requiring Layer 3 communication. Nevertheless, since a number of well-liked management protocols function at Layer 2, these protocols should be tunneled as payload in Layer 3 packets to keep away from massive, cumbersome, and fragile VLAN deployments.
- Enhancements in redundancy: A resilient community helps protect manufacturing continuity by sustaining excessive availability, eliminating packet loss, and making certain steady communications even throughout failure of particular person parts.
- Excessive bandwidth: The community tools and infrastructure should be able to supporting the next bandwidth and corresponding throughput to deal with the quantity of site visitors that may be anticipated to extend as soon as virtualization locations extra packets on the community.
- Determinism: QoS mechanisms needs to be carried out to prioritize and make sure that essential management system site visitors is given larger precedence over non-critical site visitors. This helps forestall delays or interruptions in real-time management communications in a deterministic method and supply constant networking expertise for the IACS purposes.
- Visibility, safety, and entry: The manufacturing community ought to assist robust in-depth safety measures to guard the virtualized IACS setting. This could embrace built-in safety sensors designed to observe and analyze IACS site visitors, robust entry controls, and efficient segmentation to take care of zones of belief and decrease malware propagation. Community safety needs to be thought of at each the virtualization layer and the bodily community layer. Furthermore, the community ought to present zero-trust community entry (ZTNA) for workers and different personnel to securely log into manufacturing belongings for normal monitoring and upkeep.
- Scalability and adaptability: The community infrastructure needs to be scalable to accommodate the rising calls for on virtualized programs. This contains contemplating components comparable to community capability, scalability of switches and routers, and the flexibility so as to add, take away, and reconfigure digital machines as wanted.
- Community monitoring: Steady monitoring of the community infrastructure is essential to detect and reply to any anomalies or safety incidents promptly. Community monitoring instruments and strategies might help determine efficiency points, community bottlenecks, or potential safety breaches.
Cisco and CODESYS collectively allow IACS virtualization
Cisco industrial networking incorporates superior improvements that may assist virtualize IACS belongings. Cisco merchandise and options in networking, administration, computing, and safety present the premise of this virtualization.
Determine 2: Architectural schematic for management programs virtualization
Catalyst Industrial Ethernet switches present high-capacity packet switching and lossless resiliency required for uninterrupted connectivity of IACS tools. Coupled with their assist for industrial protocols, resiliency options, edge-compute capabilities, safety sensing and making use of or imposing segmentation via entry management, make them the economic switches of selection.
Cisco Catalyst Heart, the community administration platform, directs all features of the community from onboarding units, configurations, efficiency monitoring, proactive troubleshooting, entry insurance policies, and so on., and ensures that the community is at all times prepared.
Cisco Identification Companies Engine (ISE) is a complete safety coverage administration platform that’s used to make sure safe community entry and implement safety insurance policies. It permits organizations the management over who can entry their community and what assets they will entry.
Cisco Cyber Imaginative and prescient operating inside Cisco industrial networking tools supplies visibility to determine related belongings, community site visitors, and safety vulnerabilities. Utilizing this stage of visibility, you may outline zones and conduits as per ISA/IEC 62443 and use ISE, Catalyst Heart, and Cisco industrial switches to implement segmentation.
Cisco Unified Computing System (UCS) brings collectively compute, networking, and storage in a single system to energy your purposes, together with virtualization. As in comparison with conventional servers which might be monolithic, complicated to deploy, and much more complicated to adapt to workload calls for, UCS is a unified system on which you’ll provision and stability assets to fulfill virtualization workloads simply.
The CODESYS Improvement System is an built-in improvement system (IDE) in accordance with IEC 61131-3 for programming the management logic and comprises varied textual and graphical editors. Further features may be configured within the CODESYS Improvement System, e.g., person interfaces/HMI screens, fieldbus and I/O configuration, safety-relevant logic features, information alternate with varied different individuals within the community, in addition to coordinated movement management programs or robotic kinematics.
Time to get began is now
Admittedly, virtualization of IACS is just not mainstream, and it might not be in your radar fairly but. However with all the advantages it may provide, it’s simple to see how it is going to be a gamechanger quickly. In truth, Audi, the German producer of technologically superior luxurious vehicles has embraced virtualization and is reworking its manufacturing strains. Watch Dr. Henning Löser, head of Manufacturing Labs, Audi, explains why Audi turned to Cisco industrial IoT options to create its next-generation good factories. It’s not too early to start out laying the networking basis for the way forward for manufacturing.
In case you are visiting SPS IPC Drives 2023, that runs from November 14-16 in Nuremberg, Germany, don’t miss the joint Cisco and CODESYS demonstration of digital controllers in manufacturing environments within the CODESYS sales space (#677 in corridor 7).
For extra info on this or every other subject associated to manufacturing automation, please schedule a free, no-obligation, dialog with one in every of our specialists.
Share: