SCADA virtualisation – delivering real benefits?
14 November 2011
Virtualisation for SCADA systems brings many benefits such as time and cost savings, greater levels of security and operational efficiency advantages. Tony Chapman from Siemens Industry Automation highlights some of the key areas where SCADA virtualisation can add real value.
As automation solutions become increasingly complex, it follows that the effort required to maintain both hardware and software will also increase. PCs must be provided with suitable specification and operating systems to support the applications. Whilein operation, these systems must be constantly reviewed and updated normally through the application of security patches, updates and service packs. This will apply to every installed system and application program during the lifetime of the system.
To reduce the amount of ongoing administration and maintenance effort associated with update issues, the automation world is turning increasingly to virtualisation and the opportunity it provides to decouple applications from hardware.
This creates the ability to centrally manage the application and simplify back up and restoration of the system environment. Client environments can be installed just once and distributed among one or two virtualisation servers using virtual sessions (instances). It is also easier to implement IT security solutions on central virtualisation servers than via numerous client stations. Virtualisation also eliminates the restriction of target devices to a particular hardware, allowing more complex applications to run on simple, low-cost, and robust thin clients.
A new service pack for Siemens’ Simatic WinCC Version 7 SCADA system promises owners of automation solutions, the means to reduce hardware, administration, and maintenance costs. One of the innovations of the system is the virtualisation option for both WinCC clients and WinCC servers on various hardware platforms. Through this option, owners of medium and large automation solutions, as well as smaller multiple station and single station systems can reduce hardware, administration, and maintenance costs.
The virtualisation is based on VMware ESX(i) 4.1 - one of VMware's globally-established hypervisor applications for virtualisation. It is installed on central (and ideally redundant) virtualisation servers with adequate performance in order to ensure appropriate background allocation of available system resources (CPUs, work memory, storage media, communication, etc.) among the virtual client and server applications.
This type of virtual server can accommodate up to 25 virtual client sessions of different types without these sessions affecting each other – all on a single hardware platform. Access to these virtual client sessions is via Ethernet using a standard Remote Desktop Protocol (RDP) session. This means that there is no longer a need for powerful client side hardware, which opens the door for the use of simple, compact, and low-cost thin clients, such as robust PDAs or panels without rotating parts, e.g., with Solid State Disk (SSD), for operator control and monitoring in the field.
As a result, it is much easier to choose a client and to use clients in harsh industrial environments, including hazardous areas. If a failure occurs, it is possible to use a thin client with higher or lower screen resolution without making any additional settings, which minimises downtimes.
Consolidation reduces costs
The ability to operate several WinCC servers and/or client sessions on a central platform (also away from the field level) reduces PC hardware and network components, as well as acquisition costs and ongoing operating costs for power/maintenance/spare part considerations. The number of client sessions is limited only by the performance capability of the virtualisation server and not by the SCADA system.
One advantage of virtualisation is that the operating system and automation application no longer has to be individually installed and maintained on every client. Virtualisation reduces this to a one-time installation or a central updating of the VMware and of a small number of different client sessions on the server. The latter can be easily replicated so that the benefits increase with the number of clients. Backups and systems restores are made centrally and in a short time. In addition, it is possible to migrate existing, completely configured systems to a new hardware platform without a time-consuming installation process.
Protection from malicious software
Every inadequately protected operator control station having a USB port, floppy disk drive, or hard disk drive is potentially vulnerable to a certain degree to malicious software and requires more effort in this regard than a virtual system solution. This is because the lack of interfaces in simple thin clients makes them generally less vulnerable to malware than "fully-fledged" PCs. Providing security at a central location requires less effort, quite apart from the fact that the operating systems of professional server solutions, which frequently are not Windows-based, are generally at a lower risk.
Certain hardware and software errors can cause the PC system itself to fail, thus rendering operator control clients inoperable. This calls for a replacement, which is not always possible without interrupting the active process. In virtualised solutions, it is possible to achieve high levels of availability – even when system components require replacement – through the use of RAID systems. Software can be updated during operation, clients can be added to or removed from the system, and the switchover from one client to the other can take place within a few seconds. In addition, a configurable alarm management function is available which notifies the operator in the event of system errors or when critical system loads are reached. All of this contributes to high availability and productivity.
Contact Details and Archive...
Most Viewed Articles...