Utility of Virtual Machines in the Industrial OT Environment

What is a Virtual Machine?

A virtual machine, commonly shortened to just VM, is like any other physical computer like a laptop, desktop, or server. While the parts that make up your computer (called hardware) are physical and tangible, VMs are virtual computers or "software-defined" computers running on physical servers but existing only as code.

VMs?run an operating system?that behaves like a completely?separate computer?inside an app window on?a?desktop.?VMs?may be?deployed?to accommodate?different?levels of?processing power?needs, to run?software?that?requires a different operating system.

Guest vs Host Operating System

One or more?virtual?“guest”?machines?can run on?a?physical?“host”?machine.??Each virtual machine runs its?own operating system?and?functions separately?from?the?other VMs,?even?when?they are all?running?on?the same?host.?This means that, for example,?a virtual MacOS virtual machine can run on a physical PC or otherwise.?

Commonly Used Platforms

Some of the most commonly used virtualization platforms are:

1. VMware (https://www.vmware.com/asean.html)
2. Virtual Box (Open Source) (https://www.virtualbox.org/)
3. Hyper-V
4. Microsoft Free Account Virtual Machine

While in certain cases it is possible to convert a virtual machine developed for one platform to the other, it is not possible to run a VM developed for one platform directly on the other.

Virtual Machines in OT Environment

While virtual machines in the IT domain have been around for quite a while now and are widely being used as a standard implementation in data centers across the world, in the OT domain it still is a relatively newer concept.

As OT systems have started getting the latest hardware capable of virtualization, VMs are gradually gaining more popularity in the OT space. We will be discussing the benefits virtualization has to offer in the OT space one by one below. These benefits are based on my personal experience and research.

1. Control System Migration

When you are migrating your control system from one vendor to the other, let's say for the purpose of this example from control system A to B, system A would have its own vendor specific engineering software and tools different from system B. The control logic and configuration exports from system A can not be directly imported into system B without manual restructuring and redevelopment because there is no cross-compatibility between the software of different vendors.

This manual redevelopment exercise is done by the engineering team of system B and is prone to human errors. Extensive manhours of the operator and vendor engineering team are consumed for clarifications on existing logic during engineering and factory acceptance test (FAT).

The major challenge is that the exported logic (usually in PDF format) has it's limitations. For example, you may be able to visualize the functional logic diagram (FLD), but if a block was clickable and showed further configuration of the block, that functionality is no longer there in the PDF and the vendor may ask you for additional data requiring you to access the engineering workstation multiple times. This becomes challenging during migration of control systems with thousands of IOs and multiple controllers. Working directly on the online engineering station and browsing multiple control logics repeatedly is also risky as it may increase the chance of changing some critical configuration unintentionally on the running system.

Using virtualization, you may create a virtual image of the engineering workstation of system A and run it for browsing logic and configuration offline (not connected to the online plant system anymore). You may also give limited remote access to vendor for system B for browsing during migration or you may use screen sharing over a conference call for discussion. This greatly reduces your time spent in engineering activities and reduces chances of error.

2. Flexibility in Engineering (All-in-One but segregated)

Maintaining a site installed with multiple brands of control systems is not only a challenge from a training perspective but also with respect to maintenance of a separate engineering laptop for all these systems. These engineering laptops are used to connect to the control system for troubleshooting or making modifications in these systems.

As the engineering software suite for different vendor control systems is different, it is not recommended to installed all of them on the same laptop. Secondly, since you need to connect your laptop to the host control system using either a USB or the legacy COM port, the engineering software of one vendor may interfere with the other engineering software in accessing the port.

Thirdly, when you carry a laptop to the field environment there is always a risk of damage. If the laptop hardware crashes, recovering the engineering software will be a new project for the engineer altogether. Most of these software need to be activated with a license which requires vendor support in office hours.

Installing the engineering software for different control systems inside separate virtual machines gives you the required flexibility to ensures availability of these software in times of need.

3. Running Legacy HMIs

Many HMIs in the OT space are still running on obsolete PC hardware from more than 10 to 15 years ago. The operating system installed on these HMIs is also obsolete in many cases. In such cases, if an HMI crashes and spare PC hardware (old and similar model) is not readily available, the recovery becomes challenging.

The control engineer may try to recover its healthy image onto a newer model PC, however this may not work all the time. The only option left in such cases is to make a virtual machine image of the failed HMI and run it as a Guest operating system on a modern Host PC and OS. Virtual machines can give you extended life for such HMIs until you plan to replace the obsolete control system altogether.

Running the vendor HMI software as a virtual machine may have some limitation e.g. issues with mouse click or certain keyboard operations. It is important to first check and ensure that all HMI features are functioning correctly before taking it into operation.

4. Sandbox Environment

Familiarizing and experimenting with the engineering software is often an essential part of training for a controls engineer. Virtual machines provide an excellent sandbox like environment where the engineer can experiment and train himself directly on the virtual copy of the actual engineering software or use it for reference in discussions related with control strategy without any risk of causing process upset or unintended change in master configuration of the plant.

Virtual machines also give you the flexibility to go back to the initial state and create multiple copies for restoration if required at any time.

5. Reduction in Physical Servers

Virtualization is also being offered as a solution by vendors who by design have an extensive number of physical server machines in their control system design. Honeywell Experion as an example, uses multiple servers for their engineering database, domain management, historian and third party access. The more the number of servers, the more is the probability of failure and repeated maintenance. Virtualization in these cases reduces the number of physical machines and also gives you the flexibility for easy restoration and expansion.

Honeywell Virtualization Solution: https://process.honeywell.com/us/en/solutions/experion-pks/virtualization

If you like the contents of this article and would like to contribute further, please share in the comments.

Disclaimer: The content of this article is solely based on the knowledge, opinion and experience of the author based on his personal research and experimentation and in no way is associated with any organization including his own employer.