Virtualizing legacy control systems for an efficient, scalable, low-cost IIoT
The irony of the Industrial Internet of Things (IIoT) is that it requires architectures that enable quick, in some cases real-time iteration and change from markets that often rely on industrial control systems (ICSs) that aren’t modified, upgraded, or replaced for years; in some cases, decades.
There are several factors that contribute to the long lifecycles of ICSs, among them the high availability, reliability, and redundancy requirements for safety- and mission-critical systems; an “if it ain’t broke, don’t fix it” mentality; and vendor lock-in. Concerning lock-in, industries such as telecom and networking have been using commercial off-the-shelf (COTS) hardware and software technology for years to mitigate its effects. While datacenter systems are typically not governed by strict constraints around jitter, determinism, and latency that could result in injury or death as in the industrial sector, innovation and cost reductions in that sector are comparatively stratospheric, with software-defined networking (SDN) and network functions virtualization (NFV) being prime examples.
However, advances in virtualization technology are now emerging that provide a migration path from brownfield ICSs that rely largely on legacyor models to intelligent IIoT system constructs. Jim Douglas, President of , explains.
“When you look at a factory floor you get systems strung together with serial cables that have been there for 30 years, so it’s really hard to get on that innovation train,” Douglas says. “Whether it be a refinery or a batch manufacturing plant, as you look to retrofit or completely overhaul your domain, how do you change that paradigm? How do you get on a path that allows you to constantly refresh without adding risk?
“If you look at topologies in a setting like that, you’ve got actuation at the bottom; you’ve got programmable controllers on top of that; and then you’ve got the control plane and applications,” he continues. “There’s a big opportunity at those top two layers to take what has been very dedicated, custom, proprietary hardware and move a lot of it into software. It doesn’t all become software because you still need hardware platforms, but you can move into a more open COTS environment and start to virtualize a lot of that load. Those layers then provide an avenue to constantly innovate and update. A lot of that innovation will obviously be at the application layer, but now you’ve got a platform that’s dynamic and allows those applications to constantly evolve.”
IIoT virtualization: Decoupling the control plane and applications from hardware through software
With the advent of multicore virtualization over the past several years, hypervisors are now routinely used in industrial systems to separate real-time functions from a general-purpose operating system (GPOS) that runs non-deterministic applications. Although real-time operating systems (RTOSs) and functions often run strictly in virtual machines (VMs) on the target hardware platform when deployed, such designs allow GPOSs to run off-device to save resources and enable virtualized applications to issue commands to the control layer of a connected system as any other real-time input would. One such connected, “outcome-optimized” controller is GE’scontroller, announced as part of the company’s Industrial last year (Figure 1).
[Figure 1 | GE’s PACSystem Rx3i CPE400 is part of the company’s Industrial Internet Control System (IICS) and utilizes virtualization to offload and isolate general-purpose applications from resources executing real-time control tasks.]
“Virtualization is already playing a very big role in the Rx3i CPE400 architecture,” says Vibhoosh Gupta, leader of the. “For example, we used a hypervisor on the platform – which is essentially real-time virtualization – in order to run an RTOS like and a GPOS such as Linux on the same multicore processor. Two cores are dedicated to running real-time deterministic control and the remaining two cores are dedicated to a standard Linux distribution.
“When you talk about connectivity or industrial apps that provide commands to the real-time side to make it more optimized, you don’t want to consume precious real-time resources. You want to do that in a very secure fashion on the same box with a standard interface between the real-time and non-real-time sides, such as the Open Platform Communications Unified Architecture (OPC-UA),” Gupta continues. “What’s interesting about this approach is, because it’s virtualized, whether you’re running that Linux distribution side-by side on a controller or on an industrial PC (IPC), from a technical point of view there is no difference. But what it allows you to do, in the case of a legacy control system that is already deployed, is put the entire Linux distribution with an app execution engine on an IPC next to the installed machine and get the same benefits. If you want to take your installed base and connect it to the Internet or run edge applications right next to the asset, we have a standalone Field Agent technology for brownfield cases (Figure 2). Because of this virtualization, we’re able to solve both cases.”
[Figure 2 | As part of GE’s Industrial Internet Control System (IICS), Field Agent technology provides a rugged, pre-configured solution for secure data collection, conveyance, and cloud-enabled analytics.]
Gupta mentions that while the company invested heavily in ensuring that virtualized real-time functions still provide the determinism required to run the control application, virtualized GPOS applications are now also integrating real-time market data from enterprise systems that advise the control layer. Two such examples are the use of weather forecasts in a waste water treatment plant that can be used to open or close flood gates in anticipation of upcoming weather events, as well as the synchronization and optimization of connected turbines in a wind farm to increase efficiency. In short, the input provided could originate from any other device, cloud, or process previously inaccessible to a disconnected controller.
But cloud-like virtualization concepts have also begun to take hold on IIoT plant floors as industrial stakeholders realize the benefits of decoupling hardware from software, evident in the uptake of Wind River’splatform.
Titanium Control is an on-premise cloud infrastructure suite based on open source software such as OpenStack and the Linux Kernel-based Virtual Machine (KVM), as well as other standard building blocks and components that are tuned for real-time and low-latency performance on the order of 10 µs or less (Figure 3). These power a high-performance software switch that allows virtualized applications, control functions, workloads, data, and eventually entire ICSs to be transported from server to server based on resource requirements, availability, or utilization – all on top of generic compute hardware with determinism afforded via real-time service buses such as Time-Sensitive Networking (TSN) or other Ethernet variants.
[Figure 3 | Wind River Titanium Control is based on open source virtualization technologies from the IT industry that have been enhanced with real-time extensions to lower cost and increase scalability in IIoT systems.]
Today, Titanium Control is being leveraged in industrial segments alongside physical control devices to provide layers of redundancy as a virtual failover instead of additional hardware. Thanks to its performance, it has also been used in plant-wide simulation where its capacity to spin up virtualized “digital twins” enables near-real-time modeling.
Outside of the platform’s inherent advantages in terms of overall cost reduction, future proofing on generic hardware, reduced installation complexity, software scalability, and flexibility over traditional implementations, Gareth Noyes, Chief Strategy Officer at Wind River believes that such cloud-like virtualization can also afford longer term benefits during the IIoT transformation.
“What can we achieve if we enable this real-time virtual-ization control system?” Noyes asks. “One is you can start extending control loops beyond physical devices. Today you typically have a controller that may reside on a robot or a motor, but when that control function is virtualized you can run many of them in a single server and start consolidating your control infrastructure on the factory floor. So you could envisage having a cabinet on your factory floor based on TSN or standard Ethernet where all your control systems reside.
“Once you start aggregating control loops on a single virtual platform you can extract contextual data from multiple control loops and start optimizing your overall system processes versus individual control loops,” Noyes continues. “You’re going to want to expose data from those multiple control loops and as many use cases as possible into a large artificial intelligence (AI) learning loop, which will likely be cloud-based or on the factory floor. This is the concept of having two different loops: one doing edge control and your inference model, and the top one doing your training or learning loop.
“Today you can look at a piece of equipment and physically see the controller that’s performing the control task. In the future that will be abstracted away in a virtual control system, so having very good tools that give you visibility into system performance or insights into failures or system usage is very important,” he adds.
Outcome-based platforms from edge to cloud
A final key to virtualizing ICSs and other IIoT infrastructure is the insight it affords at various layers of the information technology (IT) and operational technology (OT) convergence. For industrial organizations, for instance, not only can this be advantageous in allowing them to deploy infrastructure and resources where it best suits their goals, it also provides the opportunity to visualize and act upon analytics where, when, and how they will be most impactful.
On this subject, Gupta recognizes that “only one percent of data being collected is actually being used to deliver any outcomes today,” meaning “data collection is not the problem.”
“The connected controller is just one piece of the equation,” Gupta says. “The second piece, and the most differentiating piece of the equation, is to create a platform where the producer of intellectual property (IP) can actually share value with industrial customers around the world in a much more seamless way.”
This is the concept of an industrial “app marketplace” that GE has promoted in the industrial space through its. Now, the aforementioned IICS represents the company’s vision of such a platform for the IIoT edge that leverages insights from the Predix analytics suite but also provides on-site data aggregation, storage, analysis, visualization, and control for industrial systems and applications.
A software development kit (SDK) that allows GE customers, original equipment manufacturers (OEMs), and partners to create their own applications for use with the IICS or Predix is currently under development, and scheduled to complete by the end of this year.
“We are working to make sure that we have an app store customers can use to create, house, and deliver those applications to thousands of edge device controllers in the field,” Gupta concludes.