Virtualization Coming Soon to a Controller Near You

Nov. 10, 2014
Partitioning, Para-Virtualization Allow Implementation of Mixed Criticality Systems

Just as virtualization technology transformed the IT landscape and crept into the supervisory and execution layers of many a manufacturing facility, it's now poised to invade real-time controls, too. "The technology is inevitable, and it's coming sooner than you think," said Rich Carpenter, chief technology strategist for GE Intelligent Platforms, (www.ge-ip.com) in his presentation "Virtualization of Control in the Era of Software-Designed Machines" at the company's late-October User Summit in Orlando, Florida.

In making his case that the time for embedded virtualization has arrived, Carpenter pointed to other examples of systems that already mix critical and noncritical functionality. "Today's cars will brake for you and park for you, yet play your favorite music too," Carpenter noted. As in the automation industry, "this integration of critical and noncritical systems is driven by the desire to deliver new services and functionality."

The move to embedded virtualization comes even as platform providers shift to increasingly powerful multi-core, multi-threaded systems. Indeed, multi-core systems are tailor-made for performing multiple simultaneous tasks; what makes them appropriate for industrial control is the ability to provide strong partitioning between critical and noncritical applications, according to Carpenter.

"For control system virtualization, you need to preserve the integrity of highly integrated architectures, yet allow noncritical functions to co-exist," explained Carpenter. “The cost of entry is strong isolation of these applications." This means that real-time controls and other functionality need to be partitioned in spatial, temporal and fault dimensions. In short, this means physically separated computing resources to ensure that timing constraints are met, and preventing faults in noncritical applications from intruding upon the operation of critical ones.

Effective isolation, in turn, entails the use of "type 1" hypervisors that give critical applications direct, "bare metal" access to dedicated computing, memory and I/O resources, while simultaneously providing a more traditional virtualization layer beneath the noncritical applications. A hypervisor is the virtualization layer that effectively abstracts guest applications and operating systems from hardware implementation details.

A type 1 hypervisor setup also is referred to as para-virtualization. "With full virtualization using a type 2 hypervisor, none of the guest applications even know that they are hosted," Carpenter explained, "whereas with para-virtualization, the real-time operating system (RTOS) is modified to take advantage of direct hardware access through the hypervisor. Para-virtualization fits with mixed criticality systems."

To take full advantage of the potential benefits of virtualization at the control layer, available configuration and management tools have some catching up to do, Carpenter said. Ideally, an integrated design environment would allow one to manage the hypervisor, operating systems and virtual machines, as well as the partitioning of physical resources. The tools also need to be able to validate nonfunctional requirements such as time, safety and security, provide support for legacy applications, and support deployed systems once they're out in the field. "The goal is to move from design to certification to design for certification, to use pre-qualified components in a way that doesn't affect system behavior," Carpenter said.

Carpenter admitted that virtualization of control is initially a bit much to wrap one’s head around, but once you do, "the sky's the limit. A lot of things are possible with this kind of system." Carpenter went on to describe an industrial Internet Edge Node, a single box that would include traditional PLC functionality—with partitioned RTOS, controller virtual machine and Profinet/OPC UA control network interface—together with fully virtualized applications and associated operating systems for cloud access and HMI. An advanced process control application also could be implemented alongside the other applications. "Virtualization has proven economic benefits," Carpenter said. "We're seeing this as a natural progression of control."