Languages
Pages
Legal
1
Industrial Control System Virtualization
Chris HughesIACS Infrastructure
ArchitectFreeport-McMoRan Copper & Gold
www.fcx.com
S4x14January 14th, 2014
Increased redundancy
Decreased recovery time following a failure
Hardware refresh is simpler
System upgrades / rollbacks are easier
OS / system patching are simpler – allows for a “golden image” that can be easily patched
Deployment of additional servers/services is quicker
2
ICS Virtualization Benefits
Virtualization for Industrial Control Systems
Can the same benefits that traditional IT receives be realized?
The simple answer? It Depends…
3
ICS Virtualization
When dealing with ICS and virtualization, there are a few questions that need to be asked:
Will the vendor support it?
Are we ready culturally?
Is it technically feasible?
Is it economically feasible?
4
ICS Virtualization
Challenges for Adoption:
◦ Vendor Support Proprietary hardware? Legacy technology constraints?
◦ Cultural – IT / Control System Staff / Plant Management Virtualization not often fully understood Can be seen as “all eggs in one basket” Training – sufficient skills exist? Support – ICS Staff, MIS or a combination? Fear of the unknown or IT takeover…
5
ICS Virtualization
Challenges for Adoption:
◦ Technical Feasibility Some vendors still use proprietary hardware
Can be internal server cards or external communication/support devices: Fieldbus cards (Modbus, MB+, Profibus, etc.) Ethernet devices Other devices/restrictions?
◦ Economic Feasibility Initial deployment costs can be high Hidden costs?
Training Network infrastructure
Costs typically overridden by advantages gained
6
ICS Virtualization
Assuming we’ve made it past the first 4 questions, what does ICS virtualization look
like?
7
ICS Virtualization
Design Considerations
◦ Virtual Infrastructure Recommend clusters with common storage pool Recommend 2 clusters in separate locations Eliminates “all eggs in one basket”
◦ Plant LAN / Process Control Network Redundancy is the primary consideration – work to eliminate
daisy-chaining and other topology issues Existing networks may be restricted to 100Mb/s or less -
virtualization requires at least 1Gb/s – preferable 10Gb/s to avoid storage or other bottlenecks
Often times, plant network upgrades and virtualization go hand-in-hand
8
ICS Virtualization
ICS Virtualization – An Approach:
◦ Select an IT industry standard platform, ex. Cisco/NetApp Flexpod using VMware
◦ Develop virtualization standards specific to ICS Hardware Software Testing/Deployment strategy Administration Maintenance / Life-cycle Management
9
ICS Virtualization
10
ICS VirtualizationExample Deployment Scenario:
The deployment scenario:
◦ Provides for full redundancy, above and beyond clustering within each individual environment
◦ Allows ICS redundancy to be split: Between plant and secondary location if
desired/needed Primary servers in plant and secondary servers in 2nd
location
◦ Highly Scalable - Allows for easy expansion
11
ICS Virtualization
Implementation Challenges/Caveats:
◦ Deployment: If possible – stand up virtual infrastructure in parallel
to existing system – allow sufficient time and testing prior to cutover
Ensure redundancy is fully tested/verified – within virtual infrastructure and network
Look for ICS specific catches:
12
ICS Virtualization
13
ICS Virtualization
Host 1
Host 2
Host 3
Host 4
PRIBU
VMware DRS ClusterExample ICS Caveat
• Single Cluster
• Primary & Backup HMI Servers On Same Host
• Host Failure
• Both Servers Down
• Operations Blinded
14
ICS Virtualization
Host 1
Host 2
Host 3
Host 4
PRI
BU
VMware DRS Cluster
“Primary” DRS Group
“Backup” DRS Group
• Single Cluster
• Cluster Divided into Groups
• Host Failure
• Backup HMI Server Still Available
• Primary HMI Server Moves To New Host
• Operations Is OK
◦ Cutover:
Proper planning is the key! A staged approach is best…
Be prepared as any issues, related or not, will be pinned to the virtual infrastructure…
15
ICS Virtualization
Questions?
16
Top Related