Virtualisation for SCADA systems brings many benefits such as time and cost savings, greater levels of security and operational efficiency advantages. A new service pack for Siemens’ WinCC Version 7 SCADA system provides owners of automation solutions, the means to reduce hardware, administration, and maintenance costs. Tony Chapman from Siemens Industry Automation highlights some of the key areas where SCADA virtualisation can add real value.
As automation solutions become increasingly complex, it follows that the effort required to maintain both hardware and software will also increase. PCs must be provided with suitable specification and Operating Systems to support the applications. Whilst in operation, these systems must be constantly reviewed and updated normally through the application of security patches, updates, service packs and so forth. This will apply to every installed system and application program during the lifetime of the system.
To reduce the amount of ongoing administration and maintenance effort associated with update issues, the automation world is turning increasingly to virtualisation and the opportunity it provides to decouple applications from hardware.
This creates the ability to centrally manage the application and simplify back up and restoration of the system environment. Client environments can be installed just once and distributed among one or two virtualisation servers using virtual sessions (instances). It is also much easier to implement IT security solutions on central virtualisation servers than via numerous client stations. Last but not least, virtualisation eliminates the restriction of target devices to a particular hardware, allowing even more complex applications to run on simple, low-cost, and robust thin clients.
Clients and servers virtualised
One of the innovations of Service Pack 2 of the Simatic WinCC Version 7 SCADA system is the virtualisation option for both WinCC clients and WinCC servers on various hardware platforms. Through this option, owners of medium and large automation solutions, as well as smaller multiple station and single station systems have the ability to reduce hardware, administration, and maintenance costs.
The virtualisation is based on VMware ESX(i) 4.1 – one of VMware’s globally-established hypervisor applications for virtualisation. It is installed on central (and ideally redundant) virtualisation servers with adequate performance in order to ensure appropriate background allocation of available system resources (CPUs, work memory, storage media, communication, etc.) among the virtual client and server applications.
Key here is the fact that this type of virtual server can accommodate up to 25 virtual client sessions of different types without these sessions affecting each other – all on a single hardware platform. Access to these virtual client sessions is via Ethernet using a standard Remote Desktop Protocol (RDP) session. This means that there is no longer a need for powerful client side hardware, which opens the door for the use of simple, compact, and low-cost thin clients, such as robust PDAs or panels without rotating parts, e.g., with Solid State Disk (SSD), for operator control and monitoring in the field.
As a result, it is much easier to choose a client and to use clients in harsh industrial environments, including hazardous areas. If a failure occurs, it is possible to use a thin client with higher or lower screen resolution without making any additional settings, which minimises downtimes.
Consolidation reduces costs
The ability to operate several WinCC servers and/or client sessions on a central platform (also away from the field level) reduces PC hardware and network components, as well as acquisition costs and ongoing operating costs for power/maintenance/spare part considerations. The number of client sessions is limited only by the performance capability of the virtualisation server and not by the SCADA system.
Administration and maintenance
An important advantage of virtualisation is that the operating system and automation application(s) no longer have to be individually installed and maintained on every client. Virtualisation reduces this to a one-time installation or a central updating of the VMware and of a small number of different client sessions on the server.
Simplified protection from malicious software
Every inadequately protected operator control station having a USB port, floppy disk drive, or hard disk drive is potentially vulnerable to a certain degree to malicious software and requires more effort in this regard than a virtual system solution. This is because the lack of interfaces in simple thin clients makes them generally less vulnerable to malware than ‘fully-fledged’ PCs. Providing security at a central location requires much less effort, quite apart from the fact that the operating systems of professional server solutions, which frequently are not Windows-based, are generally at a lower risk.
In virtualised solutions, it is possible to achieve high levels of availability – even when system components require replacement – through the use of RAID systems. Software can be updated during operation, clients can be added to or removed from the system, and the switchover from one client to the other can take place within a few seconds. In addition, a configurable alarm management function is available which notifies the operator in the event of system errors or when critical system loads are reached. All of this contributes to high availability and productivity.