Upload
digital-bond
View
327
Download
5
Embed Size (px)
DESCRIPTION
This session will cover the pro's and con's of virtualization as well as lessons learned from real world virtualization of DCS environments. Chris has deployed virtualization in ICS with and without ICS vendor cooperation.
Citation preview
1
Industrial Control System Virtualization
Chris HughesIACS Infrastructure
ArchitectFreeport-McMoRan Copper & Gold
www.fcx.com
S4x14January 14th, 2014
Increased redundancy
Decreased recovery time following a failure
Hardware refresh is simpler
System upgrades / rollbacks are easier
OS / system patching are simpler – allows for a “golden image” that can be easily patched
Deployment of additional servers/services is quicker
2
ICS Virtualization Benefits
Virtualization for Industrial Control Systems
Can the same benefits that traditional IT receives be realized?
The simple answer? It Depends…
3
ICS Virtualization
When dealing with ICS and virtualization, there are a few questions that need to be asked:
Will the vendor support it?
Are we ready culturally?
Is it technically feasible?
Is it economically feasible?
4
ICS Virtualization
Challenges for Adoption:
◦ Vendor Support Proprietary hardware? Legacy technology constraints?
◦ Cultural – IT / Control System Staff / Plant Management Virtualization not often fully understood Can be seen as “all eggs in one basket” Training – sufficient skills exist? Support – ICS Staff, MIS or a combination? Fear of the unknown or IT takeover…
5
ICS Virtualization
Challenges for Adoption:
◦ Technical Feasibility Some vendors still use proprietary hardware
Can be internal server cards or external communication/support devices: Fieldbus cards (Modbus, MB+, Profibus, etc.) Ethernet devices Other devices/restrictions?
◦ Economic Feasibility Initial deployment costs can be high Hidden costs?
Training Network infrastructure
Costs typically overridden by advantages gained
6
ICS Virtualization
Assuming we’ve made it past the first 4 questions, what does ICS virtualization look
like?
7
ICS Virtualization
Design Considerations
◦ Virtual Infrastructure Recommend clusters with common storage pool Recommend 2 clusters in separate locations Eliminates “all eggs in one basket”
◦ Plant LAN / Process Control Network Redundancy is the primary consideration – work to eliminate
daisy-chaining and other topology issues Existing networks may be restricted to 100Mb/s or less -
virtualization requires at least 1Gb/s – preferable 10Gb/s to avoid storage or other bottlenecks
Often times, plant network upgrades and virtualization go hand-in-hand
8
ICS Virtualization
ICS Virtualization – An Approach:
◦ Select an IT industry standard platform, ex. Cisco/NetApp Flexpod using VMware
◦ Develop virtualization standards specific to ICS Hardware Software Testing/Deployment strategy Administration Maintenance / Life-cycle Management
9
ICS Virtualization
10
ICS VirtualizationExample Deployment Scenario:
The deployment scenario:
◦ Provides for full redundancy, above and beyond clustering within each individual environment
◦ Allows ICS redundancy to be split: Between plant and secondary location if
desired/needed Primary servers in plant and secondary servers in 2nd
location
◦ Highly Scalable - Allows for easy expansion
11
ICS Virtualization
Implementation Challenges/Caveats:
◦ Deployment: If possible – stand up virtual infrastructure in parallel
to existing system – allow sufficient time and testing prior to cutover
Ensure redundancy is fully tested/verified – within virtual infrastructure and network
Look for ICS specific catches:
12
ICS Virtualization
13
ICS Virtualization
Host 1
Host 2
Host 3
Host 4
PRIBU
VMware DRS ClusterExample ICS Caveat
• Single Cluster
• Primary & Backup HMI Servers On Same Host
• Host Failure
• Both Servers Down
• Operations Blinded
14
ICS Virtualization
Host 1
Host 2
Host 3
Host 4
PRI
BU
VMware DRS Cluster
“Primary” DRS Group
“Backup” DRS Group
• Single Cluster
• Cluster Divided into Groups
• Host Failure
• Backup HMI Server Still Available
• Primary HMI Server Moves To New Host
• Operations Is OK
◦ Cutover:
Proper planning is the key! A staged approach is best…
Be prepared as any issues, related or not, will be pinned to the virtual infrastructure…
15
ICS Virtualization
Questions?
16