open, secure industrial automation systems
TRANSCRIPT
© 2017 WIND RIVER. ALL RIGHTS RESERVED.
OPEN, SECURE INDUSTRIAL
AUTOMATION SYSTEMS
Glenn Seiler
VP Product Management and Strategy
Software Defined Infrastructure BU
2 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
TOPICS
▪ Deployment and operational challenges for critical infrastructure
▪ How virtualization addresses these challenges
▪ Introduction to Wind River Titanium Control platform
▪ Business-level benefits
▪ Summary
3 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
KEY CHALLENGES FOR CRITICAL INFRASTRUCTURE
▪ Industrial control systems installed since the 1980s present major
business challenges
– Increasing OPEX due to high maintenance and replacement costs plus a
dwindling pool of skilled technicians
– Limited flexibility resulting from sole-sourced solutions with proprietary
programming and operational models
– Outdated box-level security features with no provision for end-to-end threat
protection or dynamic updates
– Slow product lifecycles out of step with fast-moving IT and mobile
technologies
4 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
TITANIUM CONTROL ADDRESSES THE CHALLENGESReliability, Management, Performance, Scalability, Security, Open Standards
▪ Integrated software platform for
on-premise critical infrastructure
applications
▪ Addresses all the key challenges
for industrial-grade virtualization
and securityStandard Server(s)
Titanium
Control
Software
Control
Node(s)
Storage
Node(s)
Physical
Devices
Safety
SystemsDCS Analyzer
Wireless
GatewayPLCMonitoring
Industrial-Grade Networking
Compute Node(s)
Virtualized
Functions
(Level 1 - 3)
Virtual Machine
PLC
Virtual Machine
DCS
Virtual Machine
HIS
Virtual Machine
Other
5 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
Virtualized
Functions
(Level 1 - 3)
Titanium Control Software
Virtual Machine
PLC
Virtual Machine
DCS
Virtual Machine
HIS
Virtual Machine
Other
TITANIUM CONTROL ARCHITECTURE
Based on Industry-Standard Open Source Software
Real-Time Performance Enhancements to KVM Hypervisor
Secure, High-Reliability Accelerated Virtual Switch
Comprehensive Fault Management and VM Management
Industrial Grade Storage Cluster
Industrial Grade Networking
Full Support for Industry-Standard Guest Operating Systems
Standard Server(s)
Physical
Devices
Control Node(s)
Safety
SystemsDCS Analyzer
Wireless
GatewayPLCMonitoring
Industrial-Grade Networking
VM Management
Fault Management
Storage Node(s)
Industrial-Grade
Storage Cluster
Centralized or Local
Compute Node(s)
Industrial-Grade Hypervisor
Accelerated Virtual Switch
Hardened Linux
DPDK
6 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
KEY CLOUD PLATFORM ATTRIBUTES
➢ Performance and scalability• Accelerated vSwitch: 20Gb/s guest throughput
• 10µs interrupt-latency real-time virtualization
• Scales from 1-node to 100s of nodes
➢ Availability and Reliability
• Six nines (99.9999%) reliability at the platform level
• Automatic detection and automatic recovery
• Live migration of VMs with less than 150ms outage
➢ Security
• Secure chain of trust from physical HW to VMs
• Network-level AAA with secure identities
➢ Open
• Open standards and open APIs
• OPNFV testing and validation
Security
Performance and
Scalability
Open
Availability and
Reliability
7 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
Titanium Control: Reliability
▪ Titanium Control features:
– Six-nines (99.9999%) reliability at the platform level when running on two or more physical servers
– Automatic detection of failed controllers, hosts and VMs, with automatic recovery (60x faster than enterprise Linux)
– Live migration of VMs (including DPDK-based VMs) with less than 150ms outage time
– No unplanned downtime for software upgrades and patching, with full support for roll-backs
– Industrial-grade storage: volumes survive VM migrations, VM restarts, node failures etc.
▪ Fault tolerant to multiple software and hardware faults, with no single point of failure
▪ Six-nines (99.9999%) availability
▪ Minimal loss of service or data on failover
Industrial
Requirements
Detection of failed
VM in <500ms
Detection of failed
compute node in <1s
Recovery from control
node failure in <25s
Detection of network
link failure in <50ms
✓
8 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
▪ Support for remote platform monitoring, diagnostics and updates
▪ No unplanned downtime for hardware or software updates
▪ Integration with IT-based Level 4 / Level 5 management, orchestration and supervisory functions
Industrial
Requirements
TITANIUM CONTROL: MANAGEMENT
▪ Titanium Control features:
– Simple installation and commissioning with installation wizard and no requirement for separate installer node
– Remote monitoring with sophisticated system alarms, analytics, performance management and fault management
– Hitless software upgrades and patching: no unplanned downtime
– Intelligent orchestrated patching engine accelerates system-wide patching
– Comprehensive system visibility and alarms
– Standard APIs for integration with Level 4 and Level 5 IT systems
✓
9 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
TITANIUM CONTROL: PERFORMANCE AND SCALABILITY
▪ Titanium Control features:
– Seamlessly scalable from single-server on-premise deployments to hundreds of servers in data center
environments
– Deterministic interrupt latency of 3µs
– Accelerated virtual switching: up to 40x performance of kernel-based vSwitches
– Dynamic scaling of VMs up/down and in/out based for optimum resource utilization
– Full support for real-time operating systems (RTOSs) in guest VMs
✓
10 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
Network-level authentication,
authorization and accounting
(AAA) with secure identities
SECURITY FOR A INDUSTRIAL PLATFORM
Titanium Cloud
VM
vCPE
VM
vEPC
VM
Other
NFVi stack with 3-layer decoupling
- Hardware layer
- Virtualization Platform layer
- Application layer
Data encryption with full support
for third-party firewalls, anti-
malware and other security
functions
TLS Security & TPM Certificate
Storage (requires TPM 2.0
hardware device
Secure chain of trust from physical hardware extending into Virtual Machines (VMs)
Continuous Vulnerability
Monitoring and Patching
11 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
INDUSTRIAL GRADE SECURITY
▪ Integrity
– Critical process monitoring and recovery on Titanium Cloud nodes
– Resource monitoring on Titanium Cloud nodes
– Monitoring and recovery of Titanium Cloud node connectivity
– Titanium Cloud controller node program store authentication
– Tenant data stored on private closed network
▪ Confidentiality
– Secure keyring database for storage of encrypted passwords
– ACL filters for authenticity of connectivity to hosted VMs
– QOS for protection of connectivity to hosted VMs
– TLS Security & TPM Certificate Storage(requires TPM 2.0 hardware device)
▪ Access
– Network firewall on external OAM interface
– Role-based access control
– Secure password enforcement
– Password aging
– Restricted access to root account and root cmds
– Auto-logout of in-active user sessions
– External LDAP integration—keystone
▪ Host environment
– UEFI Secure Boot & Cryptographically Signed Images
– User and group permissions
– Chroot jail
– Virtual TPM for Secure Guests
– Process group isolation
✓
✓
✓
✓
12 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
TITANIUM CONTROL: OPEN STANDARDS
▪ Titanium Control features:
– Based on open source software with patches contributed back to the community by Wind River
– Linux, KVM, OpenStack, Ceph and DPDK
– Support for industry-standard guest operating systems including Linux, VxWorks, Windows, etc.
– Titanium Cloud Ecosystem validations ensure compatibility with third-party software products
– Enterprise-class and COTS servers from multiple suppliers also validated through the ecosystem
Open standards eliminate the risk of vendor lock-in while enabling innovative third-party software products
13 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
Wind River Active in Key NFV Open-Source Projects
Active in critical workgroups
▪ Contributing our HA APIs to HA
Workgroup
▪ Compliance & certification
workgroup
▪ OPNFV validation and testing
requirements (C&C, Dovetail)
Proven Vendor Interoperability at OPNFV
PlugFest
Leading contributor to Nova,
SR-IOV and other core
projects
▪ Wind River is ranked in top 10%
to the Nova Compute project
▪ Wind River is ranked 86th out of
318 contributors to OpenStack
Wind River is focused on
critical telecom-focused
enhancements to Nova
Active in maintenance of Yocto Linux project
▪ Linux-yocto kernel and tooling
▪ Meta-cgl, meta-cloud-services,
meta-openembedded, meta-
security, meta-selinux, meta-
virtualization, meta-zynq
Contributed real-time KVM to many related open-source
projects
Linux
14 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
▪ Reduce the cost and risk of replacing physical control devices
▪ Ensure end-to-end security for business operations and control
functions
▪ Reduce capital cost for new deployments and capacity
expansions
BUSINESS-LEVEL BENEFITS OF TITANIUM CONTROL
Maximize System-Wide
Return on Investment
Increase Value
Reduce Operational Costs
▪ Efficiently scale control systems to add capacity
▪ Accelerate the introduction of new functions and services
to optimize control processes
▪ Leverage the expertise of millennial programmers and
third-party software vendors
15 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
SUMMARY
▪ Virtualization enables critical infrastructure companies to slash their operational costs by deploying
secure, robust, flexible software-based solutions as alternatives to legacy, fixed-function hardware
▪ Industrial control systems installed since the 1980s present major business challenges
– Increasing OPEX due to high maintenance and replacement costs plus a dwindling pool of skilled technicians
– Limited flexibility resulting from sole-sourced solutions with proprietary programming and operational models
– Outdated box-level security features with no provision for end-to-end threat protection or dynamic updates
– Slow product lifecycles out of step with fast-moving IT and mobile technologies
▪ Wind River addresses these challenges through the open Titanium Control platform
– Virtualized software applications running on standard IT-class servers
– Six nines uptime and optimum asset utilization
– Best-in-class security and system level performance
– Architecture proven in telecom infrastructure with the first product launched in 2014 for
Network Functions Virtualization
17 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
BENEFITS OF VIRTUALIZATION
▪ Level 1 through Level 3 control functions can be virtualized and consolidated onto standard
IT-class servers for significant CAPEX and OPEX savings
– Software-based digital controllers, PLCs, DCSs, SCADA software, HMIs, historians and applications
– Massive cost savings from software updates instead of high-cost replacements of physical equipment
– Differentiation through software without having to rip and replace proprietary hardware and software
▪ Open platforms for the development and deployment of flexible, interoperable applications
– Avoiding vendor lock-in and long development cycles inherent in traditional hardware-based solutions
▪ Best-in-class end-to-end network security and industrial automation security functions
– Leveraging best available firewalls, VPNs, intrusion prevention systems, etc., from leading IT vendors
– Dynamic updates in response to emerging threats
▪ Full support for ultra-low latency, deterministic networking and high availability
18 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
Fully Scalable System-Level Architecture
Highly-Available
Edge Solution
Two servers
Compute
VM
Control
VM VM
Storage
1:1 protected pair
of servers
Compute
VM
Control
VM VM
Storage
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Control
Storage
Control
Storage
Frame-Level
Solution
4 –100 servers
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Control
Storage
Control
Storage
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Control
Storage
Control
Storage
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Control
Storage
Control
Storage
Large-Scale Data Center
Solution
Hundreds of servers
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Control
Control
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Compute
VM VM VM
Compute
VM VM VM
Top of Rack
Compute
VM VM VM
Top of Rack
Compute
VM VM VM
Control
Control
Multi-region cloud
Compute
VM
Control
VM VM
Storage
Minimum-Footprint
Edge Solution
Single server