open, secure industrial automation systems

© 2017 WIND RIVER. ALL RIGHTS RESERVED.

OPEN, SECURE INDUSTRIAL

AUTOMATION SYSTEMS

Glenn Seiler

VP Product Management and Strategy

Software Defined Infrastructure BU

2 © 2017 WIND RIVER. ALL RIGHTS RESERVED.

TOPICS

▪ Deployment and operational challenges for critical infrastructure

▪ How virtualization addresses these challenges

▪ Introduction to Wind River Titanium Control platform

▪ Business-level benefits

▪ Summary


KEY CHALLENGES FOR CRITICAL INFRASTRUCTURE

▪ Industrial control systems installed since the 1980s present major

business challenges

– Increasing OPEX due to high maintenance and replacement costs plus a

dwindling pool of skilled technicians

– Limited flexibility resulting from sole-sourced solutions with proprietary

programming and operational models

– Outdated box-level security features with no provision for end-to-end threat

protection or dynamic updates

– Slow product lifecycles out of step with fast-moving IT and mobile

technologies


TITANIUM CONTROL ADDRESSES THE CHALLENGESReliability, Management, Performance, Scalability, Security, Open Standards

▪ Integrated software platform for

on-premise critical infrastructure

applications

▪ Addresses all the key challenges

for industrial-grade virtualization

and securityStandard Server(s)

Titanium

Control

Software

Control

Node(s)

Storage

Node(s)

Physical

Devices

Safety

SystemsDCS Analyzer

Wireless

GatewayPLCMonitoring

Industrial-Grade Networking

Compute Node(s)

Virtualized

Functions

(Level 1 - 3)

Virtual Machine

PLC

Virtual Machine

DCS

Virtual Machine

HIS

Virtual Machine

Other


Virtualized

Functions

(Level 1 - 3)

Titanium Control Software

Virtual Machine

PLC

Virtual Machine

DCS

Virtual Machine

HIS

Virtual Machine

Other

TITANIUM CONTROL ARCHITECTURE

Based on Industry-Standard Open Source Software

Real-Time Performance Enhancements to KVM Hypervisor

Secure, High-Reliability Accelerated Virtual Switch

Comprehensive Fault Management and VM Management

Industrial Grade Storage Cluster

Industrial Grade Networking

Full Support for Industry-Standard Guest Operating Systems

Standard Server(s)

Physical

Devices

Control Node(s)

Safety

SystemsDCS Analyzer

Wireless

GatewayPLCMonitoring

Industrial-Grade Networking

VM Management

Fault Management

Storage Node(s)

Industrial-Grade

Storage Cluster

Centralized or Local

Compute Node(s)

Industrial-Grade Hypervisor

Accelerated Virtual Switch

Hardened Linux

DPDK


KEY CLOUD PLATFORM ATTRIBUTES

➢ Performance and scalability• Accelerated vSwitch: 20Gb/s guest throughput

• 10µs interrupt-latency real-time virtualization

• Scales from 1-node to 100s of nodes

➢ Availability and Reliability

• Six nines (99.9999%) reliability at the platform level

• Automatic detection and automatic recovery

• Live migration of VMs with less than 150ms outage

➢ Security

• Secure chain of trust from physical HW to VMs

• Network-level AAA with secure identities

➢ Open

• Open standards and open APIs

• OPNFV testing and validation

Security

Performance and

Scalability

Open

Availability and

Reliability


Titanium Control: Reliability

▪ Titanium Control features:

– Six-nines (99.9999%) reliability at the platform level when running on two or more physical servers

– Automatic detection of failed controllers, hosts and VMs, with automatic recovery (60x faster than enterprise Linux)

– Live migration of VMs (including DPDK-based VMs) with less than 150ms outage time

– No unplanned downtime for software upgrades and patching, with full support for roll-backs

– Industrial-grade storage: volumes survive VM migrations, VM restarts, node failures etc.

▪ Fault tolerant to multiple software and hardware faults, with no single point of failure

▪ Six-nines (99.9999%) availability

▪ Minimal loss of service or data on failover

Industrial

Requirements

Detection of failed

VM in <500ms

Detection of failed

compute node in <1s

Recovery from control

node failure in <25s

Detection of network

link failure in <50ms

✓


▪ Support for remote platform monitoring, diagnostics and updates

▪ No unplanned downtime for hardware or software updates

▪ Integration with IT-based Level 4 / Level 5 management, orchestration and supervisory functions

Industrial

Requirements

TITANIUM CONTROL: MANAGEMENT


– Simple installation and commissioning with installation wizard and no requirement for separate installer node

– Remote monitoring with sophisticated system alarms, analytics, performance management and fault management

– Hitless software upgrades and patching: no unplanned downtime

– Intelligent orchestrated patching engine accelerates system-wide patching

– Comprehensive system visibility and alarms

– Standard APIs for integration with Level 4 and Level 5 IT systems

✓


TITANIUM CONTROL: PERFORMANCE AND SCALABILITY


– Seamlessly scalable from single-server on-premise deployments to hundreds of servers in data center

environments

– Deterministic interrupt latency of 3µs

– Accelerated virtual switching: up to 40x performance of kernel-based vSwitches

– Dynamic scaling of VMs up/down and in/out based for optimum resource utilization

– Full support for real-time operating systems (RTOSs) in guest VMs

✓


Network-level authentication,

authorization and accounting

(AAA) with secure identities

SECURITY FOR A INDUSTRIAL PLATFORM

Titanium Cloud

VM

vCPE

VM

vEPC

VM

Other

NFVi stack with 3-layer decoupling

- Hardware layer

- Virtualization Platform layer

- Application layer

Data encryption with full support

for third-party firewalls, anti-

malware and other security

functions

TLS Security & TPM Certificate

Storage (requires TPM 2.0

hardware device

Secure chain of trust from physical hardware extending into Virtual Machines (VMs)

Continuous Vulnerability

Monitoring and Patching


INDUSTRIAL GRADE SECURITY

▪ Integrity

– Critical process monitoring and recovery on Titanium Cloud nodes

– Resource monitoring on Titanium Cloud nodes

– Monitoring and recovery of Titanium Cloud node connectivity

– Titanium Cloud controller node program store authentication

– Tenant data stored on private closed network

▪ Confidentiality

– Secure keyring database for storage of encrypted passwords

– ACL filters for authenticity of connectivity to hosted VMs

– QOS for protection of connectivity to hosted VMs

– TLS Security & TPM Certificate Storage(requires TPM 2.0 hardware device)

▪ Access

– Network firewall on external OAM interface

– Role-based access control

– Secure password enforcement

– Password aging

– Restricted access to root account and root cmds

– Auto-logout of in-active user sessions

– External LDAP integration—keystone

▪ Host environment

– UEFI Secure Boot & Cryptographically Signed Images

– User and group permissions

– Chroot jail

– Virtual TPM for Secure Guests

– Process group isolation

✓

✓

✓

✓


TITANIUM CONTROL: OPEN STANDARDS


– Based on open source software with patches contributed back to the community by Wind River

– Linux, KVM, OpenStack, Ceph and DPDK

– Support for industry-standard guest operating systems including Linux, VxWorks, Windows, etc.

– Titanium Cloud Ecosystem validations ensure compatibility with third-party software products

– Enterprise-class and COTS servers from multiple suppliers also validated through the ecosystem

Open standards eliminate the risk of vendor lock-in while enabling innovative third-party software products


Wind River Active in Key NFV Open-Source Projects

Active in critical workgroups

▪ Contributing our HA APIs to HA

Workgroup

▪ Compliance & certification

workgroup

▪ OPNFV validation and testing

requirements (C&C, Dovetail)

Proven Vendor Interoperability at OPNFV

PlugFest

Leading contributor to Nova,

SR-IOV and other core

projects

▪ Wind River is ranked in top 10%

to the Nova Compute project

▪ Wind River is ranked 86th out of

318 contributors to OpenStack

Wind River is focused on

critical telecom-focused

enhancements to Nova

Active in maintenance of Yocto Linux project

▪ Linux-yocto kernel and tooling

▪ Meta-cgl, meta-cloud-services,

meta-openembedded, meta-

security, meta-selinux, meta-

virtualization, meta-zynq

Contributed real-time KVM to many related open-source

projects

Linux


▪ Reduce the cost and risk of replacing physical control devices

▪ Ensure end-to-end security for business operations and control

functions

▪ Reduce capital cost for new deployments and capacity

expansions

BUSINESS-LEVEL BENEFITS OF TITANIUM CONTROL

Maximize System-Wide

Return on Investment

Increase Value

Reduce Operational Costs

▪ Efficiently scale control systems to add capacity

▪ Accelerate the introduction of new functions and services

to optimize control processes

▪ Leverage the expertise of millennial programmers and

third-party software vendors


SUMMARY

▪ Virtualization enables critical infrastructure companies to slash their operational costs by deploying

secure, robust, flexible software-based solutions as alternatives to legacy, fixed-function hardware

▪ Industrial control systems installed since the 1980s present major business challenges

– Increasing OPEX due to high maintenance and replacement costs plus a dwindling pool of skilled technicians

– Limited flexibility resulting from sole-sourced solutions with proprietary programming and operational models

– Outdated box-level security features with no provision for end-to-end threat protection or dynamic updates

– Slow product lifecycles out of step with fast-moving IT and mobile technologies

▪ Wind River addresses these challenges through the open Titanium Control platform

– Virtualized software applications running on standard IT-class servers

– Six nines uptime and optimum asset utilization

– Best-in-class security and system level performance

– Architecture proven in telecom infrastructure with the first product launched in 2014 for

Network Functions Virtualization

™



BENEFITS OF VIRTUALIZATION

▪ Level 1 through Level 3 control functions can be virtualized and consolidated onto standard

IT-class servers for significant CAPEX and OPEX savings

– Software-based digital controllers, PLCs, DCSs, SCADA software, HMIs, historians and applications

– Massive cost savings from software updates instead of high-cost replacements of physical equipment

– Differentiation through software without having to rip and replace proprietary hardware and software

▪ Open platforms for the development and deployment of flexible, interoperable applications

– Avoiding vendor lock-in and long development cycles inherent in traditional hardware-based solutions

▪ Best-in-class end-to-end network security and industrial automation security functions

– Leveraging best available firewalls, VPNs, intrusion prevention systems, etc., from leading IT vendors

– Dynamic updates in response to emerging threats

▪ Full support for ultra-low latency, deterministic networking and high availability


Fully Scalable System-Level Architecture

Highly-Available

Edge Solution

Two servers

Compute

VM

Control

VM VM

Storage

1:1 protected pair

of servers

Compute

VM

Control

VM VM

Storage

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Control

Storage

Control

Storage

Frame-Level

Solution

4 –100 servers

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Control

Storage

Control

Storage

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Control

Storage

Control

Storage

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Control

Storage

Control

Storage

Large-Scale Data Center

Solution

Hundreds of servers

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Control

Control

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Compute

VM VM VM

Compute

VM VM VM

Top of Rack

Compute

VM VM VM

Top of Rack

Compute

VM VM VM

Control

Control

Multi-region cloud

Compute

VM

Control

VM VM

Storage

Minimum-Footprint

Edge Solution

Single server

open, secure industrial automation systems

Documents