This is a post in a series of blogs about adapting Continuous Delivery concepts and tools to Industrial Control Systems environments.
Virtualization has come of age during the last decade and has begun pervading nearly every aspect of computing… Most notably cloud computing is the largest example of virtualization success.
How virtualization affects your systems
As with any ICS environment, your systems are often defined and controlled by what your ICS vendor(s) allows to be done with their software. Many leading ICS vendors have adapted the ability to use virtualization in the past few years. Some implementations and adaptations of use are more restrictive than others, but in general you have the opportunity to virtualize some of the non-operationally critical assets in your environment as well assets that have data storage requirements that surpass a physical servers capacity – namely quality assurance systems, development systems and historical repositories
How you can leverage virtualization
The most obvious and straightforward application of virtualization in ICS environments is through hardware virtualization. Hardware virtualization provides the ability to have virtualized instances of engineering workstations, non-operationally critical application servers, and servers that support administrative functions (i.e. file and print servers). It also allows you to have many more redundant assets which can be used as hot or cold spare assets for interaction with your environment and process.
A second and very beneficial use of virtualization is in the creation and maintenance of development and test environments for your production systems. Virtualization alleviates much of the hardware overhead that would normally be associated with creating a representative test environment. When you have the ability to freely engineer changes through the use of virtualization, you can leverage your change management and orchestration tools easily and quickly.
As a bonus, gaining the freedom to operate, test, and experiment in a safe environment will lead your teams and organizations to become more confident in the overall operation of your systems. This ultimately leads to increased reliability and confidence in your environment. Maybe the most important benefit is faster recovery during those times of failure as a result of the increased confidence and knowledge of your systems.
Lastly, having the ability to leverage virtualization begins to give your organization the capability to have a “do over” button. Snapshot and revert functions present in virtualization products give you the ability to verify your processes and procedures on your quality assurance and development sandbox environment and turn back the clock on a mistake or bad configuration change without the high overhead of re-installing a system on a bare metal machine, thereby providing your organization a true ROI.
What you need to watch out for
This is not to say that virtualization is for every aspect of the ICS environment. Traditional vendors have invested in their solutions to minimize the impact of any single contingency. Redundancy and high availability is built in to their front end processors, ICCP servers, SCADA servers and application servers. That same technology is leveraged for backup control centers and in disaster scenarios, the customer can always rely on the vendor to rebuild the system from the code repository secured at the vendor’s facility.
But virtualization does address the cost pressures that all companies feel and does provide customers with low cost alternative for sand box environments which are now necessitated by the regulatory bodies for testing and QA purposes.
The use of virtualization is undoubtedly highly vendor specific. Vendor use and allowance of virtualization often dictates what parts of your system or assets you are allowed to virtualize as well as what pieces of their software system, configuration, or system use are allowed.