Following the recent release of production-ready virtual PLC (vPLCs) offerings, virtualized automation solutions are rapidly gaining recognition as a mainstream technology.
The perception of vPLCs within the automation community has undergone a transformative shift. Initially, they were considered novel but impractical due to poor performance and unsuitability for real-world process control applications. In addition, the concept of hosting mission-critical control applications on enterprise servers, thereby integrating OT and IT technology, was not easily digested by many end-users. Now in 2024, however, improvements in edge computing technology and its affordability have made vPLCs a viable technology solution.
The long-standing resistance to IT/OT convergence is also fading as the benefits of integrating these domains are becoming increasingly recognized, driving further acceptance of vPLC technology. However, moving PLC control from the physical domain to the virtual while maintaining determinism and real-time control involves several critical technology layers within a software and hardware stack.
Each layer must be carefully specified and configured to ensure that hosted vPLCs operate within the stringent performance and integrity requirements necessary for real-world industrial applications. The software and hardware stack required to achieve this includes edge servers, hypervisors and operating systems optimized for real-time applications (RTOS).
While these technologies are well-established within IT and embedded systems professions, they may be unfamiliar to much of the broader industrial automation community. This article provides a detailed examination of each layer in the vPLC hardware and software stack, outlining the primary requirements for each. This information will be especially beneficial for individuals involved in designing vPLC architectures.
A vPLC or virtual PLC is a virtual instance of a traditional hardware PLC that operates within a virtual machine (VM) environment. Unlike PLC simulators, which are software applications that emulate a PLC on a computer, a vPLC is designed for real-world control applications and executes within an operating system that is hosted in a virtual environment.
Only two production-ready, IEC 61131-3 compliant vPLC runtimes are currently available in 2024:
CODESYS is a versatile PLC runtime that supports multiple programming languages and executes on any Linux distribution.
Siemens' SIMATIC S7-1500V is fully integrated with their TIA Portal and Industrial Edge platform. The runtime is compatible with Siemens' standard IPC operating system (SIMATIC Industrial OS).
Achieving the industry-required performance for vPLCs demands extensive optimization. Unlike virtualized servers and computers in the IT domain, vPLCs must meet stringent performance benchmarks for real-time processing, integrity and availability.
This requires CPU optimizations, memory management and real-time operating systems (RTOS) to ensure minimal latency, making the deployment of vPLCs more complex than typical virtualized systems.
vPLCs are not tied to specific hardware, allowing for easy scaling. End-users can increase or decrease the number of vPLC instances based on demand, paying only for what they use.
Removing the PLC CPU hardware reduces the risks associated with high CPU lead times. Recent supply chain issues and the tendency for automation suppliers to carry little stock have always induced big risks for end-users.
By eliminating the need for dedicated hardware, vPLCs reduce the costs associated with hardware acquisition, maintenance and upgrades. Additionally, they can be deployed on existing IT infrastructure, reducing CAPEX costs. End-users do not need to carry spare PLC CPUs, leading to reductions in the cost of ownership.
vPLCs can be managed centrally, streamlining the process of updates, maintenance and configuration. This centralization also simplifies the deployment of security patches, version control, firmware upgrades and backup of PLC logic.
Virtualization allows for better resource allocation, ensuring that computational power is efficiently used. This is particularly beneficial for resource-intensive tasks like machine learning and artificial intelligence.
vPLCs hosted in modern edge servers have potentially unlimited resources at their disposal, allowing them to perform heavy-duty tasks such as artificial intelligence.
vPLCs can leverage IT security mechanisms, providing a higher level of protection than traditional PLCs. Centralized management also aids in quicker deployment of security updates.
Simplified deployment of security updates can be done from a central location, eliminating the need for technicians to visit each PLC and connect to it.
Deploying and managing vPLCs and their dependencies can be complex, demanding a thorough understanding of virtualization technologies, network configurations and IT infrastructure.
The required skillset falls outside the traditional automation engineering domain and more within the IT domain. Consequently, end-users may be required to invest in workforce training to deploy and manage the technology effectively.
Virtualization can introduce latency, which may be problematic for real-time applications requiring extremely high response times. However, the performance of currently available technology is sufficient for deploying vPLCs in most control applications, except for those requiring very low response times, such as high-speed packaging.
An IEEE publication by Josef Waltl et al. concluded that vPLCs in servers with a hypervisor are currently a viable option for many domains of factory automation, where response times between 5-10 ms are acceptable.
Deploying multiple vPLCs on the same hypervisor theoretically creates a single point of failure. Power loss to the host server, accidental corruption or malicious actions by a user from the hypervisor could impact numerous PLCs simultaneously.
For continuous process industries that demand maximum availability of their control systems, this issue may discourage end-users from moving away from the traditional approach of using physical PLCs distributed across the facility.
However, the concept of virtualization is not entirely new. There is already a well-established practice of virtualizing OT technology within modern DCS platforms, where servers and operator stations are now routinely hosted on edge servers. This familiarity with virtualization may help mitigate some concerns, but the potential risks must still be carefully managed.
The hardware and software stack required for vPLCs includes high-performance servers, a hypervisor, a guest operating system (OS), and a PLC runtime. Each component in this stack must be carefully selected and optimized to meet the stringent performance requirements necessary for controlling high-value processes in production environments.
One key advantage of vPLCs is their flexibility to end-users and system integrators in choosing their technology stack. This enables users to work with familiar technologies and continue utilizing existing suppliers for their server infrastructure.
A unique requirement for vPLCs is the need to support real-time, deterministic performance, which necessitates using real-time operating systems (RTOS). As a result, operating systems originating from the embedded systems domain are now being used for vPLC deployments.
The host server provides the physical infrastructure on which the hypervisor will run. The host server components must be specified to ensure they support virtualization and are equipped with sufficient computational power, memory and storage to handle multiple virtual instances.
When selecting processors for vPLC applications, it's important to consider support for advanced virtualization and memory management features.
For Intel-based systems, processors with Intel VT-d and VT-c technologies are needed to enable virtualization capabilities. Intel VT-d facilitates direct device assignment in virtualized environments, which can help reduce latency by allowing virtual machines (VMs) to access I/O devices directly.
Intel VT-c, on the other hand, enhances network virtualization by allowing multiple VMs to share a single physical NIC if required. Suitable processors include the Intel Xeon E5 and E7 series and the newer Intel Xeon Scalable processors.
For AMD-based systems, processors that support AMD-Vi (IOMMU) are useful for enabling direct device assignment in virtualized environments. The AMD EPYC series processors are a common choice in environments where high performance and virtualization capabilities are necessary.
Advanced memory management is another key consideration for vPLC applications, especially in scenarios where real-time performance and low latency are critical. Efficient memory management directly impacts the speed and responsiveness of VMs, which is vital in environments requiring deterministic behavior and quick memory access.
CPU optimizations, such as Intel's Extended Page Tables (EPT) and AMD's Rapid Virtualization Indexing (RVI), help reduce the overhead associated with memory management. This can ensure that VMs access the memory they need more efficiently, which is essential for maintaining the performance levels required by vPLC applications. Sufficient RAM is required to handle virtualization workloads effectively.
The motherboard must support the relevant processor and have a chipset that supports IOMMU (VT-d for Intel or AMD-Vi for AMD). High-end server motherboards usually support these features. Some examples include:
Network cards must support SR-IOV to allow direct assignment of virtual functions to virtual machines, e.g., Intel Ethernet Server Adapter X520 or Mellanox.
The hypervisor is the software layer that enables virtualization by allowing multiple VMs to run on a single physical server.
There are two types of hypervisors:
Several authors have noted that bare-metal hypervisors offer better performance and resource management than hosted hypervisors when it comes to selecting bare-metal or hosted solutions.
The consensus is that hypervisors hosting vPLCs should be lightweight and streamlined, allowing guest operating systems to run with minimal latency.
While many popular enterprise hypervisors include a range of features for orchestrating virtual machines in IT environments, these are often unnecessary for industrial automation applications.
While system manageability is important, greater priority should be given to optimizing every aspect of the hypervisor setup to ensure maximum real-time communication efficiency in virtualized automation environments.
There are numerous hypervisors on the market, but what should you look for when hosting vPLCs?
Selecting the right hypervisor is essential for optimizing vPLC performance by leveraging CPU functions related to virtualization and memory management. It’s essential to ensure that the hypervisor supports these technologies so that it can effectively utilize the functions provided by the CPU.
The hypervisor should effectively manage VM entries and exits, utilizing CPU features to minimize latency during these transitions. Most enterprise-grade hypervisors include optimizations to handle these transitions efficiently, leveraging CPU features designed to minimize the overhead.
VMware Edge Compute Stack is a robust, enterprise-grade solution tailored for edge computing environments. It is designed to be installed directly on bare-metal hardware, with the hypervisor (ESXi) running directly on the physical hardware. This setup provides the foundation for running both virtual machines and containers.
VMware has also collaborated with Software Defined Automation to develop a virtual PLC orchestration solution. This allows users to efficiently commission, monitor and manage vPLC instances on servers deployed in factory environments.
Jailhouse is an open-source, lightweight hypervisor suitable for running real-time applications with minimal overhead, making it a good choice for hosting vPLCs. Jailhouse has the capability to isolate critical workloads in separate bare-metal environments to maintain deterministic performance. For VM management, tools like OpenStack or Kubernetes can be used for centralized control and automated deployment of vPLCs.
Microsoft Hyper-V is a widely used hypervisor from Microsoft that supports hosting vPLCs on an RTOS. It offers reliable virtualization with efficient resource management and high availability.
The guest operating system that will run the individual PLC runtime must be a real-time operating system (RTOS). RTOS are OS that have been specifically optimized for handling real-time operations and are heavily used within the embedded applications and IPCs industry.
Most RTOS distributions are almost always some variant of Linux that have been modified and adapted for real-time execution. The choice of the RTOS for the VMs hosting vPLCs is essential for ensuring real-time performance and compatibility with PLC runtime software.
Standard Linux distributions can be adapted for real time by implementing certain patches such as PREEMPT-RT.
Real-time Linux patches, such as PREEMPT-RT and RTAI, offer improved scheduling policies and mechanisms to enforce strict priority scheduling. These patches modify the kernel scheduler to ensure that real-time tasks preempt non-real-time tasks effectively.
vPLC runtimes emulate the functionality of traditional PLCs and execute control logic, providing flexibility and efficiency in industrial automation.
Currently, there are two production-ready vPLC offerings from CODESYS and Siemens that support vPLC runtimes and IEC 61131-3 type programming. Beyond IEC 61131-3, there are many other solutions from the embedded system domain, but the scope of this article is for vPLCs, which implies the use of IEC 61131-3 programming.
The CODESYS Virtual Control SL is a IEC 61131-3-compatible runtime system that can be installed on any architecture supporting containers or hypervisors.
The upcoming release of CODESYS Virtual Safe Control SL is expected in late 2024. This new iteration of the vPLC will be SIL3-certified, enabling the implementation of safety controllers without requiring certified hardware.
The availability of SIL rated vPLCs potentially opens the doors for this technology to be adopted into functional safety applications, such as those commonly found in the oil and gas industries, including emergency shutdown (ESD) and fire and gas systems (FGS).
In June 2023, Siemens introduced their first production-ready vPLC, the S7-1500V, as part of the TIA Portal and Industrial Edge platform. This S7-1500V can be run on industrial-grade servers or IPCs with Siemens Simatic Industrial OS.
As a major player in the edge server and IPC market, Siemens was the first mainstream PLC manufacturers to release a production-ready vPLC, leveraging their existing dominance in the OT space.
The S7-1500V is compatible only with Siemens IPC OS (Simatic Industrial OS), which ensures it is likely to be installed by end-users only on Siemens hardware. Other PLC manufacturers that do not have a foothold in the industrial edge server and IPC market may be dissuaded from releasing vPLC products, as they could risk threatening their traditional hardware sales.
vPLCs represent a significant advancement in industrial automation. They offer better flexibility, scalability and centralized management for end-users. Using vPLCs removes the requirement for a physical CPU and enables end-users to achieve cost efficiencies and overcome traditional hardware limitations.
However, deploying vPLCs requires careful consideration of challenges such as complexity and latency, and the chosen technology stack must be carefully specified.
The deployment of vPLCs involves a collaboration of skills and technology derived from OT, IT and embedded domains and must be carefully managed to ensure a cohesive functional system is delivered.
For industries seeking to modernize their control systems, specifying the server and hypervisor and leveraging reliable RTOS variants are essential steps to ensure same performance as traditional PLCs.
As this technology continues to evolve and established practices within legacy organizations eventually give way to innovation, vPLCs are expected to play a central role in the future of smart manufacturing and industrial automation.