While hardware advances remain an important aspect of automation’s advance, software virtualization and data communication methodologies, such as the OPC Foundation’s Unified Architecture (OPC UA) and MQTT (message queuing telemetry transport), are increasingly moving to center stage.
For example, through virtualization, multiple operating systems or software environments can run simultaneously on a single piece of hardware, whereas in the past, end users may have needed to invest in separate pieces of hardware for each one. This is made possible via software called a hypervisor that runs on one piece of hardware to create and run virtual machines (VM) that contain an operating system, applications, and all required dependencies such as data libraries and configuration files. Hypervisors separate the machine’s resources from the hardware so they can be used by the VM. Not only does this allow hardware resources to be used more efficiently, but by isolating real-time control platforms from desktop-style user interfaces, it also reduces cybersecurity risks.
OPC UA is a well-known machine-to-machine interoperability communication architecture that helps ease the process of integrating disparate systems and equipment—often from various vendors—through the use of semantics to provide a common structural framework for various types of data exchange. Likewise, MQTT and other publish/subscribe data transmission methodologies can similarly help to connect large quantities of data-producing devices by coupling them to a single, centralized data broker which receives and distributes relevant data to downstream devices as needed.
Beckhoff is taking advantage of these technologies with updates to its TwinCAT 3 PC-based automation control platform.
TwinCAT/BSD Hypervisor is a new feature which will enable the simultaneous execution of virtual machines and TwinCAT real-time applications on an industrial PC (IPC). According to Beckhoff, this will allow end users to use the unique features of various operating systems on a single IPC to benefit from the strengths of each. For instance, a Windows desktop environment may run parallel to a real-time machine control application on an IPC. If Windows needs to restart to install a software update, the machine control application can continue running unimpeded.
|Watch this video on how virtualization is changing automation.|
In addition, via functionality known as device passthrough, hardware elements such as the GPU (graphics processing unit), USB ports, and network interfaces can be linked to a specific virtual machine, effectively isolating real-time and mission-critical control applications from external tampering in the interest of boosting cybersecurity.
TwinCAT/BSD Hypervisor also supports Linux so that Linux containers can be used. Containers are a form of virtualization that share the host computer’s operating system, rather than requiring it to be fully replicated in every container (as in a VM). In the case of the TwinCAT/BSD Hypervisor, the host-only network can support communication between Linux containers and the machine controller. This means that unencrypted communication will only take place locally between the hypervisor and the Linux container host, preventing confidential machine data from leaving the IPC.
OPC UA Publish/Subscribe Functionality
Through the new TF6105 function, Beckhoff is providing direct integration of OPC UA publish/subscribe communications within the TwinCAT3 runtime environment. This will allow for both machine-to-machine and device-to-cloud communication scenarios based on the pre-established OPC UA publish/subscribe specification.
|Watch this video on MQTT and cybersecurity.|
Two different transport paths are defined for data transmission in the OPC UA specification: UDP (user datagram protocol) and MQTT. UDP is a communications protocol used to establish low-latency connections between various applications. It speeds up transmissions by enabling the transfer of data before an agreement has been provided by the receiving party, enabling real-time data exchange in a local network between various machines or machine components. MQTT allows devices to subscribe to any data relevant to their operation and receive automatic updates from a central broker whenever it changes, rather than needing to connect to the individual devices or make requests for data.