Increased availability through integrated virtual machine environments
TwinCAT/BSD Hypervisor as a new system feature
TwinCAT/BSD Hypervisor is a system feature of the TwinCAT/BSD operating system from Beckhoff that enables the simultaneous execution of virtual machines (VM) and TwinCAT real-time applications on an Industrial PC. Optimized hypervisor integration in TwinCAT/BSD and matching configurations of Beckhoff software and hardware enable maximum performance of virtual machines while maintaining TwinCAT real-time properties.
The high-performance execution of virtual machines enables the strengths of different operating systems to be utilized on one Industrial PC and the security properties of the overall system to be improved by operating user environments in a modular and isolated manner. For example, TwinCAT real-time applications can be operated separately from a Windows desktop environment for machine operation on an Industrial PC. In this context, the Windows operating system is run in a virtual machine environment. Windows restarts, e.g., due to software updates, will therefore not interrupt machine control execution. This ensures machine availability since Windows is only restarted within the virtual machine environment and TwinCAT continues to run in the real-time context supported by the TwinCAT/BSD host
Through the device passthrough feature of TwinCAT/BSD Hypervisor, hardware resources such as GPU, USB and/or network interfaces can be explicitly assigned to a virtual machine. In this way, access to the TwinCAT/BSD system by user and/or network interfaces can be limited, and the security of the control system can be improved. With TwinCAT/BSD Hypervisor, Linux distributions can be operated on the controller in addition to Windows, e.g., for running Linux containers. In this case, data communication between Linux containers and machine controller can be supported by host-only networks. This ensures that unencrypted network communication will take place exclusively locally between TwinCAT/BSD and the Linux container host, and confidential machine data will not leave the Industrial PC