Thin Client Visualization for Virtualized Systems Technical White Paper

PROCESS AUTOMATION

THIN CLIENT VISUALIZATION FOR VIRTUALIZED SYSTEMS TECHNICAL WHITE PAPER

irtualization and thin client visualization represent two powerful technologies that are complementary and even Vmore effective when implemented together. For industrial applications, these two trends intersect when thin clients are connected to virtualized systems to provide visualization and operator interface.

Brian Alvarado Product Portfolio Manager Louis Szabo Business Development Manager Technical White Paper – Thin Client Visualization for Virtualized Systems

Table of Contents

1 Introduction 3

2 Why Virtualize? 3

3 Longer Life Cycles 4

4 Virtualization Challenges 5

5 Thin Client Advantages 5

6 Industrial Strength Visualization 5

7 Implementation Details 6

8 Conclusions 8

9 References 9

2 www.pepperl-fuchs.com Technical White Paper – Thin Client Visualization for Virtualized Systems

THIN CLIENT VISUALIZATION FOR VIRTUALIZED SYSTEMS

Thin clients are performance heavyweights in industrial visualization applications, cutting upfront and life cycle costs while improving reliability and security.

1. Introduction 2. Why Virtualize? Virtualization and thin clients are two of the leading trends Virtualization has established itself in the information in computing, both in the commercial and industrial technology (IT) world, and has especially gained traction sectors. They represent two powerful technologies that over the past few years as the technology moves from are complementary and are even more effective when traditional data centers to a wide variety of applications in implemented together. For industrial applications, these the commercial and industrial sectors. two trends intersect when thin clients are connected to virtualized systems to provide visualization and operator Virtualization enables multiple PC operating systems interface. (OSes) to run concurrently, but segregated from each other, on one computer (Image 1). This consolidation is what fuels Industrial virtualized systems are typically part of a manufacturing execution system (MES) or an automation system. In either case, the virtualized host systems are usually located in a protected environment so that commercial off-the-shelf (COTS) hardware can be used as COTS hardware is much less expensive than the industrially-hardened hardware required in a harsh environment.

Manufacturing personnel require extensive interface to these virtualized systems. These personnel include but aren’t limited to executives, engineers, operators, and technicians—each of whom typically interface to virtualized systems to accomplish tasks such as monitoring plant operations, analyzing manufacturing data, and responding to process upsets and alarms. Image 1. Virtualization software allows applications that previously ran on separate computers to run on one server machine. Caption courtesy of InTech and ISA. Interface in a protected environment such as an office or a control room can be accomplished via a number of the migration to virtualization as it requires less hardware at established technologies. However, interfacing to these a lower cost. virtualized systems in plant floor or process areas presents These improvements are achieved by running virtualization a challenge for many industrial manufacturing facilities, as software on the host server computer hardware. This the interface hardware must be industrially hardened to software, often called hypervisor, intercepts all operations cope with harsh environments. between one or many guest OSes. Each guest instance is called a virtual machine (VM), and the VM operates in a Traditional visualization and operator interface solutions pure software environment with no indication that it is not that work in protected environments, such as connecting a natively installed on its own hardware. COTS PC to the virtualized system, are either expensive or unwieldy to implement in a harsh environment. For A hypervisor therefore provides an abstraction layer that example, an industrially-hardened PC is a viable solution— insulates the VMs from the host hardware and from each but it’s costly to implement, maintain, and refresh. other. In fact, a key feature is that VMs are completely isolated from each other for operational purposes, In many plant floor and process area local visualization although they can communicate with each other via normal and operator interface applications, the best solution is a networking and data storage channels. thin client connected to one or more virtualized systems. A thin client is much more cost effective than a PC, both up Various industries implementing virtualization will realize front and over the entire life cycle, particularly when the thin different benefits. Table 1 lists a number of advantages that client is located in a harsh environment. come into play whenever virtualization is adopted.

www.pepperl-fuchs.com 3 Technical White Paper – Thin Client Visualization for Virtualized Systems

For industrial users, uptime reigns supreme. Process template and deployed repeatedly to achieve development and factory equipment must run reliably not just for cost efficiencies. ISA.org endorses virtualization as a strategy of reasons, but to protect against equipment damage or “build once, deploy many,” where “The time taken to deploy even personnel injury. Virtualization meets this demand by a new node is measured in minutes rather than weeks for a increasing system robustness at many levels. traditional deployment” (Reference 2).

Security is a key concern for most users, especially in Benefits of Virtualization a world with never ending reports of hacker exploits. Commercial users are often worried about personal or 1. Increased uptime financial information being stolen, while industrial users 2. Ease of hardware upgrades fear that plant operations could be compromised resulting 3. Ability to move existing applications among in product loss, equipment damage, or personnel injury. A PCs with no downtime side benefit of virtualization is that fewer PCs to manage 4. Increased application longevity results in a smaller target for attack, with the hypervisor offering another level of protection between a guest OS and 5. Ability to create new instances based on the host system. existing instances 6. Fewer PCs required 3. Longer Life Cycles 7. Smaller footprint Many industries struggle with the lifecycle of their PC 8. Lower energy consumption hardware and software. PC technology is dynamic with new 9. Better security developments every few years, while operating systems are somewhat less fluid. User applications can change Table 1. Virtualization advantages often, or may be fixed for many years. Eventually, users are faced with performing costly hardware and operating system upgrades and revisions, or running the risk of The server hardware is very reliable and takes advantage sticking with unsupported and obsolete components and of redundant power supplies, a redundant array of systems. independent hard drive storage, and multiple networking paths. Multiple servers may be configured into a pool of However, virtualization systems are constantly updated to resources, with VMs deployed throughout the pool. A server run on the latest hardware, and to support a wide variety failure can be handled by having the hypervisor start VM of guest OS modules. Savings can be substantial as instances on other servers. virtualization enables users to reliably keep their legacy software running for many more years, even though it is High availability ensures that the VMs automatically restart virtually deployed on newer hardware. Existing hardware on alternate hardware if there is a failure. An even higher with sufficient computing power can also continue to be level of reliability, called fault tolerance, can be achieved harnessed for new application deployments. System by running VMs in synchronized pairs on different servers, lifecycles formerly in the 5 to 7 year range can be extended allowing almost bumpless switchover if any server fails. to 10 or 15 years, or further. In fact, other hardware components can be teamed in In most applications, PC processors, memory, storage, similar primary/secondary pairs. The many redundancy and networking capabilities have developed to a point options truly set virtualization apart from traditional where they are often underutilized. Much of the rise in PC dedicated multi-PC systems. As ElectronicDesign.com power is due to the use of increasingly dense multi-core points out, “In the hands of a system architect, virtualization processors, a technology that fits well with virtualization. provides myriad redundancy and failover options that can This has led ControlEng.com to state that “a single meet almost any criteria” (Reference 1). virtualized server can replace tens of non-virtualized servers,” and “With so much computing power available in Commercial and industrial users alike can benefit from the a single server, the old IT concept of one server per main flexibility to move VMs among the pool of available servers. application does not make sense” (Reference 3). Administrators can balance server loads in this manner, either locally or remotely. Equipment can be freed up for Reducing the quantity of PCs leads to obvious gains from repair, and hardware can be easily added. All of this can be lower energy costs, lower up-front procurement costs, accomplished with minimal or zero downtime. lower maintenance expenses, and a reduction of required space. The footprint reduction benefit is often overlooked, Virtualization is also a powerful tool for capturing and but in many industrial installations space is at an extreme recovering backups. In fact, once a proven good VM premium. configuration is developed, it can be captured as a

4 www.pepperl-fuchs.com Technical White Paper – Thin Client Visualization for Virtualized Systems

4. Virtualization Challenges single keyboard/video-display/mouse setup, this is another Of course, there are a few concerns to be aware of when example of collapsing multiple functions onto far less considering a virtualized system. Most commercially hardware than would otherwise be required. available software works seamlessly in a virtual environment, but Human Machine Interface (HMI) and Sometimes called thick clients since they run on a fully other supervisory control and data acquisition (SCADA) configured personal computing device, view clients are packages are low-volume products with specific generally available on a wide variety of platforms other communications performance demands. In recent years, than just Windows PCs. Not only are other desktop OSes many such products were not certified to work in VMs. supported (Mac, Linux), but also mobile platforms such However, virtualization presents such an advantage as iOS and Android. This opens up new possibilities since that many HMI and SCADA software vendors are now users may find an advantage to monitoring their VMs advocating and promoting virtualized installations, even remotely, from a smartphone for instance. providing certified images for end users. It is not even a requirement that the view clients are Another issue is that the increased overhead of multiple co-located in the same facility or geographical region VMs inevitably causes some system inefficiencies not as the servers, as the link to the server is made via a experienced by software natively installed on hardware. network connection, and as all of the core software and Similarly, the hardware itself may not be optimally utilized performance resides at the server. Since the software is since the VM OSes must interact with it indirectly via the maintained at the host, all upgrades and changes can be hypervisor. Some applications may be sensitive to timing administrated there regardless of the quantity and location issues. Fortunately, many of these issues are overcome of clients. simply by specifying sufficient PC processing power and memory, both of which are becoming very low cost 6. Industrial Strength Visualization resources. Industrial installations often require the display component to be located in a harsh environment. Extreme Possibly the biggest negative is that companies temperatures, constant vibration, random impacts, implementing virtualization must invest in another level electromagnetic noise, explosive fumes, moisture, and dust of expertise and training to support the additional layer are potential threats. Good manufacturing practices may of software. However, with vendors providing software call for frequent equipment washdown or sanitization. specifically designed to run in a virtual environment, this issue is becoming less of a concern. It is possible, but challenging, to install a PC in such locations. PC equipment is available with conformal Virtualization provides many benefits, but operator coating, heat sinks, and other features to combat interface and interaction with these virtualized systems hazards—but these industrially hardened PCs are much can be a challenge, particularly in industrial environments. more expensive than office-grade hardware. Fortunately, a solution exists, in the form of thin clients.

5. Thin Client Advantages If many virtual machines are consolidated into a given server, how does the user interact with each of them? The answer is a “client” of some sort, which is a combination of hardware and/or software that offers visibility to one or more VM instances.

The ideal client would provide the same computing experience as if the user were sitting at the server. From a purely technical standpoint, the easiest way to provide this type of an interface is via a PC, but this is the highest cost option, both up front and over the entire life cycle.

In a pure data center environment, it is often suitable for a desktop computer to use a view client software package offered by the hypervisor vendor. The view client allows the user to connect to any given VM guest desktop as if they were sitting at the server. Since any number of VMs can Image 2. A PC in a purged enclosure is often the best solution for be accessed this way, although just one at a time, via a installations in hazardous environments. www.pepperl-fuchs.com 5 Technical White Paper – Thin Client Visualization for Virtualized Systems

In many cases, the best solution for a hazardous area installation is to install a PC in a cabinet with a purge system that maintains a safe atmosphere within the enclosure (Image 2). This allows less expensive cabinets and PCs to be employed, and is generally a lower cost solution than using explosion-proof enclosures and PCs suitable for installation in hazardous environments. But in many instances, a PC is not the most optimal solution, with a thin client being the preferred alternative.

Instead of a full PC thick client, a thin client consists of simplified hardware and software. As compared to a PC, thin clients run with very little required maintenance in terms of hardware, firmware and software upgrades. Operating system maintenance is eliminated, as the OS runs on the server, not the thin client. In the rare event that service is needed, the simplicity of the device allows for Image 3. A thin client is well suited for use in harsh environments a quick change out. These features combine to provide a due to its compact size, low heat generation, and rugged design. much longer lifecycle as compared to a thick client. Other advantages of thin clients as compared to PCs are listed in Table 2. An infrastructure composed of virtualized office-grade PCs in a protected area interconnected with remote thin Advantages of Thin Clients over PCs clients in both office and industrial environments also 1. All software can be maintained at the host offers functional benefits (Diagram 1). Each thin client can be configured to connect to as many or as few VMs as 2. Longer life cycle as very little software is resident desired, based on assigned privileges, so each thin client at the thin client can serve in various roles. 3. More secure 4. Lower upfront and total life cycle cost A maintenance person can log in to access equipment 5. More compact calibration statuses via the asset management system, a supervisor can check batch reports produced by the MES, 6. Generate less heat and an operator can interact with the process via the HMI. 7. Better suited for harsh environments 8. Multiple functional users at each station Thin clients are well suited for use on the factory floor and in outdoor process areas, and their durable nature makes Table 2. Thin client benefits them right at home in demanding medical, commercial, retail, and warehousing environments. Due to their Since all core software and significant computing power specialized nature, they are less of a target for tampering is maintained and handled at the host, the corresponding than a standard PC. And speaking of security, thin clients thin client hardware doesn’t require much in the way of offer advantages in this arena also, as all data and software resources. Comparatively little processor power is needed, lives on the centralized servers which can be located in a and no rotating storage (hard drive) is required. Due to physically secure location. minimal hardware requirements, the thin client actually has a thin physical profile (Image 3). The resulting low-power, 7. Implementation Details and therefore low heat-generating, device typically has no Taken as a whole, virtualized systems used with thin clients moving parts since fans are not needed. combine to provide a tough and secure solution to extend the computing experience into a commercial or industrial Thin client hardware can be far better suited for installation environment. Before looking at implementation details, it’s in harsh environments than a traditional PC. Out of the box useful to step back for a moment and consider some other solutions are available for installation in various NEC Class means of achieving remote visualization. 1 Division 1 and 2 location, as well as ATEX Zone 1 and Of course, the most basic method would be to put an office- 2 locations. Compatible accessories such as keyboards, grade PC at the user’s remote location. While this might be pointing devices, and even barcode scanners can be found practical in an office environment, it is often not practical for with comparable specifications for operation in hazardous high-traffic, unprotected, or harsh areas. areas.

6 www.pepperl-fuchs.com Technical White Paper – Thin Client Visualization for Virtualized Systems

Diagram 1. An infrastructure composed of virtualized office-grade PCs in a protected area interconnected with remote thin clients in industrial environments offers a host of benefits.

It would also be possible to install an office-grade PC in a movements, and touchscreen activity are redirected to the protected area and use long keyboard, video, and mouse host application over the network. All operating system and cables to place the interface where it needs to be. The application execution exist only on the host (Diagram 2). biggest challenge here is that the cables are limited to a few tens of feet.

Another popular method of remotely locating the keyboard/ video/mouse (KVM) from the PC is to use KVM extenders. These consist of two adapter modules, one located at the PC and one located at the operator interface end. KVM extenders convert the PC signals into a consolidated format, either using a dedicated signal over a point-to-point cable connection, or using Ethernet Internet Protocol-based signals over a conventional network. KVMs using common CATx cable can span distances of many hundreds of feet. Of course, KVMs operating over Ethernet are subject to the typical networking distance constraints and capabilities.

For Windows operating systems, there is a native connectivity technology that is an ideal fit for virtualized systems with thin clients, and implementation is relatively straightforward.

The Microsoft technology is called Remote Desktop Diagram 2. Microsoft’s RDP allows remote access and control of Protocol (RDP), and it has actually been available in a given host computer by a client. It’s often used to connect thin various versions since Windows XP was released. It is clients to virtualized servers. Diagram courtesy of etutorials.org. currently called Remote Desktop Services, and in previous versions has been known as Terminal Services. It will be Using Ethernet to deploy RDP is a natural fit, employing referred to as RDP in this paper. widely used and cost effective COTS technologies and products. Within a facility, copper CATx cabling and RDP allows remote access and control of a given computer, switches can easily meet most any infrastructure needs. including all of its resources. Only the user interface of Longer runs than the nominal 100m (for speeds up to one the host PC is presented to the client. All of the client’s gigabit) will require media conversion to fiber optic, which user interface actions such as keyboard entry, mouse can then run thousands of feet. www.pepperl-fuchs.com 7 Technical White Paper – Thin Client Visualization for Virtualized Systems

RDP bandwidth requirements vary, but are typically 8. Conclusion quite manageable for most commercial and industrial Today’s business environment demands increased applications. HMI graphics and tabular displays are mostly performance at all levels. These improvements can be static and do not require much information to update, realized using products and methods that save money whereas full motion video and images would require more and improve work conditions. Virtualization and thin bandwidth. clients are two powerful technologies that fit the bill for many commercial and industrial applications, improving Providing a dedicated network for the virtualized system performance while cutting costs. and the remote visualization components provides the highest level of performance and security. However, it is Consolidation of servers and applications onto less often practical to deploy a system via the standard network equipment is just the beginning. There is less hardware used in the rest of the facility. Network administrators can to purchase, fewer systems to manage, and reduced tools such as virtual LANs and smart switches to logically power consumption. More importantly in many industrial segregate traffic, as opposed to physically isolating devices applications, reliability can be greatly improved as with dedicated hardware. compared to a non-virtual environment with dedicated PCs. COTS hardware can be economically installed in protected Thin clients and RDP are even more powerful when their locations, while users can connect remotely from the link is extended not just within a facility, but out over the factory floor or from across the world using cost-effective Internet to anywhere in the world. This capability may not thin clients rated for use in almost any environment. be desirable in a production environment where an HMI application controls equipment and processes in real-time, Virtualization provides other gains that simply can’t be but could certainly be useful for remote troubleshooting, realized in one-OS-to-one-PC systems. Configurations can supervisory monitoring and other off-line applications. be pre-tested and debugged in a sandboxed configuration. Application or even OS upgrades and migrations can be carried out in a controlled manner with little or no loss of operation. Software lifecycles can be extended by years.

With virtualization on the back end, thin clients are a high-performance and low-cost solution for the front end. For commercial and especially industrial environments, hardware options exist to withstand the harshest conditions. Thin clients are energy efficient and allow the use of standardized installation options, even in difficult environments. They also allow multiple users to access any number of applications installed at the virtualized servers.

A leading technology for interconnecting virtualized servers with thin clients is Microsoft RDP over Ethernet. This standard protocol is familiar to the IT world and has developed significantly over the years to provide high-speed communications with options to extend over practically any distance. Since Ethernet is an industry standard, end users can take advantage of readily available expertise to implement their systems.

Virtualized servers with thin client operator interface are the best option for many commercial and industrial applications, providing the required high performance and reliability with improved security—all with much lower costs, both up front and throughout the entire life cycle.

8 www.pepperl-fuchs.com Technical White Paper – Thin Client Visualization for Virtualized Systems

9. References

1. Industrial Virtualization, http://electronicdesign.com/article/embedded/Address-Hardware-Longevity-Concerns-With- Tier-1-Workstations-and-Servers

2. Virtualization 101: Understanding How To Do More With Less, http://www.isa.org/InTechTemplate.cfm?template=/ ContentManagement/ContentDisplay.cfm&ContentID=86936

3. Engineering and IT Insight: Future Is Virtual For Manufacturing IT, http://www.controleng.com/index. php?id=483&cHash=081010&tx_ttnews%5Btt_news%5D=44681

4. Thin Clients Can Eliminate Software Issues, http://www.controldesign.com/articles/2010/SoftwareIssues1005.html

5. Thin Clients, Fat Pipes Herald Post-PC World, http://www.eweek.com/c/a/Virtualization/Thin-Clients-Fat-Pipes-Herald- PostPC-World-496910/

6. Control Systems: When To Move From Industrial Computers To Thin Clients, http://www.ccs-inc.com/news-events/ article/control-systems-when-to-move-from-industrial-computers-to-thin-clients

7. Virtualized Computing Aids Process Visualization, http://www.controlglobal.com/articles/2012/ABB-APW-12.html

www.pepperl-fuchs.com 9 Technical White Paper – Thin Client Visualization for Virtualized Systems

Notes

10 www.pepperl-fuchs.com Technical White Paper – Thin Client Visualization for Virtualized Systems

Notes

www.pepperl-fuchs.com 11 proTECHNICALCess automation WHITE PAPER – protecting your process

For over a half century, Pepperl+Fuchs has provided new concepts for the world of process automation. Our company sets standards in quality and innovative technology. We develop, produce and distribute electronic interface modules, Human-Machine Interfaces and hazardous location protection equipment on a global scale, meeting the most demanding needs of industry. Resulting from our world-wide presence and our high flexibility in production and customer service, we are able to offer complete individual solutions – wherever and whenever you need us. We are the recognized experts in our technologies – Pepperl+Fuchs has earned a strong reputation by supplying the world’s largest process industry companies with the broadest line of proven components for a diverse range of applications.

6 1 3 5 7

1 Worldwide/German Headquarters 2 Pepperl+Fuchs GmbH Mannheim · Germany Tel. +49 621 776 2222 E-Mail: [email protected] 8 2 Asia Pacific Headquarters Pepperl+Fuchs PTE Ltd. Singapore Company Registration No. 199003130E Tel. +65 6779 9091 E-Mail: [email protected]

3 Central/Western Europe & Africa Headquarters 6 Northern Europe Headquarters Pepperl+Fuchs N.V. Pepperl+Fuchs GB Ltd. Schoten/Antwerp · Belgium Oldham · England Tel. +32 3 6442500 Tel. +44 161 6336431 E-Mail: [email protected] E-Mail: [email protected] 4 Middle East Headquarters 7 Southern/Eastern Europe Headquarters Pepperl+Fuchs M.E (FZE) Pepperl+Fuchs Elcon srl Dubai · UAE Sulbiate · Italy Tel. +971 4 883 8378 Tel. +39 039 62921 E-Mail: [email protected] E-Mail: [email protected] 5 North/Central America Headquarters 8 Southern America Headquarters Pepperl+Fuchs Inc. Pepperl+Fuchs Ltda. Twinsburg · Ohio · USA São Bernado do Campo · SP · Brazil Tel. +1 330 486 0002 Tel. +55 11 4341 8448 E-Mail: [email protected] E-Mail: [email protected] www.pepperl-fuchs.com 12 Subject to modifications • © 2013 PEPPERL+FUCHS, INC. • Part No. TDOCT-B0G0_ENG