×
Hidden Message here.

Store PLCnext CommunityPLCnext on LinkedInPLCnext on Instagram  PLCnext on YouTube Github PLCnext CommunityStore PLCnext Community

Docker, Balena, and co. - Containerization in Industrial Automation

Safety meets Security

 

Marcel Luhmann

Technology Manager

 

In the IT sector, especially in software development, containerization is a major trend. It is a lightweight alternative or companion to virtualization. Developers can speed up their processes without the need to keep an eye on the application’s target environment. This is done by encapsulation of the software and all its dependencies. Hence, the software runs uniformly and consistently on any IT infrastructure. With this, software becomes easily portable which reduces errors and improves quality. Furthermore, encapsulation brings quota management of system resources per container. Besides, this method is very secure,since all interfaces must be precisely defined. These advantages can not only be used in IT but also in the industrial automation world.

 

Docker is often used as a synonym for containerization, but containerization and process isolation themselves are actually not new. The first fully functional implementation of containerization was introduced with FreeBSD jails. These operating system level virtualization features are part of the Linux kernel.With Docker, containerization was simplified and thus made mass-capable. They provided an easy to use API and user interface and standardized the container format. This is called OCI (Open Container Initiative) Standard and is led today by the Linux Foundation®.

Containerization provides a lot of interesting approaches which could come in handy in today’s industry 4.0 since industrial programmable logic controllers (PLCs) become more intelligent and powerful. Manufacturers are using Linux operating systems for their PLCs which can run open source software. Nevertheless, a Linux-based PLC should still have the characteristics of a classic PLC (not a PC) and control critical infrastructure and applications. The openness brings a great value to industrial automation and seems to stand in contrast to the need for security, reliability, and determinism. So here is a closer look at containerization, what it provides and how it can help your business.

 

SecurityPortainer mockup

 

Security is a major concern in today’s industrial automation and with every new component it gets more difficult to monitor. This gets even trickier, when using third party and open source software. Putting software in a container allows us to isolate the process in terms of network, file system and root privileges. It's not the developer’s responsibility to enable only what the application needs, he just recommends startup parameters. Setting up network routing, file system mount points and privileged kernel access is the responsibility of the commissioning team on startup. They are readable by humans and can even be reviewed later in the running instance.

Additionally, there is a global online community surrounding containerization. They provide information, for example, on how to use foreign containers securely and how to creat your own secure container. Also using only trusted, secure images from a public registry or even setting up your own registry as a barrier can help to make your application even more secure.



System Determinism

 

The plant operator does not only have a set of security related options. Containerization also offers per-container-based options for disk and CPU quotas such as I/O rate and memory limits. This could be handy to maintain performance and solve issues with the determinism of the whole system. It also allows a container process to run with specific realtime priority on a real time Linux system, to avoid conflicts.

 

Reliability

 

With all these above-mentioned options, the reliability of your host system is unaffected, if provided with the correct setup. But what about the containerized application itself? In an application with just one process it’s quite easy. Everything this process needs is inside the container e.g. runtimes and libraries. If it’s relying on external resources like a place to store persistent data, the application checks these and prepares its environment on start up. Now if there is an issue with the application, only the container needs to be stopped and re-started with just the persisted data. 

There is an unwritten rule saying it is better to use only one process per container. But often an application depends on multiple processes or so called microservices. For example, an application with a database might need two containers: one for the program and one for the database. To run them together, a tool named “Compose” helps. It is another, persistent way of configuring the startup of one or multiple containers. With this the plant operator can manage the startup sequence, dependencies and shared resources as well as implementing a health check with a specified timeout and restarts of the microservice. This provides the reliability the plant operator needs.

 

solar energyScalability

 

Another big advantage of containerization is scalability. Here container orchestration comes into the world of industrial automation. A container orchestration tool like Kubernetes or Docker Swarm handles containers in several nodes and removes the complexity of handling distributed processing. These nodes can be computer, server, or edge devices and even PLCsIt can handle availability, performance, and deployments of containerized applications over a whole cluster of nodes.

 

Usability

 

Containerization makes the usage of software a lot easier. Being able to run software always in the exact same, controlled environment on any platform, is a big game changer in software development. And even after software deployment, changing configuration and monitoring services is much easier. Of course it brings another layer of complexity when learning what containerization acutally is and how it can help you and your application. But once you have handled this, all other processes are much faster and controllable. Furthermore, making use of the already available wide range of services opens a different world for industrial automation development.

 

Conclusion

 

In conclusion, manufacturers should be aware of software components they add to their systems, test them in depth for reliability and even get them certified as a ready to use package. When these open systems leave the production chain, the user gets a lot of possibilities to work with. But manufacturers are also responsible for it and this is new in industrial automation. Modern PLCs (like PLCnext Control by Phoenix Contact) include a lot of tools and measures to keep applications safe and reliable. So containerization in industrial automation is another huge opportunity. Be the first to get in touch with it and use it for your advantage.