Bringing the benefits of Linux containers to OT
Linux container technology was introduced more than a decade ago and has recently jumped in adoption in IT environments. The OT (Operational Technology) environments, typically made up of heterogenous embedded systems, have however lagged in the adoption of container technologies due to both the unique technology requirements, and the business models that relied on proprietary systems.
By Pavan Singh, Senior Director, Cloud-scale products at Wind River.
In this article, I will explore recent innovation in open source offerings that are enabling the use of containers in OT use cases such as industrial control systems, IoT gateways, medical devices, Radio Access Network (RAN) products, and network appliances.
Enterprise IT leaders have adopted 'cloud-native' computing architectures because of the innovation velocity and cost benefits derived by the approach. To leverage containers, developers segment applications into modular micro-services that enable flexible development and deployment models. These micro-services are then deployed as containers where the service itself is integrated with the required libraries and functions.
On containerisation, these application components have small footprints and fast speeds of deployment. The applications become highly portable across compute architectures due to the abstraction away from the hardware and the operating system.
The benefits of flexibility and the modularity offered by container-based architectures are fully realised when leveraged in conjunction with higher level orchestration systems that can manage the containers throughout their entire lifecycle. Kubernetes, the leading open source orchestration system for containers, has gained a lot of traction over the last few years. Initially developed by Google, the Kubernetes project is now maintained by the Cloud Native Compute Foundation (CNCF).
CNCF is dedicated to reducing the friction around the adoption of cloud-native technologies and brings to bear a few key cloud-native projects such as Kubernetes, Prometheus and Envoy. This is an example of an open source organisation that has fostered collaboration among the entire value chain - developers, end-users and vendors. Today’s CNCF membership includes significant technology brands such as Amazon, Cisco, Google, Microsoft, Oracle, SAP and many others.
Containers and other cloud-native paradigms were initially developed with IT environments in mind. And as these technologies have matured and the capability of the cloud-native technologies increased, the OT decision makers have taken notice. And as more developers get access to container technology, they are going through a journey of their own, albeit one that is different from the journey of the IT developers over the last decade.
Until now, the OT world was primarily developed with proprietary architectures with a significant focus on reliability, safety and longevity, albeit at the cost of flexibility and scalability. The solutions were typically custom-built, hardware-centric and leveraged heterogeneous compute architectures. And this method has been successful in producing and deploying systems that were put into production 15 years ago and are still functional.
The industry is now realising that this approach, while it delivers on the reliability and longevity, it has also resulted in a massive technology debt. The systems currently deployed in manufacturing, transportation, and process automation haven’t kept up with the technology and are still using concepts from 15-20 years ago. While the systems are in good working condition, because they are monolithic and inflexible, they are expensive to maintain and are slow to respond to market demands.
Many of the end-users have realised that they can no longer compromise on flexibility and scalability for the sake of reliability, safety and longevity. Organisations such as Open Process Automation Forum (OPAF) have come together to accelerate the shift from a hardware-centric approach to a software-driven approach. This new approach includes flexibility from the get-go enabling key capabilities such as software updates, redundancy, vendor interoperability, and transition from a device-centric view to a systems and solutions view.
Cloud-native architectures are particularly critical as the OT world transitions to a flexible systems and solutions approach. But extending the use of container technologies to the OT domain requires a different way of thinking. Compared to IT compute nodes, where the variance between compute nodes is relatively minor, the compute environments in the OT world vary significantly. This is typically because of long deployment life cycles that can result in new generation hardware sitting right next to one that is over ten years old.
Until recently, the cost and complexity of leveraging cloud-native architectures and containers for embedded systems were prohibitive in most cases. Developers were required to roll their own solutions, implementing custom solutions derived from software platforms optimised for IT environments. Because of these challenges, most embedded systems have either continued to be implemented using traditional 'bare metal' physical architectures or have adopted virtualization approaches based on VMs that are likely sub-optimal in terms of agility, portability, footprint and/or load time.
Over the last few years, however, the community is adding capabilities that are needed and relevant for OT systems. A commercial Linux offering like Wind River Linux for example, now provide applications, tools, documentation and other resources for embedded system developers looking at leveraging or deploying systems using a cloud-native model, as well as pre-integrated components from CNCF, configured to deliver a fully-functional solution for embedded systems such as edge appliances.
By leveraging such a pre-integrated container platform, developers can focus their time on creating the applications that represent their true differentiation, enabling them to accelerate their time-to-market for value-added solutions.To assist developers, these platforms now pre-integrate or interoperate with an 'alphabet soup' of CNCF projects, including Ansible, cAdvisor, CNI, etcd, GitHub, Google container registry, GRPC, OCI, Open vSwitch, Prometheus, registry, runc and sysdig, with others as potential additions for future releases.
Technologies such Wind River’s OverC container technology integrate these CNCF components together with components from the Linux Foundation’s Yocto Project, resulting in an integrated embedded solution that is processor architecture-agnostic and ready to support any orchestration environment. This architecture supports multiple container orchestration projects such as Kubernetes.
In the near future, embedded system developers in OT environments will witness a rapid industry and community-driven innovation of cloud-native technologies relevant to the OT environment. OT developers will increasingly be able to leverage the use of containers in edge applications like IoT gateways, industrial control systems, on-premise data lakes, deep learning-based security, autonomous driving systems, Radio Access Network (RAN) products, and a wide range of network appliances.