The software world is ticking in a way faster cycle and does not really match to existing infrastructures. In the past, the industry solved that problem by means of PLCs (programmable controller). It allows to keep a software installation that matches to the machine. In fact, the operating system and the middleware stays at the same version, while the user just programs the machine in a high level interpreter language, often with a graphical interface. This abstraction is very useful and keeps many business running for a very long time.
However, there are few issues related with that approach:
Safety norms are changing over the years. This can make the old software framework obsolete.
Older software and operating systems are bound to a certain hardware configuration often. Computer hardware is outdated quickly.
Distributed systems depend on software being moved between software systems with different processor architecture. Today, the x86 processors are no longer dominating the market.
Smaller and cheaper control systems are needed to respond faster and in a more economical way to react on request from the market.
Industrial robots and humans are working side by side and modern Safety mechanisms are required to avoid injuries. These may comprise processors running in lockstep mode or any other measures known from the Automotive, Railway or even Avionics markets.
With factories running in 24/7 mode, high availability also has become an important issue. This also includes reconfiguration of existing software and hardware in very little time.
Our Solution: Resource and Time Partitioning
Many of these problems can be solved with combining virtualization to real-time controlling capability.
This is where PikeOS excels by its unique resource and time partitioning features.
Keep your Legacy Code alive by means of Virtualization
PikeOS allows to execute your existing software within a virtual machine, called resource partition. It does not matter whether your application used to run on the bare metal or had been using an operating system. PikeOS can execute guest operating systems in para virtualization or hardware virtualization mode while still maintaining real-time capabilities. This makes you independent from discontinued hardware platforms.
Add new Functionality (e.g. Network Stack) by means of a Linux Partition
In case your legacy software cannot be extended by a network stack, PikeOS allows to run your application parallel to a Linux system in a separate partition on the same hardware. Your application keeps the real-time capabilities and can still be certified according to the highest level. The Linux communication layer connect to the outside world and does not contribute to the functional Safety of the system. This is called mixed-criticality.
Isolate Legacy Code (safe, but unsecure) from the Outside by means of dedicated Communication Channels
It often happens that existing software is required to be connected to the outside world. However, the code had been written with functional Safety in mind and does not withstand any Security evaluation. PikeOS enables you to setup a secure gateway with a firewall and an intrusion detection system. The legacy application communicates with the gateway via dedicated surveillance communication channels only.
Save Hardware Cost by Migration of multiple Boards into one System
PikeOS allows to execute multiple guest operating systems on the same hardware which significantly reduces the total cost of ownership.
Industry 4.0, PLC and Edge / Cloud Computing
Here we show three solutions combining an IEC 61499-compliant PLC with cloud connectivity for common Security concerns in edge devices.
High Availability Systems
High Availability (HA) is a property of Safety-critical systems in order to detect failures and recover from those, while still keeping the system’s main functionality active without interruption. In our whitepaper we examine the use cases and how these can be managed if the main core of the system’s computational capabilities is based on a separation kernel OS.
Secure Factory Automation
The continuing technological advancement that is enabling decreasing costs and greater compactness of devices make it possible to connect and control more physical elements in the industrial environment today. This is enabling industrial engineers to monitor processes with greater accuracy and drive OEE (Overall Equipment Effectiveness). At the same time separate operational technology (OT) systems are merging with enterprise IT infrastructure. However, this greater connectivity also brings more threats from malicious digital actors.
Smart Factory: Connecting multiple Machines to fulfil Customer on Demand and Customization Request
Building a smart factory with multiple and heterogeneous machines requires connectivity, coordination, flexibility and re-configuration on the fly. Especially when customers are entitled to order customized goods. In extreme cases, there may be batches with only a single production cycle.
Safety IEC 61508: Operator and Robot working Hand in Hand
In the past, industrial Safety used to avoid software issues by means of an emergency buzzer. Nowadays, software is capable to monitor human-robot interaction with 3D cameras, enabling automatic collision/distance detection. In general, the trend is moving towards highly complex software which can get people killed or injured if something goes wrong. However, this requires certification up to the highest levels. Coming from the Avionics world, this is where PikeOS has its strengths.
PikeOS and Linux used in Mining Excavator
Bucyrus (today Caterpillar) chose PikeOS for IP protection, investment protection and obsolescence management. PikeOS was ported to a new hardware platform and configured to provide two different partitions, one running legacy code on a POSIX API, and the other running new applications on Linux. Software investments on the excavator product line are protected and complemented by Linux programs running within the Linux partition. Secure partitioning mechanisms ensure each application remains independent. Existing IP is protected in its own partition and cannot be accessed from Linux.
Many Industrial products have Safety requirements according to IEC 61508. PikeOS is the best certification solution for three reasons: small size, criticality partitioning, and unparalleled company support for the certification process.
The PikeOS partitioning concept makes it possible for applications of various levels of criticality to be certified for their individual required Safety levels while running securely in parallel on the same hardware platform. Even more important for certification is a competent and reliable partner who does not leave you in a tight spot when it comes to documentation, requirements and tests.
The PikeOS separation kernel itself is small in terms of implementation and its little number of system calls allows comprehensive evaluation and validation. As a matter of fact, PikeOS 5.1.3 (x86 64-bit, ARMv8, PowerPC) has passed the Common Criteria EAL5+ certification.
Extreme Flexibility provides Independence from Suppliers in Hardware and Software Choice
PikeOS supports a broad range of hardware architectures and provides interfaces for a wide array of guest OSs. It is easy to add additional architectures and interfaces (including for legacy code) and therefore to manage hardware obsolescence.
Partitioning provides the Basis for a pragmatic Linux Strategy
PikeOS offers an integrated Linux guest operating system to include Linux or other open-source features like network, GUI or web server. Your own intellectual properties, real-time functions and safety-critical applications run in separate partitions.
Integrated Safety reduces Certification Cost
Applications of various levels of criticality and Security are safely separated from one another in distinct partitions and certified separately.
SYSGO supports its customers with own resources, engineers, workshops and trainings, as well as with artefacts and provision of source code.