The TwinCAT/BSD Hypervisor is a system feature of the TwinCAT/BSD operating system from Beckhoff and enables the simultaneous execution of virtual machines and TwinCAT real-time applications on a Beckhoff Industrial PC. Optimized integration of the hypervisor into the TwinCAT/BSD operating system and coordination of software and Industrial PC hardware enable maximum performance of virtual machines while maintaining TwinCAT real-time properties for machine control. The TwinCAT/BSD Hypervisor benefits from the high performance and hardware-based virtualization technologies of modern Intel® and AMD CPUs in Beckhoff Industrial and Embedded PCs. The high-performance execution of virtual machines enables the strengths of different operating systems to be used on a Beckhoff Industrial PC and the security properties of the overall system to be improved by operating user environments in a modular and isolated manner.
Isolated Windows environments
The operation of entire operating systems in virtual machines enables, for example, TwinCAT real-time applications to be operated separately from a Windows desktop environment for machine operation (HMI) on an Industrial PC. In this context, the Windows operating system is run in a virtual machine environment. Windows restarts, e.g. due to software updates, do not lead to a machine control stop. Machine availability is ensured, since Windows is restarted only within the virtual machine environment and TwinCAT continues to be executed in the real-time context by the TwinCAT/BSD host.
Through the device passthrough feature of the TwinCAT/BSD Hypervisor, hardware resources such as the GPU, USB and/or network interfaces can be explicitly assigned to a virtual machine. Access to the TwinCAT/BSD system via user and network interfaces is limited and can thus improve the security of the control system.
Linux® container host
In addition to Windows, Linux® distributions can also be operated on the controller with the aid of the TwinCAT/BSD Hypervisor. Linux® virtual machines enable containerized Linux® applications to run directly on the machine controller, allowing data to be collected and processed in close proximity to the actual data source. The communication of data between Linux® containers and machine control can thereby take place via host-only networks. Unencrypted network communication takes place exclusively locally between the TwinCAT/BSD and the Linux® container host. Confidential machine data does not leave the Industrial PC.
If a public network connection is also required for deploying Linux® containers or sending data to the cloud, dedicated Ethernet interfaces can in turn be explicitly made available to a Linux® virtual machine through device passthrough. In this way, network interfaces of the Industrial PC are already isolated from the control system at the lowest level and can be assigned to different network segments without having to filter network packets via VLANs, IP networks or firewall rules.
Efficient backup and restore of operating system environments
Virtual machine environments benefit from the ZFS file system of the TwinCAT/BSD host. Based on ZFS snapshots, the states of individual virtual machines can be backed up efficiently and restored as needed. This allows entire operating system environments and their user applications to be packaged, backed up and distributed as a file. In the event of incompatible software updates or misconfigured user applications, a previously saved state can be restored fast and application downtimes reduced.
TwinCAT/BSD for Beckhoff Industrial PC platforms combines the TwinCAT runtime with FreeBSD, an industrially tested open source operating system.
C9900-S6xx, CXxxxx-0185 | TwinCAT/BSD for Beckhoff Industrial PCs
An alternative operating system – TwinCAT/BSD – will be available for selected Beckhoff Industrial PC platforms. TwinCAT/BSD combines the TwinCAT runtime with FreeBSD, an industrially tested and reliable open source operating system.
The TwinCAT software system turns almost any PC-based system into a real-time control with multiple PLC, NC, CNC and/or robotics runtime systems.