The usage of virtualized machines in IEC 61850 substations enables the accommodation of many systems on one platform. A growing complexity of realized applications requires not only an interconnection between the multiple virtual machines and external devices, but also a regulated and secure network communication. For cyber security reasons mainly hardware-based firewalls are used to monitor and control the traffic exchange, limited to the virtualization host´s system interfaces. In this case virtualization provides advantages in terms of hardware management and network security. By extending the virtualization host system by a specialized firewall-based security layer, the network communication can be monitored and controlled in a more specific way.
Virtualization of hardware-based firewalls
With a virtualized firewall there is no need for a single hardware-based solution to be integrated in the computing network. This leads to an easier handling and reduced maintenance costs. At the same time hardware-based firewall and switch ports can be saved.
Increased Security through virtualizing firewalls
Redirecting the communication from a physical device on the host system enables controlling the complete data traffic, for virtual machines and external physical devices. Furthermore, it provides security regulation for virtual machines. This includes the arrangement of communication rules for single virtual machines, the definition of instructions for data exchange and a traffic control on a protocol or service basis. Example for a virtualized firewall:
Welotec Rugged Substation Server
Welotec RSAPC provides a virtualization platform for modern IT structures to take advantage of virtualization in substation environments. This includes the reduction of hardware costs, increasing availability and security. With its powerful Xeon processor and 64 GB memory the RSAPC can run multiple virtual machines with different systems simultaneously. This includes firewall solutions for virtual machines and physical devices.
