Hypervisor
A hypervisor is a software or Firmware layer that enables Virtualisation by running multiple virtual machines (VMs) simultaneously on the same physical hardware. Within modern OT and Industrial Automation environments, the hypervisor forms the fundamental basis for Virtualisation, containerised workloads, Edge Computing and software-defined OT platforms.
Hypervisors are deployed within industrial infrastructures for:
By enabling virtualisation, hypervisors support the shift towards modern IT OT Convergence architectures in which OT systems are increasingly integrated with IT infrastructures, cloud platforms and software-based automation.
⚙️ What is a hypervisor
A hypervisor abstracts physical hardware resources so that multiple virtual systems CAN run independently of each other.
The hypervisor manages:
- CPU scheduling
- memory allocation
- storage access
- network virtualisation
- hardware abstraction
- interrupt handling
- device sharing
Virtual Machine
│
Guest OS
│
Hypervisor
│
Physical Hardware
Each virtual machine functions as if it were a standalone physical system.
🏗️ Types of hypervisors
Type 1 Hypervisor
A Type 1 hypervisor runs directly on physical hardware.
Also known as:
- bare-metal hypervisor
- native hypervisor
Examples:
- VMware ESXi
- Microsoft Hyper-V
- Xen
- KVM
Architecture:
VM
│
Hypervisor
│
Hardware
Benefits:
- high performance
- low overhead
- better isolation
- higher reliability
- suitable for production OT
Within industrial environments, Type 1 hypervisors are dominant.
Type 2 Hypervisor
A Type 2 hypervisor runs on top of a host operating system.
Examples:
- VMware Workstation
- VirtualBox
- Parallels
Architecture:
VM
│
Hypervisor
│
Host OS
│
Hardware
Benefits:
- easy installation
- suitable for labs
- handy for simulation
Drawbacks:
- higher Latency
- additional overhead
- less Deterministic Behaviour
Within OT, Type 2 hypervisors are mainly used for:
- test environments
- engineering
- simulation
- training
🧠 Virtualisation principles
A hypervisor creates virtual hardware for guest systems.
Important virtualisation components:
| Component | Function |
|---|---|
| vCPU | Virtual processor |
| vRAM | Virtual memory |
| vNIC | Virtual network interface |
| vDisk | Virtual storage |
| Virtual Switch | Virtual network |
| Snapshot Engine | Point-in-time recovery |
Hypervisors manage resource sharing between VMs.
⚡ Hypervisors within OT
Within Industrial Automation, hypervisors are used to consolidate OT systems.
Typical OT workloads
| Workload | Virtualisable |
|---|---|
| SCADA | Yes |
| Historian | Yes |
| MES | Yes |
| OPC UA servers | Yes |
| MQTT brokers | Yes |
| Engineering Station | Yes |
| Domain Controller | Yes |
| Soft PLC | Depends on real-time requirements |
🖥️ Hypervisors and SCADA
Modern SCADA environments often run fully virtualised.
Typical architecture:
VM Cluster
├── SCADA Server
├── Historian
├── OPC Server
├── Alarm Server
└── Engineering VM
Benefits:
- hardware consolidation
- easy Recovery
- snapshots
- High Availability
- central Lifecycle Management
📡 Network virtualisation
Hypervisors often contain virtual networks.
Important components:
| Component | Function |
|---|---|
| vSwitch | Virtual switching |
| VLAN tagging | Segmentation |
| Virtual NIC | VM connectivity |
| Port groups | Traffic separation |
OT networks can be logically separated within the same physical infrastructure.
Applications:
- DMZ
- engineering zones
- production OT
- management networks
- test environments
⚡ Real-time challenges
Hypervisors introduce additional scheduling layers.
This affects:
Issues arise especially with:
- Motion Control
- real-time IO
- high-speed Fieldbuses
- Safety systems
Examples:
| Technology | Challenge |
|---|---|
| EtherCAT | Timing-sensitive |
| ProfiNET IRT | Determinism |
| TSN | Strict timing |
| SERCOS III | Low jitter required |
Some systems therefore remain dependent on dedicated hardware.
🔄 Resource scheduling
The hypervisor allocates resources dynamically.
Important factors:
| Factor | Impact |
|---|---|
| CPU oversubscription | Performance loss |
| Shared storage | IO latency |
| NUMA topology | Memory performance |
| Network congestion | Packet delay |
Poor configuration can lead to:
☁️ Hyperconverged infrastructure
Many modern OT environments use hyperconverged infrastructures.
These combine:
- compute
- storage
- networking
- virtualisation
Examples:
- VMware vSAN
- Nutanix
- Azure Stack HCI
Benefits:
- scalability
- Redundancy
- central orchestration
- easier management
🔒 Cybersecurity risks
The hypervisor is a critical part of OT infrastructure.
Important risks
| Risk | Impact |
|---|---|
| Hypervisor compromise | Entire environment compromised |
| VM escape | Lateral movement |
| Management interface abuse | Unauthorised management |
| Snapshot leakage | Data theft |
| Shared infrastructure attacks | Cross-system impact |
Because multiple critical OT systems depend on the same hypervisor, a single compromise can have major impact.
🛡️ Hypervisor Hardening
Important measures:
- dedicated management networks
- MFA
- RBAC
- Secure Boot
- encrypted storage
- management VLANs
- Patch Management
- Logging
- Audit trails
Additional OT measures:
🔄 High Availability
Hypervisors support extensive HA functionality.
Commonly used functions
| Function | Goal |
|---|---|
| Live Migration | Moving active VMs |
| Failover Clustering | Automatic recovery |
| HA Restart | Restart on failure |
| Replication | Redundancy |
| Snapshots | Recovery |
Within critical infrastructures, redundant hypervisor clusters are standard.
🧪 Hypervisors in OTAP and simulation
Hypervisors are ideal for:
- OTAP
- FAT/SAT
- simulation
- cyber ranges
- Digital Twin
- training
Benefits:
- fast provisioning
- rollback
- safe isolation
- reproducible environments
OT engineers can simulate full process environments without physical installations.
📦 Storage virtualisation
Hypervisors often virtualise storage as well.
Typical technologies:
- SAN
- NAS
- software-defined storage
- vSAN
Important considerations:
| Aspect | Relevance |
|---|---|
| IOPS | Historian performance |
| Storage latency | Real-time data |
| Redundancy | Availability |
| Snapshot policy | Recovery |
| Backup integration | Continuity |
📡 Hypervisors and Edge Computing
Within Edge Computing, lightweight hypervisors are increasingly popular.
Edge nodes run, for example:
Benefits:
- workload isolation
- local processing
- remote management
- fast deployment
⚠️ Operational risks
Single Point of Failure
Consolidation increases impact of failures.
Failure of a single hypervisor host can affect multiple systems:
- SCADA
- historians
- engineering stations
- protocol gateways
The following are therefore necessary:
- redundant clusters
- failover mechanisms
- Backup strategies
- Disaster Recovery
Resource contention
VMs share hardware.
Issues:
- CPU starvation
- memory pressure
- storage bottlenecks
- Network Congestion
Consequences:
🏭 Practical applications
Manufacturing
Hypervisors for:
- virtual SCADA
- MES platforms
- historians
- AI analytics
Energy supply
Applications:
- EMS systems
- substations
- central monitoring
- OT data platforms
Water sector
Use for:
- redundant SCADA
- Telemetry aggregation
- historian clusters
Building Automation
Virtualisation of:
🛠️ Lifecycle management
Hypervisors simplify OT management.
Benefits:
- template deployment
- central provisioning
- snapshots
- automated backups
- fast recovery
Integration with:
🛡️ Relevant standards and frameworks
| Standard | Relevance |
|---|---|
| IEC 62443 | OT security |
| NIST SP 800-82 | ICS virtualisation |
| ISO 27001 | Security governance |
| NIST CSF | Cybersecurity framework |
For safety-critical workloads, additional validation requirements often apply.
📈 Trends and developments
Important trends:
- software-defined data centres
- edge virtualisation
- container-native hypervisors
- hyperconverged OT
- lightweight hypervisors
- confidential computing
- AI-enabled infrastructure
Hypervisors remain a fundamental building block of modern OT infrastructures.
🎯 Conclusion
Hypervisors form the technical basis of modern virtualised OT environments and enable efficient consolidation, scalability and high availability of industrial workloads.
Within IT OT Convergence, hypervisors support the shift towards software-defined infrastructures, edge computing and cloud-native OT platforms.
At the same time, virtualised OT environments require careful attention to real-time behaviour, resource management, cybersecurity and redundancy in order to safeguard industrial reliability and availability.