Clone VMs

Purpose

The Clone Virtual Machines (VMs) are what the orchestrator spins up, and host the actual clone applications.

How It Works

A slimmed down image provided by the Operation System (OS) manufacturer serves as the VM baseline. Atop that is a purpose-built version/patch level of the desired control system. Next is a service whose function is to connect the VM to the configuration manager and keep it up to date on any configuration change. Finally, the platform bundles a set of drivers that allow for the orchestrator to track resource usage, and pass in information the VM needs to run (e.g. keys that identify it uniquely to the configuration layer).

The services running on these VMs are connected to the orchestrator via a specialized 'launch service' that communicates with the orchestrator and loads in updated adapters and similar drivers. This launch service appears to the VM as a normal executable, as well as a secondary virtual drive running on the VM. This approach allows for standard AV programs on the baseline image of the clone VMs to process the launch service in the same way as any other installed software, preventing these drivers from serving as increased attack surface.