by Thierry Coste, Van Hoa Nguyen, and Nadine Kabbara, EDF R&D, France
In electrical power systems, Intelligent Electronic Devices (IEDs) such as protective relays, meters, and controllers play a pivotal role in monitoring, controlling, and safeguarding the electrical grid. However, what if we could replicate the device’s functionality in a purely emulated digital environment? Instead of solely relying on physical hardware, modern digital substations may leverage technologies such as virtualization to enhance system operation efficiency, reliability, and flexibility. The concept of Virtual IEDs forms an integral part of this transformation.
In information technology, virtualization refers to the software emulation of physical resources, such as computing, storage devices, and network resources. In the context of smart substations, a virtualized IED involves deploying virtual machines (VMs) and/or containers (lightweight isolated processes) to host substation functions and applications that were traditionally executed by dedicated physical IEDs. (Figures 1 and 2).


IED Virtualization Advantages
The technological shift with IED virtualization promises to offer several advantages:
- Resource Optimization: While it is not feasible to physically reduce the number of measurement points, hence the number of sensors, or actuators in a substation, the number of IEDs – which execute complex protection and control algorithms – can be optimized. Virtualization enables the consolidation and centralization of multiple IED functions into fewer physical devices, significantly optimizing hardware utilization and reducing the hardware footprint of substation equipment, ultimately contributing to cost savings and enhanced operational efficiency
- Flexibility, adaptability and enhanced upgrading capability: The transition to virtual IEDs and smart substation technologies marks a disrupting change from the traditional lifecycle of power generation and distribution systems, characterized by infrequent, major “generational” upgrades. This shift enables a flexible operation and upgrade pathway that is adaptable to the evolving technological capacities and market demands. One of the key advantages of virtualization relies in its uncoupling of hardware and software, allowing for independent and more frequent upgrades to software without the need for corresponding hardware changes. This decoupling breaks the conventional “generational” lifecycle of power systems, where substantial disruptions and overhauls were necessary to implement new generations of technology. Instead, advancements can be incrementally integrated, leading to continuous improvement. (Figure 3).

Breaking the ‘traditional generation’ lifecycle (the notion of ‘generation’ is somehow disappearing.
The different levels of control and command have more often been induced by technological rather than functional developments, where the latter have minimally changed over the last 30 years. In fact, control functions are highly dependent on changes in the protection plan, and we can assume that, particularly with the advent of renewable energies and increased use of electrical energy, the electrical network will undergo more frequent changes. Virtualization technologies are ideally suited to this dynamic, which is not possible with incremental systems. In a way, virtual technology eliminates the effect of increments and technological breakthroughs in the lifecycle of our systems, enabling smoother evolution and integration, with a reduction in the associated costs.
While the technological promises are exciting, one of the most critical advantages of virtualization in the context of substation is the evolution of application lifecycle management. The uncoupling of hardware and software fundamentally transforms the operational dynamics of smart substations. This separation allows for independent development and improvement of software components without necessitating concurrent hardware changes and a new generation disruption. On the other hand, functionality decomposition and specialization alongside the adoption of virtualization technologies will revolutionize the blackbox engineering workflow, thereby enabling the adoption of Agile project management methods. Agile methodologies emphasize iterative development, continuous integration, and rapid delivery, which are now feasible due to this decoupling. Consequently, substations can implement more frequent system upgrades and significantly reduce the time required for the next release. This agile approach not only enhances the adaptability and responsiveness of power systems but also ensures that the infrastructure remains at the cutting edge of technological advancements, effectively responding to evolving market demands, cyber security alerts, and regulatory requirements. The ability to rapidly update and deploy new functionalities ensures that smart substations can continuously improve their efficiency, reliability, and performance, maintaining a robust and future-proof power grid. (Figure 4).

IED Virtualization Challenges
Networking and Resource Bottlenecks: The implementation of process and station buses with virtualized networks in smart substations presents several limitations, particularly concerning bottlenecks, resource consumption, and PRP (Parallel Redundancy Protocol) / HSR (High-availability Seamless Redundancy) management. One of the primary limitations is the potential for network bottlenecks. Virtualized environments can generate substantial data traffic, and if the physical network infrastructure lacks sufficient bandwidth or efficiency, this can lead to congestion and delays. Such bottlenecks can severely impact the performance of time-sensitive applications like protection and control systems, which require low-latency and high-reliability communication.
Resource consumption is another significant limitation. Virtualized networks demand computational resources, including CPU, memory, and storage. These requirements can strain existing hardware, leading to increased operational costs and potential performance degradation of the cohabitated applications (especially the real-time applications) if resources are not adequately managed. Ensuring that virtualized networks have access to sufficient resources (while do not get the resources allocated to other applications) is critical to maintaining optimal performance and avoiding resource contention that could affect the stability and reliability of substation operations.
Organizational: Organizationally, virtualization alters the structure and management of technical teams by introducing new roles and promoting a more collaborative and agile approach. Regarding system architecture, virtualization allows for a more modular and resilient design, facilitating the integration of new technologies and continuous system updates without major disruptions. In terms of security, virtualization necessitates new strategies to protect virtualized environments, including advanced cybersecurity measures and continuous monitoring to ensure data integrity and confidentiality. Naturally, adoption of virtualization brings new professional profiles into the smart substation ecosystem: DevOps teams play a crucial role in ensuring continuous integration and deployment of applications and services, thereby improving the speed and quality of updates. IT specialists are essential for managing virtualized infrastructures and ensuring their optimal operation. Data analysts are needed to interpret and leverage the large volumes of data generated. We cannot neglect the necessity of cyber-security team either. This diversity of skills enriches yet adds even more complexity into the ecosystem that requires careful planning and organization in order to attain the promised innovation and operational efficiency.
Techno-economic: Aspiring to a future virtualized substation, it is required to carefully examine several techno-economic limitations. While reducing the hardware footprint and optimizing the resource utilization by the vIED can lead to long-term cost savings, the transition to virtualized environments demands significant initial investments in high-performance computing hardware and robust network infrastructure, which can be prohibitively expensive for some small utilities. Additionally, as aforementioned, the complexity of managing and maintaining virtualized systems requires specialized skills and knowledge, necessitating substantial investment in training and development for existing staff or hiring new expertise, such as IT specialists and cybersecurity professionals. Moreover, potential disruptions during the transition phase can be substantial.
In a joint study by the InnoCyPES EU project and EDF R&D, an open-source cost-benefit assessment model was specifically designed for assessing virtualized protection, automation, and control systems (PACs) in electrical substations. The model evaluates the capital expenditures (CAPEX) and operational expenditures (OPEX) of two scenarios: (1) conventional substations using intelligent electronic devices (IEDs), and (2) virtualized PAC functions implemented in hardware-independent virtual machines or containers. A 30-year simulation, incorporating comprehensive, optimistic, and pessimistic virtualization adoption scenarios, along with sensitivity analyses covering reliability, redundancy, initial costs, and virtualization roll-outs, was conducted. The primary results indicate that virtualization can help reduce CAPEX and system update costs by approximately 20% and 60%, respectively, compared to traditional substations. However, challenges related to technology maturity, roll-out strategies, software licensing, and maintenance can greatly impact overall cost savings and the payback period.
Technology Maturity: Besides the technical-economic limitations, the maturity of virtualization technology in the context of critical infrastructure remains a concern. Ensuring the reliability and real-time performance of virtualized IEDs (Intelligent Electronic Devices) in critical applications such as protection and control remains a concern, as any latency or failure in virtualized environments could have severe implications for grid stability and safety. While virtualization is well-established in IT environments, its application in power systems, which require high reliability and a deterministic real-time performance, is still evolving. This immaturity can lead to hesitation among utilities, as the risk of system failures or performance issues could have significant operational and safety implications. Additionally, utilities’ acceptance of virtualization technologies can be slow due to the traditionally conservative nature of the industry. Utility companies may be wary of adopting new technologies that have not yet been proven over the long term in critical environments. Another significant challenge is the integration and harmonized work within legacy systems. Many utilities operate with a mix of old and new technologies, and ensuring seamless interoperability between virtualized systems and existing legacy infrastructure can be complex and costly. This integration requires careful planning, substantial investment, and sometimes bespoke solutions to bridge the gap between different generations of technology. Along with the introduction of new actors, maintaining the seamless transition and the coordination of multiple specialized disciplinaries necessitates the utility to have a long-term strategy with a well-skilled core team of experts, dealing with a wide range of technology providers, instead of just outsourcing to a few polyvalent suppliers. This again, demands a considerable cost. In return, the utility now can have control over their infrastructure, or some of the critical parts of it, independently of the suppliers. Another option is taking the whole package (i.e. hardware infrastructure, software deployment infrastructure, software and maintenance). With many classical substation automation providers as well as newcomers from IT world joining the race towards virtualization in smart substation, this option may help in the transition phase and may be more beneficial for the small utilities in the short-term. While returning to the old business model where utilities depend on a few suppliers, the utilities with the uncoupling system now have the choice to internalize, or to seek a third-party supplier for some parts of the system in the future, if they wish to do so.
Open Source: The development and deployment of virtualized smart substations strongly relies on multiple open-source bricks, whether it is virtual machine or containerization. The adoption of open-source models in one of the most critical systems of human society represents both significant opportunities and challenges. On one hand, open-source models offer substantial benefits by fostering innovation, collaboration, and cost savings. These models allow utilities and developers to leverage a wide array of pre-existing solutions, reducing development time and costs associated with proprietary software. The collaborative nature of open-source projects can lead to rapid advancements and improvements, as a diverse community of developers contributes to solving common problems and enhancing the functionality of virtualized systems. Additionally, open-source solutions can provide greater transparency and flexibility, allowing utilities to customize and optimize systems to meet specific needs without being locked into vendor-specific ecosystems.
On the other hand, open-source adoption also poses several challenges. Integrating open-source solutions with proprietary and legacy systems can be complex and may require additional customization and support. Licensing issues can arise, as different open-source licenses have various requirements and restrictions that must be carefully navigated to ensure compliance and avoid legal complications. Certifiability is another critical limitation; ensuring that open-source software meets stringent industry standards and regulatory requirements can be difficult, as the certification process for open-source projects is often less straightforward than for proprietary solutions. The lack of formal support and accountability can be a significant concern for utilities, which rely on the reliability and stability of their systems. Ensuring the security and robustness of open-source software in critical infrastructure applications requires rigorous validation and continuous monitoring, which can be resource-intensive. Furthermore, integrating open-source solutions with proprietary and legacy systems can be complex and may require additional customization and support. Despite these challenges, the influence of open-source models represents a powerful opportunity to drive innovation and efficiency in virtualized smart substations, provided that the risks are carefully managed and mitigated.
The adoption of open-source models in virtualized smart substations is also challenging in terms of security. The transparent nature of open-source code can expose vulnerabilities to potential attackers who can scrutinize the code for weaknesses. The decentralized development process may also lead to inconsistent security practices and a lack of coordinated response to emerging threats. Furthermore, the reliance on community-driven updates and patches can result in delays in addressing critical security flaws, posing risks to the stability and safety of power systems. On the other hand, open-source models offer substantial security opportunities. The transparency of open-source software allows for extensive peer review and auditing by a broad community, which can lead to the identification and remediation of vulnerabilities more quickly than in closed-source systems. This collective scrutiny can enhance the overall security posture of the software. Additionally, open-source projects often benefit from contributions from security experts around the world, leading to the development of robust security features and best practices. The ability to customize and modify open-source code also allows utilities to implement tailored security measures that fit their specific needs and regulatory requirements. Therefore, while open-source models present security concerns, they also offer significant opportunities for enhancing security through collaboration, transparency, and the collective expertise of the global developer community.
CyberSecurity: From a global perspective, virtualization in smart substations significantly expands the attack surface, introducing new security challenges. By shifting critical infrastructure functions to virtual environments, the number of potential entry points for cyberattacks increases, and the complexity of securing these environments grows. Virtualization can expose vulnerabilities in hypervisors, virtual machines, and network interfaces, making comprehensive security measures essential. However, virtualization also brings substantial security opportunities. It enables faster patching and updates, as virtualized systems can be quickly reconfigured and updated without the need for physical hardware changes. This agility allows for rapid deployment of security patches in response to emerging threats, reducing the window of vulnerability. Moreover, virtualization allows the integration of advanced security measures from the IT world, such as automated threat detection, intrusion prevention systems, and robust encryption techniques. These tools can be more easily implemented and managed in a virtualized environment, enhancing the overall security posture. Therefore, while virtualization does expand the attack surface of smart substations, it simultaneously provides the tools and flexibility needed to implement enhanced security measures, offering a balanced approach to managing and mitigating risks. (Figure 5).

It is noteworthy to remark that virtualization layer is not necessarily a new layer in the stack. It replaces in fact the firmware, associated with the physical layer of a traditional IED, which is managed by the supplier and is transparent to the user. In this perspective, while the firmware is almost never updated, unless when we change the hardware, the virtualized IED will see it hypervisor/container runtime having security patches very frequently. It does not mean that the proprietary firmware is more secure, on the contrary, singlehandedly maintained by the provider may be the potential scenario for many zero-day exploits. The same argument can go for the applications deployed on the higher layers.
The future of IEC 61850 with PAC virtualization
The future of IEC 61850 with PAC virtualization
Interoperability limitations: Power system engineers often possess limited knowledge of purely IT-based technologies such as virtualization. Their expertise in power system IEC 61850 communication and control cannot be substituted by IT specialists skilled in virtualization, leading to significant challenges in coordinating efforts between the two domains. One of the significant challenges in transitioning from existing physical systems to a complex virtualized environment is the absence of formal definitions and automated engineering practices. This transition remains complex and uncertain for power system and standardization experts, making seamless integration difficult to achieve. Additionally, ensuring the interoperability and portability of vIED applications and data is essential to prevent vendor lock-in by IT software providers or platforms.
Interoperability involves the ability to exchange and interpret information between multiple systems or services. Portability refers to the capability to transfer data or applications from one system or service to another. In the context of vIEDs, it is crucial to formally define the data and applications that need to interoperate or be ported.
Additionally, the heterogeneity of the available tools supporting virtualization (e.g., VMWare, KVM, Docker, etc.) introduces additional cross platform integration complexity. This diversity complicates the efforts of power system experts attempting to test vIEDs, as achieving interoperability among tools for large-scale information systems becomes less straightforward.
GOOSE, while effective for its intended use in substations, introduces unnecessary complexity and overhead for same-host virtualized environments where simpler, more efficient communication methods can be investigated. Challenges can exist regarding:
- Efficiency: Many virtualization and cloud network architectures do not efficiently support multicast, leading to potential message loss or increased latency
- Static Configuration: Adding new virtual IEDs requires manual reconfiguration, which is time-consuming and error prone
- Scalability: Limited by the ability of the network to handle multicast traffic, and difficulties in dynamically adjusting the system.
Therefore, a gap still exists regarding the messaging and communication needs of vIEDs within the same host server or otherwise ‘intra- vIED communication’.
Virtuozlab: Lab demonstration and performance assessment for vIED
Promising and challenging at the same time, virtualization may be the next technological revolution in the electrical engineering domain. Nevertheless, the power grid is a critical system with multiple rigorous business requirements. It is mandatory to verify that the virtualized functions respect at least the same requirements as traditional functions, for at least:
- Real-time constraint – Determinism of the execution of functions
- Measurements every 250 µs – 4000 communication frames/second
- Most protection functions must react in less than 200ms
- Time synchronization (better than ±1 µs) by IEC 61588 / IEEE Std 1588 (Precise Time Protocol – PTP)
- Redundancy: N-1, PRP, HRS
- Cybersecurity

As one of the pioneers to explore virtualization in electrical grid applications, EDF R&D has developed the new platform VirtuozLab (in EDF Lab Paris Saclay) aimed at assessing the impact and interest of these new technologies for the sector. Virtuozlab features an architecture representing the protection, automation and control environment of the primary substation in the future, equipped with traditional technical means (IEDs, merging units, GPS clock) and for virtualization (remote I/O modules, server racks and next gen PLC with virtualization capability). The Virtuozlab allows us to experiment with different possible architectures in the future (e.g. remaining as a physical system, fully virtualized system or co-habitation of both technologies), to examine their response to the strict requirements of the power sector, as well as to evaluate the advantages and technical contributions offered by virtualization to our engineering practices. Beyond the technical assessment, we also explore new engineering workflows and best practices to have a complete technico-economic consideration of the different scenarios. (Figure 6).
The initial results of our assessment are promising. With the right optimizations, virtual functions offer a comparable performance (determinism and rapidity) to that of conventional physical hardware. We were also able to make synchronization via PTP for virtualized and containerized functions. The first stress test demonstrated that multiple vIED can be deployed in a single infrastructure while responding correctly and consistently to protection requirements. Currently, we are exploring further experimentation (examine the bottlenecks, switching time in redundancy scenarios, operation under perturbation) to examine the technology in all its details and assess its potential to meet the most complex requirements.
Biographies:

Thierry Coste joined EDF in 1985 and has worked in different distribution areas. He joined EDF R&D as research Engineer in 1999. He has been involved in renewal projects of the distribution automation system and control center and contributed to different European ICT: FENIX (VPP), ADDRESS (Demand Respons), OPENNODE (New RTU). Member of the WG10 and WG17 of the (IEC TC57), he is task leader of the new IEC 61850 Technical Specification of the Smart Grid Device Management System. He has a degree of Electrical Engineering and Industrial computing. He is currently Senior Researcher and Project manager in Network Automation Systems at EDF R&D.

Van Hoa Nguyen received the M.S. degree in Mechatronics from Grenoble INP, France in 2010 and the Ph.D. degree from INSA Lyon, France in 2014. He is currently a researcher at EDF Lab Paris Saclay. His research interests include interoperability, cyber-physical energy system and novel SCADA technologies.

Nadine Kabbara received her MSc. degree in control and electrical engineering from Paris Saclay University. She is a third-year Industrial Ph.D. working with the French utility EDF in their R&D department. She is also part of the InnoCyPES European project on connected digital smart grids. Her research interests include virtualization in substations, IEC 61850, virtualized IEDs, data modeling, and simulation frameworks.