Webinar: Introduction to LF Energy SEAPATH

Introduction to SEAPATH
Virtualization for Digital Substations
November 13th
2025
Erwann Roussy – Embedded software engineer / SEAPATH Maintainer
erwann.roussy@savoirfairelinux.com

LF Energy SEAPATH © Copyright Savoir-faire Linux 2025 2/36
Savoir-faire Linux is a recognized team of experts
in Open Source Software engineering
in North America and Europe.
years in industrial product engineering in many verticals

Outline
I. Project Presentation
II. Enable Virtualized Protection and Control (vPAC)
○
Ensure technical requirements are met
○
Continuous Integration and Development
○
High availability cluster
III. SEAPATH Integration
IV. Community

PROJECT PRESENTATION

Inspired by industrial successes in virtualization
→ Maximizes resource utilization
→ Reduces costs
→ Improves flexibility and
availability
→ Isolates environments
→ Enhances security
→ Facilitates the transition to
scalable cloud infrastructures.
→ Replaces physical hardware
with software functions
→ Facilitates rapid deployment
of new services
→ Reduces infrastructure costs
→ Improves resource
management.
→ Essential for implementing
5G, network slicing and edge
computing.
→ Optimize resources by consolidating
multiple functions on a single server
→ Lower hardware costs
→ Improved centralized management,
security and flexibility
→ Facilitates service continuity
→ Supports the transition to Smart
Grids, making infrastructures more
agile and scalable
Data Center Telecoms Digital Substations

The goal of SEAPATH
a reference design and
industrial grade open source
real-time platform
Develop
virtualized automation
and protection
applications
Host
a platform between multi-
provider applications
(hardware agnostic)
Share
performance and
safety
Combine

Technical
requirements Virtualization
High availability
Infrastructure
As Code
Cybersecurity
Minimal services /
configurations
Low network
latency
Real-time

Existing
solutions
Off-the-shelf solutions providing either
●
HA & Virtualization platform
●
Real-time platform
●
Low-latency platform
But not a mix of that !
+ Minimal firmware
+ Highly configurable

SEAPATH at the heart
of electrical substations
Station Bus
HMI
Process Bus
MMS
PTP
PTP
PTP
MMS
GOOSE
SV
SV
GOOSE
SV
GOOSE
SV
MMS
RTU
PTP
Master
Local
management
Hypervisor
Redundant hypervisor
VIRTUAL
IED
VIRTUAL
IED
...
VIRTUAL
IED
MERGING
UNIT
EQUIPEMENT
●
Open source hypervisor based on existing free software
○ Real-time virtual machine redundancy
○ Designed to operate on critical infrastructures
●
Many requirements
○ Deterministic (processing, Network latency)
○ Resilient (fault intolerant)
○ Cyber resilient
○ Hardware agnostic
○ Long-term support

Hypervisor
VM VM VM VM VM VM
...
EMU
Corosync STONITH
Linux Kernel (PREEMPT_RT)
SEAPATH: aggregating Open-source software

SEAPATH is OS agnostic !
●
Create your Linux distribution from source
code
✔
Customization / Minimization
✔
Hardware support
✔
Reproducible builds
✔
Independence to maintain it
✗
Learning curve ↗
✗
Maintenance effort ↗
●
Use prebuild packages
✔
Easy to build / install
✔
Maintenance from the community
✗
High dependency from the community
•
No ability to modify package
•
No ability to reproduce the system
Ansible is used in both cases for configuration & deployment

ENABLE VIRTUALIZED
PROTECTION & CONTROL (vPAC)

Ensure technical requirements are met

Provided by QEMU, KVM and libvirt
Clustering features
Provided by Ansible
Compliance against Cybersecurity norms
Only relevant software and configurations are installed
Linux system configuration
Linux kernel configuration
SEAPATH as a configured Linux distribution
Virtualization
High availability
Infrastructure
As Code
Cybersecurity
Minimal services /
configurations
Low network
latency
Real-time

Configured for real-time virtualisation
●
Hypervisor AND virtual machine use real-time kernel
●
Multiple VMs must share access between different
resources
○
Multiple CPUs
○
RAM and Memory allocation
○ Network cards access
●
Configuration handled by SEAPATH
HYPERVISOR
VM
CPU RAM
DISK

●
How to ensure a correctly configured infrastructure ?
●
How to scale an infrastructure deployment ?
●
Write code snippets that describe your infrastructure
○
Declarative
○
Reliable
○
Fully reproducible
○
Allow versioning
●
SEAPATH uses Ansible
Infrastructure as code

Continuous Integration and Development

SEAPATH CI
●
Open process
○ Fully open source CI (continuous integration) pipeline
○ Ability to distribute the test into different locations
►
2 locations for the moment (RTE @Jonage, Savoir-faire
Linux @Rennes)
○ Open source tests
►
committed in SEAPATH
►
reviewed & tested
●
Tests focusing on what matters for digital substations
○ Cybersecurity
○ Real-time
○ IEC 61850 latency tests

●
Hardening based on ANSSI BP28
●
Matrix of compliance with
recommendations of national
cybersecurity authorities
●
Testing of recommendations for each
contribution on reference hardware
platforms
Cybersecurity conformance

●
Real-time capacity tests with cyclictest
tool
●
Short tests for each contribution and long
tests (once a week)
●
Ensure the ability of the system to run
real-time applications
Real-time testing
cyclictest -l10000 -m -Sp90 -i200 -h400 -q
Linux RT VM running on SEAPATH on Welotec RSAPC Mk2
Cyclictest, 10k cycles

Linux RT VM running on SEAPATH on Welotec RSAPC Mk2
Latency test between SV sender and VM application
●
Hardware- in-the-Loop (HIL) testing
strategy
○
Send IEC61850 Sampled Values (SV)
○
Receive via a virtualized test program
without SV processing
IEC61850 network latency

SEAPATH cluster

Cluster action scenarios
Live migration
●
A VM changes hypervisor without reboot
●
No impact on the software
Maintenance
●
Migrate VMs on another cluster machine
●
Shutdown hypervisor
●
Update of replace the machine
Load balancing
●
Distributes VMs over the cluster
●
Avoid too many VMs on the same
hypervisor
●
Uses live migration

Cluster failover scenario
Network failures
●
Cluster still running with one link down
●
Possible to customize SEAPATH to look for failures
(ex: PTP disruption)
Excessive resource consumption of a VM
●
Critical VMs cannot influence one another
●
SEAPATH ensure separation of resources
Hypervisor critical failure (ex: power outage)
●
Hypervisor shutdown is detected
●
VMs are restarted on the other cluster hypervisor.
●
Impact on the software (5-10 seconds downtime)

SEAPATH INTEGRATION

Hardware running SEAPATH
SEAPATH is hardware agnostic
●
Requirements are standard
– x86 (soon ARM)
– UEFI
– IOMMU
– PTP
●
Any modern industrial machine
can run SEAPATH
●
Platform power depends on user
needs
Standard machines already
running SEAPATH
●
Advantech ECU 579
●
Welotec RSAPC Mk2

●
vIED integration into SEAPATH
○
ABB SSC600 SW (done)
○
GE Vernova PoC
●
RTU (on-going)
Integration with third party
software vendors

SEAPATH support the required technologies for electrical substations
●
Time synchronisation (PTP, NTP)
●
Redundancy (PRP, HSR)
●
Networking (SR-IOV)
Technology supported for the OT world

Proof of Concept with GE Vernova
●
Project managed by National Grid
●
VPaC running on SEAPATH
Demo organized at LF Energy Summit 2024
●
Promising results with trip < 8ms
Case study on LF Energy Website :
”National Grid Electricity Transmission
and GE Vernova Collaborate on LF Energy
SEAPATH to Advance Virtualized
Protection and Control”
Conferences
→ Technical insight by Camilo De Arriba
(GE Vernova) and Erwann Roussy
(Savoir-faire Linux)
→ Project overview by Thomas Charton
(National Grid)

SEAPATH COMMUNITY

SEAPATH On-boarding
Join the community Documentation
Getting started
Mailing List
Slack
LinkedIn
Youtube Playlist
GitHub Landing page
LF Energy page
Ansible Galaxy
GitHub
Wiki
One Technical Steering Committee every month

International Conferences
→ Deploying a Virtual IED on LF Energy
SEAPATH, Advices and Experience
Feedback - Camilo De Arriba, GE
Vernova & Erwann Roussy, Savoir-faire
Linux
→ What Do Virtualization and SEAPATH
Really Change for RTE ? - Bastien
Desbos, RTE
→ A Case Study on Testing LFE Seapath at
National Grid Electricity Transmission -
Thomas Charton, National Grid
Electricity Transmission
→ Implementing and Validating Linux
Cyber Security Requirements:
SEAPATH, a Case Study - Enguerrand
de Ribaucourt & Mathieu Dupré,
Savoir-faire Linux
`
More conferences on the SEAPATH Youtube playlist on LF Energy channel

SEAPATH Community growing

SEAPATH is currently being used or
evaluated by 7 utilities and 11 different
vendors

SEAPATH Initiatives in the World
○ RTE : R#SPACE Industrial Use Case
of SEAPATH
○ RTE : VIP'R R&D Project (VIrtual PAC
Rte) with ABB and Schneider Electric
○ GE Vernova : Deploying a Virtual IED
on SEAPATH

Full list on the SEAPATH wiki

SEAPATH Community growing

Thank you for your attention
Erwann Roussy erwann.roussy@savoirfairelinux.com
https://savoirfairelinux.com/ https://lfenergy.org/projects/seapath/ https://wiki.lfenergy.org/display/SEAP/SEAPATH
https://github.com/seapath https://lfenergy.slack.com #seapath
contact@savoirfairelinux.com

Webinar: Introduction to LF Energy SEAPATH

More Related Content

Similar to Webinar: Introduction to LF Energy SEAPATH

More from DanBrown980551

Recently uploaded

Webinar: Introduction to LF Energy SEAPATH