Managing Windows 7 end of life for industrial systems
From oil and gas to heavy equipment and manufacturing, industrial systems rely on embedded devices that run on Windows 7. However, on January 14, 2020, Windows 7 will reach end-of-life and thus will no longer be supported by Microsoft. Running unsupported versions of Windows is incredibly risky because vulnerability to the latest security threats grows exponentially when the operating system is no longer receiving regular patches.
Guest blog written by Ricky Watts, Wind River.
Running unsupported versions of Windows leaves industrial systems vulnerable.
The logical next step is to upgrade to Windows 10, the latest version supported by Microsoft. However, this typically requires replacing older processors and internal hardware in various industrial machines and systems that are not able to run directly with Windows 10. This creates a significant expense that most companies would rather not incur or simply don’t have the budget for. In addition, Windows 10 has already been in use for five years, assuming the typical 10-year Windows operating system lifecycle, so upgrading now would leave only five more years before upgrades are required again. Organisations need a way to break out of this cycle for good.
Windows 7 End of Life Solutions
Option 1: Keep Current Hardware While Running Windows 10
Adding Wind River Linux and a hypervisor into the software stack allows the existing hardware in embedded industrial devices to run Windows 10. The hypervisor runs on top of Wind River Linux, and Windows 10 (with its 64-bit drivers) runs as a guest in a virtual machine (VM). Wind River offers an open-source, commercially supported version of Linux that is targeted at embedded devices and includes long-term support with kernel patches and ongoing security monitoring.
Find a solution that includes kernel patches and ongoing security monitoring.
This solution can help reduce total cost of ownership (TCO) by circumventing the need to upgrade to a motherboard that supports Windows 10 and eliminates the need to re-architect applications. All Windows 10 functions work as designed, with no performance degradation. Choosing this solution provides an over-the-air option, removing the need to send IT workers to remote locations for major hardware upgrades or monthly Windows patches. This solution can also run both stacks side by side while implementing and testing the replacement.
When it comes to security, Wind River Linux offers advanced security measures, including secure boot chains, advanced hard-disk encryption, white-listing, and product attestation. These measures protect devices with natively integrated security at no additional cost. In addition, by using VMs, there is the potential for a significant reduction in new software distribution time. It is possible to spin up a new VM, download the new software, and make a hot-swap to the new version within minutes – using an over-the-air format. Instead of visiting the machine with a thumb drive, for example, a binary image is sent over the network and the device is updated remotely. Software upgrades that might have previously taken hours can be completed in minutes, which is ideal for critical industrial applications that cannot be down for hours at a time.
Industrial applications can’t afford any downtime – find a solution that supports instant over-the-air update.
Windows 7 End of Life Option 2: End Future Windows Upgrade Cycles
Wind River offers a second solution that allows companies to avoid the Windows upgrade cycle entirely by migrating the native operating system from Windows to Wind River Linux. This allows for longer lifecycles without needing to upgrade. Linux also has another benefit – it’s open source. Research suggests that open source solutions provide the best security because the code is readily available for the open-source community to scrutinise and test against. Plus, Wind River Linux has fewer lines of code than Windows, meaning the potential attack vector is smaller.
Wind River Linux is designed for compatibility with security tools that are built directly into the distribution. In contrast, with Windows development requires the selection of a firewall, an antivirus tool, another solution for white-listing key applications, an encryption solution, a firmware over-the-air program, and more. There is no guarantee that these programs work well together, which could expose additional security flaws. Wind River Linux handles security more efficiently by distributing patches more often than Windows’ monthly cadence. Distributing patches more often means they are smaller because they include only the necessary security fixes, whereas Windows patches often include a range of changes beyond the specific security fix.
Using Wind River Linux ensures maximum security is built right in.
Linux is the ideal solution because it:
- Saves time and money because there is no need to upgrade the hardware on industrial devices
- Makes management easier since there is no need to upgrade or frequently patch the Windows operating system
- Benefits from having a secure, well-supported operating system that offers equivalent APIs, drivers, and tools used in Windows
Wind River Can Support Your Windows 7 End of Life Transition
Wind River leads the industry with deep expertise and long-standing experience creating devices, systems, and networks that need to perform at exceptional levels to meet critical safety, security, and reliability requirements for industrial operations. With a Wind River Linux subscription, companies can rely on predictive maintenance and 24/7 product support, with no end dates. Wind River can provide a custom migration-upgrade solution that obviates the need to start all over again, while also providing consulting and support based on industry experience and expertise.
For more information on how to transition your systems away from Windows 7 download the eBook Managing Windows 7 End of Life in Embedded Systems. Or, to find out how Wind River can help, talk to a Windows end of life expert.
Courtesy of Wind River.