Hello,
I work in an academic research lab and support an extensive amount of instrumentation. Some our host computers use Windows 7 and Windows 10. These OS’s do pose potential problems but we are unable to migrate away from these in all examples. Common practices with instrumentation computers is to prohibit them from accessing the Internet to prevent unwanted updates to support software such as Java that might be required by a given application. That is, if Java updates beyond a level that has been validated by a third party software vendor then their software loses functionality.
I am wondering if I convert some of these host computers to Ubuntu/Linux and use machine virtualization to identify support application updates and download them under Ubuntu/Linux.
Please let me know your thoughts regarding this strategy.
Hi and welcome,
Hopefully there are other enterprise level resources you can consult with. Mission critical systems leave little room for experimenting.
The surest way to keep a host off the internet is to remove the ethernet cable & have no wifi cards enabled.
How do you get the instrumentation software updates now? How do you get & apply specific, wanted, Java updates now? Can updates be downloaded using a different computer and saved on a USB and then applied locally to the instrumentation host?
Windows can be run from a VM. In this case, Windows would be the guest machine. The VM host can be Ubuntu. VMs can be configured to not have network or internet access.
Does this mean that there is an external device attached to the PC which requires Windows drivers to function? And for which no equivalent Linux hardware support is available?
If native Linux hardware connectivity is available, then it may be possible to switch entirely away from Windows, no virtualization needed.
- You can test Linux hardware support without any change to your existing system by creating a current LiveUSB, booting the machine from the USB (instead of Windows), and entering the “Try Ubuntu” environment.
If Windows hardware connectivity (Windows driver) is needed, then virtualization may be a poor choice. The host OS (Linux) would control the hardware, and the guest OS (Windows) drivers simply won’t work. Getting around that is possible, but requires expert-level ongoing maintenance.
If you are stuck with older Windows OS, consider using a secure proxy machine to prevent direct access to/from the internet, allowing only the specific communication you find desirable. Alternately, you can do something rather similar using your current Windows Firewall settings, but that’s a question for a Windows support venue.
Advice: Testing first is a good idea. Lots of testing. You don’t want to lose capability.
I wonder if checking package keys with Intel TSX could be a thing?
I’m not entirely sure how machine virtualization can be used to do anything with app updates. Do you have specific examples?