Virtualizing Windows NT-based Applications

Emerson’s J.D. Wheelis, a modernization consultant, wrote a thought-provoking piece that I got my hands on recently. The subject is computer virtualization, and J.D. discussed how you might consider using it for your Windows NT-based applications where the hardware has become obsolete and/or unreliable.

In my “geek hack” time, I’ve played around with some virtualization software like some of VMware‘s offerings, and found it quite amazing how an entire operating system with associated hardware peripherals can be virtualized inside another with good performance. I used it when I switched to Windows Vista and needed a Windows XP virtual PC to connect to some legacy IT applications and printers. It’s also possible to run virtual Linux PCs inside a Windows-based host and vice versa.

The only “gotcha” I’ve encountered is if you have an OEM version of a Windows operating system that’s tied to the hardware it comes with. You can’t shut down the hardware and move the operating system to a virtual environment. You’d need to purchase or transfer a version unencumbered with these license restrictions.

J.D. notes that several process control applications remain only available in the Windows NT environment. The automation engineers in plants and mills run into a conflict between keeping the plant running with the continued use of the application and the difficulties in keeping the application in operation. In addition, the engineers deal with the conflict between keeping these PCs running and satisfying plant IT requirements to eliminate these PCs based on security concerns.

J.D. makes the case that virtualization techniques and products are a way to provide hardware replacements for these NT-based computers.

Virtualization enables the Windows NT operating system to run in a virtual environment created under a different and newer operating system, such as Windows XP, Windows Vista or even a flavor of Linux. The physical machine hosting the virtual machine provides everything the virtual machine needs – the disk space, the memory (RAM), access to the processor, access to both the physical network and a virtual network as the application requires.

J.D.’s hands-on experience is similar to mine with respect to performance. He observes:

In my experience in installing and using virtualization for a control system configuration application, I saw no difference in the performance of running the application. Everything worked, from complicated graphics display and editing, database operations, sub-applications designed to perform special tasks, to communications through networking, both from virtual machine to host and virtual machine to another physical machine through the host’s network connection.

With respect to security:

The security issues on networked virtual machines remains if you are using the application to communicate over the physical network to a different physical machine. You can use common security measures to mitigate the security issues. These include configuring routers to limit the connections from the virtual machine to only those computers you know need to have that access.

You can also limit the network connections to those on the physical machine, and not allow the virtual machine access to the physical network. Careful planning and implementation helps minimize security risks in having virtual NT machines on the network.

J.D. summed up his thoughts that virtualization can help reduce the spare part hunt fixing up older physical PCs, can help relieve that natural tension between plant engineering and the IT team, and can follow some standard security measures to reduce cyber-security risks.

These ideas are something to consider if you’re faced with this situation.

Update: A couple of great comments have come in on this post in FriendFeed that I wanted to share.

Posted Thursday, September 4th, 2008 under Cyber-Security, Modernization.

Leave a Reply