As automation and software suppliers come out with all the latest and greatest in manufacturing brilliance, the fact is that most production environments are just struggling to keep their operations up and running.
“There’s a push/pull in the IT world between all the things that we want to do and all the things that are very much reality. At the same time, we’re still being pulled back by legacy equipment,” said Alan Stanfill, MES group manager for St. Louis-based system integrator Stone Technologies. “We come to these conferences, we get all fired up, and we want to talk about where we’re going with this. That sounds real neat, but I’m still faced with the reality of what’s in my facilities.”
Speaking at the Automation Conference & Expo this week in Chicago, Stanfill and Huck Bales, senior MES engineer/analyst for Stone Technologies, talked about how to manage obsolescence of your operating system (OS), sharing best practices for managing your OS and related, emerging technologies that impact your plant floor just as much as the production systems themselves.
Run to fail might be the mindset that prevails at your plant. Even if that’s the case, it still needs to be an intentional plan. “We still have to know where the risks are when we do that,” Stanfill said.
OS obsolescence can mean several different things. Maybe the system will no longer allow you to implement what you need to. Maybe there are no longer security patches for that OS. Or maybe your hardware is about to die, and the current OS is no longer available for your new hardware.
Regardless of the situation, Stanfill said, “In most cases, what we’re finding is that it hasn’t been planned for.”
The OS vendors, certainly, are planning for obsolescence. “When you acquire an operating system,” Bales said, “Microsoft will tell you when obsolescence is planned. At some point, Microsoft is going to stop taking care of your operating system for you.” And yet it’s not atypical to see operations running that OS for 4-5 years beyond that point.
The same lifecycle holds true for Linux, the new kid on the block among factory OSs.
“Vendors have planned for some obsolescence, but have we done anything about it? Or are we just running headlong into the brick wall?” Stanfill asked. No matter your situation, you need to have a plan in place. “Every application is unique, but the point is you’ve got to think it through. You’ve got to be intentional. How am I going to support it? How am I going to keep it secure?”
Patches can be a hassle, Stanfill conceded, but that doesn’t mean you should bury your head in the sand instead. “Patch management can be a complicated thing to deal with,” Bales added. “When you’re doing patch management, you need to be looking at each of your operating systems and each of your product vendors that you have in play.”
Stanfill and Bales walked through a few case studies in which they had helped clients migrate their systems and upgrade their OSs along the way. In many cases, moving to a more modern approach involved using virtualization, containerization and software as a service (SaaS) to manage OS obsolescence.
The speakers emphasized the importance of operations working closely with the IT department to manage upgrades. Though people in the operational technology (OT) space might worry about everything that could go wrong with patching or upgrades, IT could offer guidance. “If you have an IT group that’s actively managing their space, they’re probably used to rolling things out this way,” Stanfill said. “Keep the barriers down between IT and OT. IT knows how to manage upgrades and can help you get through them very effectively.”
Some technical suggestions that IT is likely to be much more familiar with are things like virtualization, containerization and edge computing.
Virtualization is a way to abstract the hardware layer away from the software layer, Stanfill said, “and can help to get you through obsolescence.” In one customer case mentioned, a pharmaceutical manufacturer avoided revalidation by moving from Windows 98 InTouch 7.1 to virtual machines.
Containerization is another level of abstraction, Bales commented. With a docker layer between the server OS and the hardware, each hardware function is a separate container. This lets you deploy and run applications without devoting an entire virtual machine to each app. “From their perspective, they’re running in their own compute space,” he explained.
Containerizing your devices also gives you a path to edge computing and the ability to manage the devices from a cloud environment, Bales added. “Edge computing provides context to the control layer and can bridge the gap between the current control world and all these cool Internet of Things technologies,” he said.
Regardless of your strategy for managing OS obsolescence, you need to have a strategy. “Are you actively managing this process?” Stanfill asked conference attendees. “This issue is not going to go away in our space. It’s getting more and more complex, but that does not mean they need to be hard to manage.”
Though the Industrial Internet of Things (IIoT) and software obsolescence bring with them some inherent risk to the OT environment, there’s a lot to take advantage of as long as you manage your risks. “You’ve got to make some decisions for yourself and your business as to what risks you can tolerate,” Stanfill said. “If your plan is that the best thing is to run until you hit a brick wall, that’s OK. But hopefully you have a plan for what you do when you hit the brick wall.”