The end of the Windows 7 lifecycle is fast approaching: January 2020. This pending “end of life” means Microsoft will discontinue all support, including paid support, and all updates, including security updates. Of course, Microsoft might make an exception for some of its larger customers, but at a heavy price.
What does this mean for your organization?
The Move to Windows 10
This upcoming deadline encourages enterprises to move away from Windows 7 to Windows 10. And with Windows 10’s functional and security improvements, there are good reasons to move to the newer operating system.
However, there are significant challenges to making this move: Many legacy applications (some of them developed internally) do not support Windows 10, and enterprises will have a hard time updating them to do so. As a result, many organizations will be stuck with Windows 7 well past the end of support timeframe (for reference see the stats in the survey here).
- Some legacy apps will never have an updated version that works on Windows 10 (e.g., the vendor no longer exists / no one can do this migration / critical systems that no one wants to touch).
- Some enterprises who have applications that require Windows 7 may want to refresh their hardware, but Windows 7 might not have driver support for the modern hardware.
To sum up, although it’s hard for enterprises to move to Windows 10 (because of the app conversion/testing costs), they might be forced to do so because of one of these reasons:
- New hardware is not supported by Windows 7.
- Some new apps/app versions do not support Windows 7.
- Some software running on Windows 7 won’t have security updates anymore (both the OS and apps/middleware, e.g., IE6, older .NET versions, …) and are prone to be compromised.
- Windows 7 is no longer considered secure enough due to the increasing sophistication of cyberattacks, so there’s motivation to benefit from Windows 10 security features.
How do enterprises tackle the Windows 7 End of Life problem today?
There are several options:
- Bite the bullet and go through the expensive app migration/testing process (Gartner estimates it could cost as much as $445 per seat to move to Windows 10).
- Use app virtualization/sandboxing to wrap apps that can only run on Windows 7. Typically done on a per-app basis, this requires a lot of work and often leads to compatibility issues.
- Run a Windows 7 virtual machine (VM) on top of Windows 10. However, this approach lacks network security controls on the Windows 7 VM as well as granular copy-paste controls, central management of that Windows 7 VM, etc.
- Use Virtual Desktop Infrastructure (VDI) to provide a Windows 7 VM in the cloud with the legacy apps. This means users work remotely on a Windows 7 VM. The user experience isn’t great since they must be online/connected to work, and performance — and therefore, productivity — often suffers from VDI lag times when they are connected.
And then there’s the reality that, during these migration projects, some of the user’s data/apps are either lost or have to be migrated in a cumbersome way to the new environment.
Hysolate can help Mitigate Windows 7 End of Life Issues
Hysolate enables enterprises to run both Windows 7 and Windows 10 on a single endpoint device, while enhancing security and productivity. It works by transforming an end-user device into multiple, fully isolated virtual operating system (OS) environments, or endpoints. These endpoints are built on top of a bare-metal hypervisor that sits below the OS. Everything an end-user does happens in segregated, local OSes that run side-by-side.
In this case, the Windows 7 VM would be locked-down, network-wise, so that it can only access the enterprise’s legacy apps/servers. It would not have full Internet access. The Windows 10 VM could be unlocked, enabling end-users to access the resources they need to do their jobs.
All you need to adopt the Hysolate solution are end-user devices with at least 8GB of RAM, an Intel Core i5 CPU and an SSD drive.
The benefits of the Hysolate architecture are pretty substantial:
- No need to invest any effort in migrating legacy apps to Windows 10. The Windows 7 apps exist side-by-side with the Windows 10 environment.
- The Windows 7 environment stays outdated but, because it is contained in a locked down Hysolate VM, and has limited network access/permissions, it won’t be easily breached.
- The solution runs locally (as opposed to VDI) so users get the same local user experience and are able to work anywhere.
- Your enterprise can migrate to new hardware and keep running Windows 7.
- You can start using new Windows 10 apps that weren’t previously supported.
- Even if the Windows 10 environment is compromised (somehow), the attackers won’t have access to the sensitive Windows 7 apps (e.g. financial apps, OT apps, …). This contracts significantly with other VM approaches, such as running a Windows 7 VM on a Windows 10 native box, which leaves sensitive information exposed..
- You get a fully centrally managed solution that gives admins control over the Windows 7 VM and what can be done with it. These controls will keep on working even as Microsoft stops supporting Windows 7.