What is Extended Support

Microsoft operates two support lifecycles phases, mainstream support and extended support. During mainstream support, users receive paid support, warranty claims, security updates, non-security hotfixes etc. This mainstream support phase has an end date, usually around 5-6 years after the product’s original release.

In the case of Windows 7, released in October 2009 (yes, that long ago), mainstream support ended on January 13th 2015. Since then, Win 7 has been in the ‘Extended’ support phase. This doesn’t mean that you can’t get help with your Win 7 operating system, it just means it’s a bit more difficult. It also, more importantly, means that you’ll still receive critical security updates during the extended support period. These vital updates protect your computer and data from unauthorised access from unscrupulous malware or hackers. Once the extended support phase ends, you’re out there alone. No support from Microsoft, no cavalry to call in an emergency, and nobody to sue or litigate in the event of a disaster…nobody that is, but yourselves.

The same is also true of Windows Server 2008 and 2008 R2 – no further service packs are planned, no further updates and no support available after the deadline date of January 14th 2020.

Windows 7 Lifecycle

Sales startedSales EndedEnd of mainstream supportEnd of Extended Support
22/10/200931/10/201313/01/201514/01/2020

How does this affect my BMS system?

Several BMS platforms use Windows products in their operation. Earlier versions of Siemens Desigo Insight Terminal Server, for example, may still utilise Windows Server 2008, whilst some Desigo V6.0 clients may still use Windows 7.

In recent years, there have been several instances of BMS systems being ‘hacked’, providing access to the plant, alarms, reporting, CCTV, door locks, lighting and other critical services. Some of this may not be an issue for your regular run-of-the-mill office space, but if you’re running out-dated operating systems in hospitals, police buildings, military buildings or other secure locations, end-of-life operating systems on your networks could represent a significant security threat.

What can I do to mitigate the risks?

Exceptions

Some businesses will be large enough to have access to Extended Security Updates (ESU) – but these are restricted to purchases via volume licence agreements – and in the end, these will be terminated also, so it’s probably best to start planning early.

In the super short-term

For most of us, without an ESU, you’re going to have to upgrade. This could take the form of an OS upgrade, from Windows 7 to 8.1 or from Server 2008 to Server 2012. Both of those would still only guarantee secure operation into the early 2020s.

Disconnect from the internet

Your Windows 7/Server 2008 devices are only really a risk if they’re connected to the internet. Disconnect them and those risks are diminished. Problem is, you’ll also lose some functionality, and you’ll certainly lose any remote support services you may already be contracted for, or paying for on an ad-hoc basis.

A more robust solution – structured upgrades

Chances are if you’re operating a BMS system that still requires Windows Server 2008, that BMS system has already hit ‘end of life’ in its own lifecycle. If that’s the case, you will need to upgrade your BMS system along with any obsolete Windows-based products that you were using for your legacy system i.e. a new BMS system won’t operate on a legacy OS, both will need to be changed.

In order to complete the upgrade, we create what’s called a structured upgrade pathway. This involves installing a new head-end on your site and running it alongside your legacy one. We can then start to transition the hardware on your site in a planned, cost-effective fashion. We’ll take it area by area, using old hardware as spares for any areas that are yet to be transitioned.