Use less code, get more security with a Nano Server

Engineering and IT Insight: The upcoming Microsoft Nano Server, with a much smaller footprint, exposes less code, decreases risk, and so will increase security. Reducing the need to patch, reducing the need to reboot, and optimizing for a virtual machine (VM) environment with the design of manufacturing information technology (IT) systems.


Anyone who has to maintain a modern manufacturing information technology (IT) system, with dozens of applications and servers, knows that updates and server maintenance is a continual pain. Different applications typically have different server patch and update requirements. Applications from different vendors, even applications from the same vendor, usually cannot run on the same servers, necessitating multiple individually managed servers. It is not uncommon to have 30 or more servers in a typical manufacturing operations server room. VM technology has reduced the number of physical servers, but each VM must still be individually configured and managed. Even worse, each VM provides a large attack footprint for cyber attacks, so each VM must be continually monitored for compromise, patched, and updated.

Stripped down server version

Even though non-Microsoft systems have been used in a minority of manufacturing systems, they have long had the ability to use micro server installs, which have only the minimal operating system (OS) features needed for each application. Microsoft has a stripped down server version called the Server Core that allows users to remove unwanted parts of a Microsoft Windows server, but this has been difficult to configure and manage, so it is not commonly used in manufacturing systems. The typical manufacturing system server is a standard Microsoft Windows 2008 or Microsoft Windows Server 2012 server install, managed by using a local graphical user interface (GUI) that contains dozens of unused features and millions of lines of unused code.

All of this will change with the next Microsoft Windows server version, with the introduction of the Microsoft Windows Nano Server. The Nano Server is headless, which means that it has no GUI, only a 64-bit, minimal footprint VM and a cloud-ready Windows server.

The Nano Server follows the good security practice of only including the minimal services needed for an application. For most manufacturing applications this is a very small subset of the complete Windows server environment. The Nano Server is estimated to be less than 10% of the size of the Server Core version. The major advantages for manufacturing operations are: reduced security vulnerabilities, a 92% reduction in critical bulletins, and an 80% reduction in system reboots. The smaller-sized OS also means that more VMs can be put on a physical server, with potentially hundreds of VMs in a large physical server.

Smaller attack surface, fewer patches

The smaller Nano Server footprint, smaller attack surface, fewer patches, fewer reboots, and optimization for cloud and VM environments make it a great fit for manufacturing systems. The small footprint also allows vendors to optimize applications for one "application per server" environment, reducing testing requirements, simplifying installation procedures, and simplifying upgrade procedures. It allows vendors to introduce new versions of some applications without impact to other applications. All of these advantages are a strong incentive for vendors to start testing their applications on the Nano Server beta for delivery in 2016.

The removal of the GUI, remote desktop services, and MSI (Windows Installer package) significantly reduces the security attack surface and code size, but it also means that end users will need to learn new tools to manage server rooms. The new OS will be managed using Microsoft Windows PowerShell scripts (task automation software) and Microsoft Windows Management Instrumentation (WMI) tools.

Task automation for manufacturing systems

End-user system administrators should immediately start learning and using PowerShell and WMI to manage their current servers. They will find that they can automate many tasks that formerly had to be done manually, and they will reduce their administrative load in maintaining dozens of servers.

Overall, this is a move in the right direction for manufacturing systems. Reducing the need to patch, reducing the need to reboot, and optimizing for a VM environment helps us design systems with the 10-plus-year lifetime that is needed for manufacturing IT systems.

- Dennis Brandl is president of BR&L Consulting in Cary, N.C. His firm focuses on manufacturing IT. Edited by Eric R. Eissler, editor-in-chief, Oil & Gas Engineering,

ONLINE extra

This posted version contains more information than the print/digital edition issue of Control Engineering.

At, search Brandl for more on related topics.

See other articles for 2015 at

See other Manufacturing IT articles

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me