Use less code, get more security with a Nano Server

Engineering and IT Insight: The upcoming Microsoft Nano Server, with a much smaller footprint, exposes less code, decreases risk, and so will increase security. Reducing the need to patch, reducing the need to reboot, and optimizing for a virtual machine (VM) environment with the design of manufacturing information technology (IT) systems.


Anyone who has to maintain a modern manufacturing information technology (IT) system, with dozens of applications and servers, knows that updates and server maintenance is a continual pain. Different applications typically have different server patch and update requirements. Applications from different vendors, even applications from the same vendor, usually cannot run on the same servers, necessitating multiple individually managed servers. It is not uncommon to have 30 or more servers in a typical manufacturing operations server room. VM technology has reduced the number of physical servers, but each VM must still be individually configured and managed. Even worse, each VM provides a large attack footprint for cyber attacks, so each VM must be continually monitored for compromise, patched, and updated.

Stripped down server version

Even though non-Microsoft systems have been used in a minority of manufacturing systems, they have long had the ability to use micro server installs, which have only the minimal operating system (OS) features needed for each application. Microsoft has a stripped down server version called the Server Core that allows users to remove unwanted parts of a Microsoft Windows server, but this has been difficult to configure and manage, so it is not commonly used in manufacturing systems. The typical manufacturing system server is a standard Microsoft Windows 2008 or Microsoft Windows Server 2012 server install, managed by using a local graphical user interface (GUI) that contains dozens of unused features and millions of lines of unused code.

All of this will change with the next Microsoft Windows server version, with the introduction of the Microsoft Windows Nano Server. The Nano Server is headless, which means that it has no GUI, only a 64-bit, minimal footprint VM and a cloud-ready Windows server.

The Nano Server follows the good security practice of only including the minimal services needed for an application. For most manufacturing applications this is a very small subset of the complete Windows server environment. The Nano Server is estimated to be less than 10% of the size of the Server Core version. The major advantages for manufacturing operations are: reduced security vulnerabilities, a 92% reduction in critical bulletins, and an 80% reduction in system reboots. The smaller-sized OS also means that more VMs can be put on a physical server, with potentially hundreds of VMs in a large physical server.

Smaller attack surface, fewer patches

The smaller Nano Server footprint, smaller attack surface, fewer patches, fewer reboots, and optimization for cloud and VM environments make it a great fit for manufacturing systems. The small footprint also allows vendors to optimize applications for one "application per server" environment, reducing testing requirements, simplifying installation procedures, and simplifying upgrade procedures. It allows vendors to introduce new versions of some applications without impact to other applications. All of these advantages are a strong incentive for vendors to start testing their applications on the Nano Server beta for delivery in 2016.

The removal of the GUI, remote desktop services, and MSI (Windows Installer package) significantly reduces the security attack surface and code size, but it also means that end users will need to learn new tools to manage server rooms. The new OS will be managed using Microsoft Windows PowerShell scripts (task automation software) and Microsoft Windows Management Instrumentation (WMI) tools.

Task automation for manufacturing systems

End-user system administrators should immediately start learning and using PowerShell and WMI to manage their current servers. They will find that they can automate many tasks that formerly had to be done manually, and they will reduce their administrative load in maintaining dozens of servers.

Overall, this is a move in the right direction for manufacturing systems. Reducing the need to patch, reducing the need to reboot, and optimizing for a VM environment helps us design systems with the 10-plus-year lifetime that is needed for manufacturing IT systems.

- Dennis Brandl is president of BR&L Consulting in Cary, N.C. His firm focuses on manufacturing IT. Edited by Eric R. Eissler, editor-in-chief, Oil & Gas Engineering,

ONLINE extra

This posted version contains more information than the print/digital edition issue of Control Engineering.

At, search Brandl for more on related topics.

See other articles for 2015 at

See other Manufacturing IT articles

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me