Windows XP to a scientific instrument in a VM?

Eagle923

Limp Gawd
Joined
Mar 3, 2007
Messages
134
Hi all,
I'm not too familiar with VM but looking to explore this as a possiblilty.

I work in a research lab and a few of our instruments use software that only runs on Windows XP. The main one I'm concerned with uses a NETBEUI connection to the instrument on an ethernet cable (using the built in ethernet port on the PC). The last time we needed a PC we had one built by a company that dual booted Windows XP and DOS 6.0, but they are no longer in business. The PC is NOT connected to the internet due to security. In fact, the university no longer allows any PC not on Windows 10 on to their internal network.

Would using a VM be safe if we had a Windows 10 PC using wifi as general use, Office 365 and Crashplan and then use a VM with XP connected to the ethernet port on the instrument? Or would having the ethernet adaptor in the XP VM be enabled (to connect to the instrument) be an area where malware could go from Windows 10 -> XP?

Thanks!
 
Hi all,
I'm not too familiar with VM but looking to explore this as a possiblilty.

I work in a research lab and a few of our instruments use software that only runs on Windows XP. The main one I'm concerned with uses a NETBEUI connection to the instrument on an ethernet cable (using the built in ethernet port on the PC). The last time we needed a PC we had one built by a company that dual booted Windows XP and DOS 6.0, but they are no longer in business. The PC is NOT connected to the internet due to security. In fact, the university no longer allows any PC not on Windows 10 on to their internal network.

Would using a VM be safe if we had a Windows 10 PC using wifi as general use, Office 365 and Crashplan and then use a VM with XP connected to the ethernet port on the instrument? Or would having the ethernet adaptor in the XP VM be enabled (to connect to the instrument) be an area where malware could go from Windows 10 -> XP?

Thanks!

Well policy aside, passing a hardware nic through to the VM should more or less isolate the VM from the rest of the world if you build a non-routed network for it to live in. It would probably make more sense and be fully secure to just setup an old laptop or PC and run it on its own small switch that not connected to anything else. Plus you wont have to worry about violating the policy, which the VM solution treads on, so I would get clarification on the policy.
 
Well policy aside, passing a hardware nic through to the VM should more or less isolate the VM from the rest of the world if you build a non-routed network for it to live in. It would probably make more sense and be fully secure to just setup an old laptop or PC and run it on its own small switch that not connected to anything else. Plus you wont have to worry about violating the policy, which the VM solution treads on, so I would get clarification on the policy.
Thanks for the quick reply.

Part of the reason I'm trying to figure this out is they have conflicting goals. We are "supposed" to be backing up all publicly available research data to the university networks, but they assume that all PCs are Windows 10 with the backup solution installed. But because this PC is not on the internet I have no way of doing that without connecting a USB drive (which this old PC only has a usb 2.0 port and its super slow), copying data over, connecting to my laptop and then backing up overnight. It is becoming a large time-sink.

If another solution would make more sense I'm all for it as well.
 
Put XP on a faster machine with a USB3 port.

I hear you though. The legacy things get lost in the always connected network environment. I would setup the XP machine in a VM on a newer host and keep that host on its own isolated network and backup the VM to USB3 drives.
 
Ok thanks! I wasn't sure if a VM was the route to go, so I'll do some more thinking on it. I still may do a VM like you suggest on a much newer PC so I don't have to try and cobble together an old PC from obsolete parts and then just keep that one off the network as well.
 
Part of the reason I'm trying to figure this out is they have conflicting goals. We are "supposed" to be backing up all publicly available research data to the university networks, but they assume that all PCs are Windows 10 with the backup solution installed. But because this PC is not on the internet I have no way of doing that without connecting a USB drive

I think the other posters alluded to this, but just to be completely clear... The best method to reach your goal is to use a VM and backup the entire VM from the VM host to your backup solution. Then you don't have to worry about granting the XP machine internet access as this is all done from the Windows 10 host.

Depending on your backup solution you may need to upgrade to a client that supports VM backups or you may need to write a task to shutdown the VM, Copy the VHDX, and then restarted the VM. (You may be able to rely on VSS and not shutdown the VM but I think this would depend on if your client is running anysort of database.)
 
Thanks for the clarification. I'm going to talk with our IT guys later this week and see what could be possible. I'm not too familiar with what all of the policies are yet. I just know that the current situation with backups and data preservation isn't a sound way to do this and the Pentium 4 PC that currently is running it is starting to have issues.
 
Thanks for the clarification. I'm going to talk with our IT guys later this week and see what could be possible. I'm not too familiar with what all of the policies are yet. I just know that the current situation with backups and data preservation isn't a sound way to do this and the Pentium 4 PC that currently is running it is starting to have issues.

I knew a guy at a relatively small company years ago. He had an old DOS program that communicated with some custom hardware over a serial line. The original (386) PC was having issues. IIRC, the memory was getting flaky, and finding replacement memory even on ebay was problematic (and/or extremely pricey!) He ended up spinning up a 32-bit guest under virtualbox on an old Dell. Was able to pass through a usb/serial dongle, and image the 400MB hard drive onto a vdisk and roll with that. His boss was impressed.
 
If XP on a VM will talk to the instrument in question, then IMO, a VM is the way to go. Setup a drive on the host Win 10 PC where the VM can copy data. Then the Host Win 10 PC can copy the date to the approved backup location. Also ask where you can copy the file(s) for the VM guest PC in case the Host PC craps out. Just to be safe, don't let the Host PC access the wilds of the Internet. IIRC, some of the many CPU bugs being found are the type that allow malware to access VMs on a VM server.

Might even consider installing a separate network card for the VM to use to connect to the instrument to further isolate the VM from the real network.
 
Right if your VM hosts are ANYTHING like mine you can direct port map one of your empty ports to your VM. Then use that to a dedicated small swtich connected to your device or direct connect to the device whichever you prefer. That will completely isolate that VM as it will have a dedicated port mapped to the small switch...

OR if you want some redundancy get that small switch big enough to support one port from each of your VM hosts (provided they have available ports... ) then set up a port group switch mapped to that single port and have the only member be your XP Vm. This will save your administrators a headache of having a host they can't update because the VM isn't supported on any other host. AND give you redundancy if that host shits the bed for some reason.
 
One question to ask is how easy this would be for someone other than you to manage? If you were to suddenly be promoted, could your replacement / department understand what the process is?

That being said...would it make more sense to use an off cycle refresh desktop; slap XP on it and continue on? Having done this once or 10x (genentech gmp/fda validated desktops..sigh) This was the standard go to procedure. Gotta make it easy for folks to drop in with little to no ramp-up time.

Keep it simple,don't over-engineer the solution.
 
Back
Top