Can I run NT in the cloud?

I have a potential customer that is using ERP software that was developed in the late 70's/early 80's and will only run on Windows NT.

Does NT exist in the cloud environment and would I be able to image the current machine and spin it up on a virtual?
Tom MooreSales Engineer / Project ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mal OsborneAlpha GeekCommented:
If you can find a cloud provider who will host a simple VM, it should work just fine. Obviously no one will support it, but should still work.
Dr. KlahnPrincipal Software EngineerCommented:
It's far too easy to say "Don't do this, everyone will regret it" and "Get onto new software on a modern platform."  However, if you warn the customer of the issues, and the customer sees no alternative (doesn't matter if there is or not, it's what the customer perceives to be the case), and he goes into this eyes open knowing that there will be issues, and (most important) he's offering you money -- then it's not your problem.

But I'd want a clause in my contract stating "Both parties understand and agree that the proposed operating system software is obsolete and not secure, and that Customer shall hold Consultant harmless in any security related issues that may arise at any time, including but not limited to ...."

There will be security issues if the system is not being used just as a standard workstation.  Since you've said that you'd like to run it on a VM, those security issues are probably going to arise.  If the system runs as an unattended VM in a cloud then most of the issues will be related to networking.  The problem will be much worse if it is NT Server, not Workstation, because Server expects all its clients to connect via network.

The last update for NT was 19 years ago in November 1999 so there have been 20 years of protocol changes and security updates that completely bypassed NT.  Some of the major ones are indexed by CVE at the link below.

https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=39&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=3&cvssscoremax=4.99&year=0&month=0&cweid=0&order=1&trc=20&sha=2fd5c4be39da4e8620114a4f93ef486d67a06051

You'll have to install NT and then Service Pack 6A - the High Encryption version.  You may also need the following for NT:

The FAT32 update (FASTFAT)
The NT Resource Kit
Inside Out Networks USB support
DirectX 3.0a
DirectX 6.0 Development Kit
Management Console
Resource Kit Support Tools
Windows Script 5.6
Server Uptime Tool
Windows Installer

Depending on whether you install Server or Workstation, some of the above may or may not be useful.  Obviously finding a distribution kit for Server at this point in the lifecycle will be difficult.  Finding seat licenses for Server will be more so.

Since the system will be operating in the cloud without physical access, networking must be secured as much as possible.  Get a good ("good" from that era) firewall such as Sygate Personal Firewall Pro and set the default policy to Block.  Open only ports that must be opened.  You can still expect to see problems as script kiddies and crackers bang on the system.  Fortunately they will be trying modern exploits most of the time.

Internet Explorer 6 was the last version that ran on NT and many web sites no longer serve IE6 browsers.  Now that HTTPS is becoming standard and SSL is deprecated it will be difficult to find any browser that runs under NT that can still get to the internet to obtain software.  You may need to install an FTP server to get software into the system.

Microsoft Networking from this era is quite insecure and it should be disabled.  Use only TCP/IP, and disable NetBIOS support.

If the client's application requires Microsoft Networking then IMO it's practically guaranteed that there will be problems.  You may need to put the cloud system behind a VPN so that it can only be accessed from the customer's site.

In this situation I'd try to convince the customer -- if it is at all possible -- to stay out of the cloud and put the system up on hardware that he controls, at his site.  Some issues are easier to deal with using a live GUI.

There are problems installing NT to a system partition larger than 8 GB on IDE drives.  As most cloud systems emulate IDE -- if you're lucky, there is absolutely no SATA support in NT -- you may be stuck with an 8GB system partition.  There are also other file system problems.  NTFS did not support drives larger than (about) 120 GB.  Unlike Windows 2000 there was no patch released to enable this.  Using drives larger than 120 GB results in corruption of the drive during operation.

https://arstechnica.com/civis/viewtopic.php?f=17&t=948971

I know there are issues I haven't brought up, but somebody else will.

Good luck.  Both of you will need it.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Since no updates have been issued for... a decade... likely best to run this as follows.

1) Setup Ubuntu Bionic on a fairly beefy machine.

2) Install LXD.

3) Create a container + assign a public IP + get your container working with outside world.

4) Install VirtualBox into the container.

5) Install NT into VirtualBox.

I'd likely start with this locally, then transfer the VirtualBox files to your public container.

This will allow you to lock down any hacks or otherwise bad behavior of NT using iptables at the LXD container level, so make no difference what NT does, any bad/undesirable behavior can be completely contained inside your LXD container.

I suggest Ubuntu + LXD + VirtualBox for highest speed for a publicly accessible instance + highest flexibility.

Be sure to research VirtualBox to ensure running NT will work. In fact, a simple test will be to install VirtualBox locally + install NT from media + see if that works.

As Mal suggested, you'll be on your own with this, so you'll receive very little help resolving problems.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Dr. KlahnPrincipal Software EngineerCommented:
David's suggestion of installing the emulator inside a linux box using iptables to firewall the emulator is excellent.
Tom MooreSales Engineer / Project ManagerAuthor Commented:
Here is another caveat to consider.  I cannot build a fresh image.  The customer no longer has the media for the original software.  Up until about 5 years ago, they were paying $15,000.00/year for support.  The company stopped supporting the product.

Replacement cost, with consulting, installation, and training is between $150 and 200K.

So I am stuck taking an image of the current machine and trying to get that spun up.

I quoted him 24 hours in order to work on these issues to see if it can even be done.  One of his original options was to buy a new premise machine and spin the virtual up locally.  In either case, his reasoning for this is he wants a BDR plan that includes backing up the image every day so that if the software falls on its face then he can just go back to the latest working image.
Dr. KlahnPrincipal Software EngineerCommented:
One thing we have not considered is whether the application package is locked to the original hardware.

If the application package was expensive, there is probably a lock -- or locks -- embedded somewhere in it.  It might be a serial dongle (it won't be USB as NT did not support USB) or a registry key that hashes the SID.  If the software is locked to the original hardware then you'll be spinning your wheels trying to get it to run on anything except the original system.

Contemplating keeping the original system image ... well, that drags in more problems.

NT drivers were nowhere near automatic.  The system didn't go and get drivers if they were needed; you had to load them manually.  If the system image is moved to new hardware it might or might not boot, and there might or might not be any way to get it to boot.  NT never had SATA support and the IDE support was limited in terms of what we would consider standard today.  It might or might not be happy with a video card, whether physical or virtual, for which no NT drivers exist.  It would certainly not be happy with USB keyboard or mouse.  Chipset emulation also comes into this picture.

I think that a week would be a better figure for the initial evaluation.
kevinhsiehCommented:
Oh boy. Modern hypervisors dropped support for NT a long time ago. Getting access to drivers, support articles, etc. will be more difficult. Ten to fifteen years ago, this type of project would have been easier to do.

If you're going to do anything, I would say that first step would be to try to get it running locally as a VM. Do you have bare metal backup and recovery now? You can try an old P2V converter. Get it running on Hyper-V or VMware first, before worrying if you can get it on the cloud.

I would hope that the business seriously looks at a replacement ERP solution. Yes, it is a lot of money, but how much are they being held back by something developed like 30 years ago?
skullnobrainsCommented:
you need to grab the specs of the currently running host before you pick a hypervisor.
each hypervisor will be able to emulate various kind of hardware and NT will likely not run  on the first attempt.

try to emulate older motherboards in virtualbox, qemu. vmware should be able to emulate older hardware as well if you grab options in the .vmx of old machines created on fusion in the early 2000's rather than use the gui.

once this is done, you'd need t figure out whether the soft can actually run. maybe hack device ids, the cpuid, and a bunch of other hardware identifications.

if you successfully complete the above steps, which is quite a gamble, moving to the cloud will be comparatively easy. and you'll need a reverse proxy if ssl is required
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.