Automation

I am writing this article on a Windows 11-based computer. Had it been two weeks earlier, this machine — which I designed and built two years ago to support the more stringent hardware requirements of Windows 11 — was comfortably running Windows 10 Professional on a high-end Intel processor. Feeling the pressure to upgrade to Windows 11 before Windows 10’s support runs out in October, I finally got up the nerve to press the “Update” button and hope for the best.

Surprisingly, the upgrade went pretty smoothly, except for a couple of minor glitches that were fixed after upgrading the graphics and network drivers, plus reinstalling one scanner driver.

Why do the upgrade — other than staying current or wanting new features? “Security” in one word — or even better, “Secure by Design,” as CISA has devoted a special website to support the concept. Microsoft has embraced the philosophy in developing Windows 11 with built-in security from bottom to top.

While you may not worry about someone running off with a cumbersome desktop computer, consider a Windows laptop or tablet left in a car with sensitive corporate data. Should a Windows 11 laptop be stolen, a thief will have a much harder time logging in and prying out encrypted data, as long as users aren’t lazy about security. Windows 11 also makes it more difficult for hackers to break into system drive boot sectors and take over a computer. Still, for users not so much concerned about security, Windows 11 seems like a forced upgrade to sell new Windows 11-compliant hardware.

Windows Home and Professional Users Forced to Upgrade — Industrial Users Get a Reprieve

Unless Microsoft officially downgrades its Windows 11 hardware requirements, millions of Windows 10 users will be left in the lurch for continued security updates when Windows 10 support expires in October. Microsoft, according to Copilot, estimates that in March, Windows 10 still held a 54% market share and Windows 11 held 43%. Windows 10 users can opt to pay for three more years of security updates, but it will be pricey.

It’s not that Windows 11 needs more compute power to run; it’s the additional hardware requirements to support cybersecurity that older PCs don’t have.

Microsoft has been trying to beef up cybersecurity — thus the move to a “trusted planform module” version 2 (TPM 2.0) and Secure Boot, which can only be supported by relatively new motherboards. However, industrial hardware and software suppliers — and enterprise users —have more flexible options than home and small business users using Windows 10 Home or Professional.

“Starting October 14, 2025, Windows 10 will no longer receive support updates or free software updates,” says Andrew Bollinger, Beckhoff USA industrial PC product manager. “Microsoft has announced that the consumer versions of Windows 10 will reach the end of support on October 14, 2025.

“While this is a major consideration for users of mainstream Windows 10 devices, users of industrial PCs (IPCs) and controllers with Windows 10 from Beckhoff will have far more time to address this issue,” Bollinger says. “As one of many operating system choices available, Beckhoff supplies IPCs with Windows 10 Long-Term Servicing Channel (LTSC). Microsoft will continue to support Windows 10 2021 LTSC until 2027, and Beckhoff will offer service and support the OS until 2032.”

Beckhoff has already announced support for IPCs with Windows 11 IoT Enterprise LTSC 2024. This newer Windows operating system offers long-term availability with guaranteed update support until October 10, 2034, exceptional stability and real-time capability. It also includes the latest security features and functions to harden industrial systems.

“With Windows 11 out since October 2021, we are seeing increased adoption from our customer base,” says Kyle Reissner, VP of product management for MEIDS – Mitsubishi Electric Iconics Digital Solutions. The GENESIS SCADA and the Hyper Historian platforms by MEIDS have both supported Windows 11 in a workstation capacity since v10.97.1, which was released shortly after Windows 11 and 10.97.2 in a full capacity (which was released the following summer of 2022). “We aim to have our systems certified with the latest Windows OS as soon as they go generally available,” Reissner adds.

“Our customers tend to use server operating systems, like Windows Server 2025, but we are seeing some Windows 11 used in new projects; typically smaller, standalone projects,” Reissner says. “When either a server or Windows 11 class OS is coupled with our latest release, GENESIS version 11, it becomes a more secure and performant system. GENESIS version 11 (also referred to as GENESIS) takes advantage of the latest technology on Windows 11/Server 2025, including .NET 8.0 and security features that make it the most secure system we can make. Of course, GENESIS works on older OSs, but we’re seeing customers move to Windows 11, coupled with GENESIS version 11, in the name of security.”

Drivers Not the Issue They Used to Be

Ever since the first major iteration of Windows going back to Windows 3.1, software drivers were always a concern — getting hardware to talk to software — and were often a weak link in security. Today, driver support is becoming a non-issue for several reasons, especially with Windows LTSC OSs.

“Only driver and software components that have undergone real-time and functional testing are integrated into Windows LTSC,” Bollinger says. “These drivers are meticulously matched to Beckhoff hardware, and all operating system settings are precisely configured for TwinCAT. This optimization enhances the real-time capabilities of the controller and minimizes machine downtime. Windows 11 LTSC, with its inherent stability, complements Beckhoff’s approach, which results in a robust and reliable automation platform.”

Windows 11 system requirements include Trusted Platform Module (TPM) version 2.0 and secure boot. This ensures that your computer boots only using software trusted by manufacturers, as well as 8^th-Generation Intel processors and above, Bollinger adds.

GENESIS includes seven major drivers out of the box: OPC (OPC UA & OPC classic DA, HDA, AE), BACnet, Mitsubishi FA connector, SNMP, Web Services, SQL Databases and Modbus, Reissner says. “In addition, we are close partners with Takebishi for their DeviceXPlorer OPC Server, which provides hundreds of more drivers and supports all other OPC servers, such as Kepware KEPServerEX, Top Server and more.

“For our customers, we offer support for Windows 11 across the board and encourage it for security purposes,” Reissner adds. “While our partners have generally updated their software and their individual drivers to support Windows 11, I’m sure there are certain older drivers that rely on specific hardware interfaces that may be stuck in the past. The great thing is that the GENESIS system can be distributed, and we have a component called the data broker that can tunnel OPC data from remote nodes or separate VM’s that may need to stay on old operating systems for specific drivers, so they can be securely added to the overall solution.”

Security, Future-Proofing and Performance Gains

In making the case for upgrading systems to Windows 11, Microsoft suggests three good reasons: enhanced security, future-proofing and performance gains. “We concur with these points Microsoft is making,” says MEIDS’ Reissner. “Security is an endless game where you must keep updating your systems, both from an OS and vendor-software perspective. We have invested heavily in the latest release of our product to make the updates much simpler and for the software to be as secure as we can get it. We’re also releasing updates every 8-12 weeks to keep up with security vulnerabilities. If your software vendor isn’t doing this, they aren’t keeping up with closing the software vulnerabilities. It’s 2025, and these are coming rapidly and consistently.”

Beckhoff has been using Windows operating systems as a stable basis for the TwinCAT automation software for many years, Bollinger says. “Only tested driver and software components that are regularly subjected to intensive real-time and functional tests are integrated. The drivers used are optimally matched to the Beckhoff hardware. We have very deep control over the manufacturing of our IPCs — this even extends to the motherboards, which are designed and built by Beckhoff.”

Do developers upgrade with Microsoft, stay put or go with another OS, such as Linux?

“Upgrading versus staying put is an interesting question,” Reissner says. “We believe that updates increase resilience in the software and add more reliability to it versus the ‘if it isn’t broken, don’t fix it mentality’ of the past of keeping this ‘put.’ Each software vendor is different, but at MEIDS, we aim to provide new features and functions in every release, as well as security fixes, so we can continuously add value for our customers. Of course, these features don’t apply to all customers and systems, but we encourage all customers to update their software at a high frequency to keep it as secure as possible. In today’s world, the only way to keep both connected and non-connected systems secure is frequent updates, and vendors must change the way their software is built and managed to do this effectively, just like we have with GENESIS version 11.”

Switching to Linux can be explored; however, just because Linux has less frequent updates doesn’t mean it’s more secure, Reissner adds. “There are other benefits to Linux, such as a lower footprint and higher levels of customization, but we’re not seeing customers move to Linux en masse as a way to avoid Windows updates.”

“In addition to Beckhoff’s long history of leveraging different versions of Windows as a stable OS for the TwinCAT automation software, we also offer alternatives to Microsoft Windows operating systems based on customer requirements,” Bollinger says. This includes TwinCAT/BSD, the operating system from Beckhoff. TwinCAT/BSD is available for a variety of Beckhoff PC models. It combines the TwinCAT runtime with FreeBSD, an industrially tested and reliable open-source operating system.

Beckhoff is also now offering new application possibilities for real-time control with Linux. The TwinCAT runtime for real-time Linux is based on its own Linux distribution, which expands the existing spectrum of operating systems beyond Windows and TwinCAT/BSD.

Using container technologies, such as Docker, Podman or LXC, several TwinCAT runtimes can be executed on a single IPC to achieve modularity in machine control and other automation applications, Bollinger adds. The individual execution of several TwinCAT runtimes on a single IPC facilitates hardware consolidation with corresponding cost advantages due to the improved utilization of the available computing capacity.

The Bloat and Minimizing it with LTSC

Many home and office users have commented on Windows 11 containing shovel-ware and bloatware. But is it possible to do a “lean installation” of Windows 11 on the plant floor for embedded systems without all the junk that comes with it? Can Windows 11 IoT LTSC be tuned as a lightweight version? Fortunately, yes to both.

Microsoft Windows 11 IoT Enterprise 2024 LTSC is optimized for resource-constrained environments, making it efficient for embedded devices, Bollinger says. This addresses the need for lean OS installations.

“Windows 11 LTSC is tailored for enterprise deployments demanding maximum stability and extended support,” Bollinger adds. It offers feature updates on a two-to-three-year cadence, prioritizing security patches and essential fixes. This makes it particularly suitable for sectors like packaging and food and beverage manufacturing, among many others where minimizing operational disruptions is vital.

“We don’t frequently see specialized editions of Windows, like IoT Enterprise, being adopted by our customers,” Reissner says. “Perhaps this is a result of more and more powerful capabilities at the edge. When we do see pre-installed Windows systems from hardware vendors, those have bloatware, and we encourage customers to do a fresh GENESIS installation to eliminate the bloat. More and more, even for easy HMI type applications, we see software installed in a server room, and users access it via web browsers on isolated plant floor networks.”

This centralization is possible because of the improvements and lower costs over the last 20 years to plant networks and the unlimited client models with modern software like GENESIS, Reissner adds. “We also continue to see the prices for computing fall. Our customers generally don’t think twice about putting in the necessary compute and memory to run full Windows 11 systems or server-based OSs.”

To a More Secure Future

While it’s unknown if Microsoft will be more lenient when it comes to its Windows 10 non-industrial users, they can actually purchase security updates after October 2025. However, the cost structure has been set up to encourage migration to Windows 11-supported hardware.

Microsoft’s Extended Security Updates (ESU) program for Windows 10 will provide paid security updates for up to three years after official support ends on October 14.

• Year One (2025-2026): $61 per device for businesses, $30 for individuals.
• Year Two (2026-2027): Price doubles from Year One.
• Year Three (2027-2028): Price doubles again.

The ESU program only includes security updates — no new features or general support. It’s available for Windows 10 version 22H2 and can be purchased through Microsoft Volume Licensing for businesses.

Resources:

“Quick guide to Windows as a service,” Microsoft, 7-17-24

“Windows 11 Security Book,” Microsoft, 11-18-24

Secure By Design: Shifting the Balance of Cybersecurity Risk, CISA, NSA, FBI, et al; 2023

“How Does Your OT Cybersecurity Stack Up? Tips and Techniques for a Safer and More Secure Operation,” FE, 2-13-2025

Microsoft Digital Defense Report 2024: The foundations and new frontiers of cybersecurity, Microsoft, 2024