MS Security Patch Compatibility
|January 2019 update: All testing for Windows updates installed since last month completed successfully.
Microsoft periodically provides security updates, or patches, for their products. Each month OSIsoft performs targeted testing of the most current release of PI Data Archive and PI Asset Framework with the latest two Windows Server operating systems, which currently are Windows Server 2016 and Windows Server 2012 R2.
In addition, OSIsoft incorporates all the supported Windows operating systems into our daily development and test environments.
If any of our testing detects any compatibility issue with PI Server software resulting from a Microsoft security patch, OSIsoft will alert customers within 72 hours of discovering the issue.
It is worth noting that, since 2008, PI Server software has been Windows Certified for Server Core mode. Server Core significantly reduces the number of applicable security updates and provides extra reliability because it includes only well-tested operating system features. No issue has yet been detected from testing PI Server compatibility with Microsoft security patches.
: Beginning in May 2017, OSIsoft stopped publishing updates to these spreadsheets:
Microsoft now documents security updates with its Security Update Guide
. This replaces the older system that used security bulletins. Users can access details about patches directly from the Security Update Guide, so it is no longer necessary for OSIsoft to publish a list of them each month.
Frequently Asked Questions
How does OSIsoft select which MS operating systems to include in its monthly testing with released software?
OSIsoft policy is to test using the two most recent releases of the Windows Server operating system. Currently, these are Windows Server 2016 and Windows Server 2012 R2. OSIsoft feels these are the best supported and most secure Windows Server operating systems.
I am currently running Windows Server 2008 R2? How does this testing affect me?
For the highest level of security, OSIsoft recommends that customers running Windows Server 2008 R2 upgrade to one of the newer operating systems. However, customers who remain on Windows Server 2008 R2 can continue to have confidence in the security of their PI Server software. OSIsoft incorporates patches for supported Windows operating systems (including Windows Server 2008 R2) into our daily development and test environments. If incompatibilities are found, OSIsoft will alert customers within 72 hours of discovering the issues. In nearly 10 years of testing Windows Server 2008 R2 security patches, no compatibility issues have been detected.
Why does OSIsoft no longer publish MS Security Patch Compatibility spreadsheets listing monthly updates about Microsoft security bulletins?
Beginning in 2017, Microsoft began documenting security updates with the Security Update Guide
, which replaces the older system that used security bulletins. OSIsoft applies new security patches for the operating systems it uses in its testing. Users can access details about patches directly from the Security Update Guide, which has eliminated the need for OSIsoft to publish a list of them each month.
Which versions of the PI Data Archive and PI Asset Framework (PI AF) are tested against the MS patches?
OSIsoft tests the patches against the latest released versions of PI Data Archive and PI Asset Framework.
When does OSIsoft perform its monthly testing? How will I know when this testing is completed and what security updates were tested?
Monthly testing is completed by the Thursday after the second Tuesday of each month, and the banner at the top of this page is then updated. Testing for each operating system incorporates security updates released since the previous month’s testing. Users can now access the Security Update Guide
to identity security patches applied to a release of Windows Server operating system.
What is the recommended procedure for applying Microsoft Operating System patches to PI Servers and interface nodes?
Please see KB00457