Freedom at last from enforced ATM hardware upgrades
As we all know too well, enforced hardware upgrades have been a long-standing problem for the ATM industry. Last week, Banking Automation Bulletin (BAB) caught up with KAL CEO Aravinda Korala (AK) to find out about an exciting solution: OS-Virtualization using hypervisor technology.
BAB: Aravinda, can you please explain why you believe OS-Virtualization is such a game-changer for banks?
AK: Banks will soon face a major challenge when support for Windows 7 ends and they are forced to migrate ATMs to Windows 10. Banks have been here before, of course. They are all too aware of how expensive and time-consuming this process was in 2014 when the shift from Windows XP to Windows 7 cost the global industry billions of dollars. That is because upgrading the ATM operating system also requires upgrading the hardware.
OS-Virtualization offers banks an alternative. It uses a technology known as a hypervisor to remove the tight coupling between the operating system and the motherboard, so that the PC-core and the OS can be upgraded independently. This technology works because software drivers that are unsupported under Windows 10 can be supported by the hypervisor technology instead. This means banks are no longer forced to upgrade their hardware in order to run Windows 10.
BAB: Is this a short-term solution for the Windows 10 migration alone?
AK: No, it isn't just for the migration to W10. Microsoft has announced that W10 will be the 'last' Windows, but in fact, major OS upgrades will happen even more frequently than before, in the form of SACs and LTSCs. Microsoft plans to release SACs every six months and LTSCs every three years.
Could this mean that ATM hardware might need to be upgraded every three years, or even more often than that? The short answer is probably yes! The hypervisor-based solution protects banks from these future upgrades too.
BAB: Why have upgrades been such a problem for banks in particular?
AK: ATMs are subject to regulatory requirements ‒ especially PCI ‒ that mean there can be no unsupported software in the chain of software components required to run them. This means banks are forced to upgrade if they are to remain compliant and avoid very real security risks such as malware.
Because banks tend to keep ATMs for 10 years or more, many of the older models cannot even be upgraded, and need to be replaced instead ‒ a daunting prospect when you consider that a new ATM can cost between $10,000 and $30,000.
Although Microsoft is committed to supporting old hardware with new OS updates, the opposite is not true. Hardware component vendors have little interest in updating their old software drivers to support new releases of Windows that arrive well after they finish driver development.
This is what causes the support problem with OS upgrades. Software drivers, such as Intel's chipset drivers, support only the OS versions that are available at the time of release of the chipsets ‒ not new OSs that might be released well after the chipset driver development has been completed.
BAB: Why did KAL want to address this issue?
AK: Our bank customers were clearly unhappy with the cost of migration from XP to W7 in 2014, and asked us to find ways of avoiding the same issue when W10 arrives. KAL worked on this problem along with other industry participants to understand the root cause and find ways of mitigating it.
BAB: Did you look at other options first?
AK: Yes. KAL considered various options in its search for an answer. One solution we looked at was whether the PC-core of an ATM could be made more 'upgradeable'. Imagine a scenario where a PC-core upgrade was as easy as changing a DVD in a DVD player. However, this would require the wholesale redesign of ATMs worldwide and would still need a relatively costly hardware swap with on-site intervention. Another scenario open to banks, of course, is simply not to upgrade at all ‒ but that is a very risky strategy which exposes the bank and its customers to potential malware and cyber-attacks.
BAB: Tell us about your Eureka moment.
AK: Well, one other possibility KAL looked at was migrating ATMs to Linux. Linux has been an option for ATMs for a very long time because Linux has one especially useful feature that breaks the support logjam. All Linux software drivers, including Intel's chipset drivers, are open source under Linux. This means that companies such as Red Hat from the Linux ecosystem have access to that source code and can provide support on a commercial basis ‒ solving the PCI problem.
However, it presents the dilemma of the huge cost of migrating all the world's ATM software, at thousands of banks, from Windows to Linux. We then thought about the idea of combining the virtues of Linux and Windows. The answer was to use a Linux hypervisor to host Windows 10 as a guest operating system.
BAB: How does that work?
AK: Windows 10 sits inside a virtual machine (VM) on top of the Linux hypervisor inside the ATM. This is very similar to the way software is virtualized in data centers ‒ but happens inside the ATM itself in our case. All of the current Windows software that the bank has can then run inside the Windows VM with no application changes needed. This also means that Windows itself can be updated as often as Microsoft and the banks wish ‒ and all of that can happen remotely online, without an on-site visit to the ATMs.
KAL's Kalignite Hypervisor is built on the Red Hat Linux Hypervisor and provides detailed driver support for the motherboard components. This solves the upgrade conundrum. It eliminates the need for enforced hardware upgrades caused by Windows upgrades or LTSCs or SACs, and banks can stay completely up to date and run the latest versions of all software ‒ bringing them freedom at last from the enforced hardware upgrade cycle.
BAB: Where have you implemented this so far?
AK: A US bank was the first in the world to test the virtualization concept with KAL. We demonstrated that the bank's current software stack could run in a virtualized environment without needing any software changes. Then Ceska sporitelna in the Czech Republic became the first European bank to try the concept with KAL.
BAB: What do banks need to do next to reap the benefits offered by the hypervisor concept?
AK: It is essential that banks mandate virtualization support in all their RFPs for ATM software and hardware so that they can enjoy the benefits of OS-Virtualization. On older hardware, an Intel technology called VT-x is required inside the CPU so that hypervisors are able to operate efficiently.
Banks interested in OS-Virtualization and Kalignite Hypervisor can contact KAL for more information and advice on how to get started.
For more information, read the detailed KAL whitepaper in full here.