Updating GE's Äkta Avant to Windows 10
The Avant is the flagship of GE Healthcare's Äkta line of FPLC (fast protein liquid chromatography) devices. We use it on a regular basis and it is available to everybody from the University of Helsinki.
Our University decided to play nice with Microsoft and to disallow all network traffic for Windows 7 computers. Because our Äkta (bought in 2015) is in use by many different researchers, we rely on Microsoft's Active Directory to authenticate users and to track the device usage. When the University really did shut down Windows 7 traffic in late January, we finally updated the HP computer from Windows 7 to Windows 10. Before we did that we contacted GE in order to be sure to have a working FPLC. Although the build number of Win10, that our University is using (Windows 10 Enterprise version 1809, build 17763.1039) was not supported by any of the Unicorn 7 versions that GE has released over the years (see this software compatibility chart, which I cannot find anymore from the GE website: https://drive.google.com/open?id=1cA33lEqfEr0MIaA8r9TyoQFcxiHWuZsp), we were assured that the software would continue working. Unfortunately, this was not true.
In-place upgrade or clean install?
We performed an upgrade of Win7 to Win10 in place. I never liked these. Even on slightly superior operating systems like macOS and Linux, the in-place upgrades have not always been smooth. A fresh start has always been the safer (and also faster) bet.
Connection problems
After the upgrade, Unicorn 7 started to lose the connection to the Äkta Avant during ongoing protein purification runs. We clearly could see during manual runs, that specific commands would trigger a disconnect. The Äkta LCD display would black out and the device would reboot. Naturally, we suspected that this was a consequence of the upgrade to Windows 10. Because Unicorn 7.0.2 had not been tested to work with our version of Windows 10, we first wanted to try to upgrade to a Unicorn 7 version that had been tested with our Win10 build. I had already asked in December for that update from GE, but my request had been ignored and I had many other things to do at the time and never bothered to come back to the issue (in hindsight a big mistake).
Software updates
Something that Chrome and Firefox do weekly silently in the background (without the user noticing) takes in the case of GE almost 2 weeks full-time engagement by the user. A simple download might work for Bio-Rad, but GE requires a complicated, obfuscated, non-transparent, user-unfriendly, constantly changing, GDPR-non-compliant syastem, which is in addition hosted on servers that feel so slow that you constantly wonder whether your browser tab has frozen. What it’s worth, GE’s web pages have always been like this despite multiple redesigns and GE’s digital transformation. The email thread between me and various GE support addresses comprises as of today 60 emails (starting with my first support request on December 2nd, 2019). On top of this, there are also quite a few phone calls (since email seems to be often regarded as “non-urgent” by default).
Privacy concerns about GE's handling of customer data
After placing an order for the download, receiving a quotation, confirming the order and receiving an order confirmation, I finally received the “permission” to download the newest version of Unicorn (which is 7.5). I logged into GE’s “eDeliveryPortal” only to realize that I could see the software entitlements and downloads for many other GE customers, but none of my own. After some back-and-forth the 7.5 version finally showed up under my downloads. My license is still missing as of today. But why bother? I could use any of the other licenses (after faking the MAC address of my computer as the software apparently is locked to specific computer via the computer’s network card’s MAC address). This is clearly a violation of the GDPR as there is absolutely no reason why my data (entitlement ids, MAC addresses, Names, e-mail addresses) should be available to other customers. It might be that GE considers the University of Helsinki as a single customer; that would be a violation of the GDPR by design.
Searching for the system configuration files (i.e. firmware)
However, we had not updated the system configuration files, because I had not been able to find them from the GE LifeScience website. We were running version 3, while version 3.6 was the newest one. Notably, these files do also contain the firmware for the individual Äkta components. It appears that this download is nicely hidden. I needed help from GE in order to locate it. The GE life science website has a search function and the search even finds the download. However, it is perhaps the last item in a list of nearly 1000 hits (10 hits/page). One tip to GE: Google knows search! If you just would let Google index your complete web site, customers would find everything via a Google search. Many companies are using Google for their internal web site search. However, GE seems to expose only their product pages to search engine crawlers, but not their support pages.
Where are our licensing files?
After updating the instrument configuration, the problem persisted. After sending a system report (and then sending a second “extended” system report), GE concluded that most likely our in-place upgrade from Win7 to Win10 was to blame, because they could see some irregularities in the SystemEventLog.xml file. I had no reason to doubt this explanation and therefore requested a clean Windows 10 install from our IT guys. I then installed Unicorn 7.5 only to see that the problem had not disappeared. Just as a side note: We had a self-inflicted issue with our license file (.lic). The Unicorn installer software requests the installation of a license file, which I have never seen for download anywhere in the eDelivery portal (we have received these license files as attachments to e-mails directly from GE support staff, why are they not available for download as these are prone to be lost?). We should have made a copy of our license file before we erased our computer for the clean Win 10 install, but we missed that and I had to dig out the license file from a system backup, which I had luckily made in 2016 from the machine. And I am still searching for our license files for different system components (Classic Evaluation and Column Handling), which were not yet installed when I did the system backup.
Down-grading to Windows 7
In order to be sure that we did not deal with a hardware failure, we decided to downgrade the system back to Windows 7 and Unicorn 7.0.2. That was more difficult than expected, because we cannot anymore install Windows 7 on university machines. Luckily we had still one old, unused Dell desktop, that was runninig Windows 7. Unicorn 7 requires two network cards (one to communicate with the outside world and one for a separate 10. network to communicate with the Äkta Avant). We swapped the network interface card from our default computer to this old Win 7 machine. However, installing and running Unicorn requires access to the internet because the software is “phoning home”. Exactly that is disallowed for Win7 machines at our university. Hence I needed to set up a private network via my phone to allow Unicorn 7 to communicate with GE headquarters. Even worse, I needed to clone the MAC address of our default computer, because our Unicorn 7 software is apparently locked to a specific computer via the computer’s MAC address. And wireless internet access was a no-go, because the original MAC address was from a wired NIC. It is not possible to clone MAC addresses between cabled NICs and USB wireless adapters, because MAC addresses from wireless cards have a fixed prefix. Hence, I had a complicated setup from my phone via a computer to a (cable) router to the Win7 Dell computer.
Windows 10 is not to blame - F-Secure is the culprit
To my surprise, the Äkta Avant kept crashing when Unicorn 7 under Win7 issued commands like “pause” or “end”. But then I realized that - unlike our old Äkta Explorer - the Avant uses regular NICs for the device communication and the University of Helsinki Win10 version is by default “enhanced” by remote control and security software. I went to the Control panel and uninstalled all software add-ons that had been installed by the university. Most notably F-Secure’s Client Security Premium was among the programs, that I uninstalled. After a reboot, I was unable to make the Äkta Avant crash. To confirm the finding, I popped the NIC back into our original default computer, rebooted and got stuck at the Windows BitLocker screen. Changing the hardware configuration inevitably triggers Windows to refuse booting. This did slow me down because it required me to engage our university’s IT department, which is chronically overworked and difficult to find. I selectively disabled the firewall from F-Secure Client Security Premium and the crashes instantly ceased also on Windows 10. It is very difficult to argue why our university would need F-Secure's products. Windows itself comes (since XP SP2) with a very capable firewall and also has its own anti-virus software (Windows Security Essentials/Windows Defender), which is at least as good as its best competitors in addition to the fact, that it is free and fully integrated into Windows (and it does not require to stick third-party hooks deeply into the OS).
Windows 10 is too slow on our 2015 hardware
The only thing left is to upgrade our default computer to newer hardware. Our faculty had replaced older Win7 computers in 2019 with new machines, but this computer was 1 day too new to be included in the upgrade. However, it is already 5 years old and especially after the Windows 10 upgrade, it is very slow. When your protein elutes during your purification, you do not want fraction collection to start after a few seconds, but you want it to start instantly.