Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

IT Showcase On: Windows 7 Deployment

Quick Reference Guide

Windows 7 Internal Deployment at Microsoft Is a Huge Success

Download

Download Quick Reference Guide, KB, Microsoft Word file

Executive Overview

Situation: Microsoft IT (MSIT) deployed Windows 7 to over 190,000 clients worldwide. Users can self-install Windows 7 in about 1.5 hours, including data/settings migration and most of the productivity applications that they need on a daily basis. 60,000 users self-installed Windows 7 over a period of about four weeks. Helpdesk call volumes are lower than for any other Microsoft operating system.

Why You Should Care:

  1. MSIT did not increase headcount for the Windows 7 deployment. In fact, support costs went down relative to the Windows Vista® and Windows XP deployments. Windows 7 is a low-cost operating system to support.
  2. Other large companies can leverage the deployment best practices used by MSIT for their own deployments. Even for technical-driven deployments, these best practices streamline efficiencies and reduce costs.
  3. MSIT highly recommends Windows 7 from a performance and quality perspective.

MSIT's Top Goals For Windows 7 Deployment

  • Make Windows 7 one of the easiest operating systems to deploy.
  • Provide a complete installation in about 1.5 hours, including data/settings migration, Microsoft Office, and 70–80% of the business applications that users need on a daily basis.
  • Reduce Helpdesk costs by providing a seamless, user-focused, end-to-end self-installation service targeted at non-technical users.
  • Provide the same installation experience for all users, whether located on large campuses, medium sites, or small/remote sites.

Windows 7 Hardware Requirements

  • With Windows Vista, there was a significant difference between what was required by Vista and the hardware capabilities in Microsoft's three-year installation base.
  • Windows 7 hardware requirements match up well with the three-year installation base. Any computer with a Windows Vista logo runs Windows 7 well.
  • Microsoft's three-year installation base includes 46 portable computers and 22 desktop computers from multiple vendors.

Minimum requirements:

Processor: 1 GHz, 32-bit or 64-bit
Memory: 1 GB of system memory
Hard disk: 16 GB of available disk space
Video card: Support for Microsoft DirectX® 9 graphics with 128 MB of memory and a Windows Vista-supported driver

User-Focused Deployment Approach

Deployment Scenarios

Type of site

Installation with Data Migration (Recommended)

Clean Installation

Windows Vista Upgrade

Large campus

Windows Deployment Services (WDS)

Windows Deployment Services

Flat file

Medium site

Windows Deployment Services

Windows Deployment Services

Flat file

Small/remote site

ISO

ISO

ISO

User Communications

The deployment focused on installation with data migration as the preferred scenario. When users clicked a deployment scenario, they were taken to a page with content specific to that deployment mechanism. The content included a four-page Work Smart installation guide, content from Microsoft.com, and FAQ and Known Issues.

Delivery Methods

  • WDS is the primary deployment solution
  • Piloted pre-release System Center Configuration Manager OSD (Operating System Deployment) in the Puget Sound area
  • Created factory images at RTM for new computers
  • Provided ISO on USB memory sticks (instead of DVDs) for remote workers

Microsoft IT Image

  • Provides all applications, drivers, and OEM utilities needed to guarantee complete functionality.
  • Over 70% of the drivers for the three-year installation base are downloaded at installation from Windows Update (WU), so only 30% of the drivers had to be included in the image.
  • Top five languages are included in the image. Other languages are available through WU as optional installations.
  • Uses a task sequencer to deliver drivers and core productivity and business applications.
  • Single image scales through the use of deployment wrappers for WDS, OSD, ISO, and USB, resulting in the same installation experience for all users.
  • Provides easy-to-understand error messages and status and progress information at all stages; no unexpected pop-ups or Command Prompt windows.
  • Leverages USMT 4.0 for in-place data and settings migration. The same solution works for Windows XP.
  • Offers choice of 32 or 64-bit operating system.
  • Finishes up with BitLocker® Drive Encryption on all BitLocker-capable systems.

Image Architecture

  1. The bottom layer is the base operating-system image, which includes the unattend.xml, out-of-the-box experience (oobe.xml), QFEs and patches, the critical boot drivers, and USMT 4.0.
  2. The task sequencer, which is wrapped around the base operating-system image, adds the applications, driver payload, and the maintenance scripts.
  3. The MSIT branding and communications are wrapped around the task sequencer.

USMT 4.0 Migrates Data and User Settings

  • In the Windows Vista timeframe, MSIT used several tools to do data migration. Backup and restore added two to three hours to the installation process, resulting in negative feedback from users. Helpdesk call volumes were high.
  • For the Windows 7 deployment, MSIT used USMT 4.0 to do in-place data and user settings migrations. USMT adds only 5 or 10 minutes to the installation. After installing, users are ready to go with all of their files and settings. MSIT did not lose any data throughout the whole deployment process.

Office 2010 and Other Productivity Applications

MSIT offered users a choice of Office 2007 or Office 2010 in the installation process. If users did not make a choice, the image defaulted to Office 2010. 78K users installed Office 2010 before RTM. There were 37K installations of the RTM version in one month. Office and Windows 7 work very well together.

MSIT focused on including 70–80% of the common productivity applications in the image but achieved 90% since a significant portion of line of business (LOB) applications are Internet Explorer® based and do not require installation.

LOB Application Compatibility Testing

Instead of testing 1500 LOB applications, MSIT concentrated on 234 critical applications that exercised common programming methods, data structures, and system infrastructure. MSIT used these 234 applications as proxies for the full application environment. Overall, MSIT tested 49% fewer applications than with Windows Vista, which saved resources without sacrificing quality. Only one legacy Internet Explorer application caused problems. MSIT used Microsoft Enterprise Desktop Virtualization (MED-V) as a stopgap measure to support this application.

BitLocker Drive Encryption

  • BitLocker is easy to deploy in Windows 7. Everything is built in, so MSIT just uses standard calls to turn BitLocker on, take ownership of the Trusted Platform Module (TPM), do the Drive Shrink if needed, and start the encryption process. It was very easy to broadly deploy BitLocker across Microsoft.

DirectAccess

  • DirectAccess in Windows 7 and Windows Server 2008 R2 provides an always-connected environment for Microsoft's 10,000 remote workers.
  • MSIT uses DirectAccess with IPsec, IPv6, and Network Access Protection (NAP). MSIT also uses smartcards for two-factor authentication. MSIT is seeing great client net satisfaction (NSAT) and strong productivity gains for remote-access workers.

Microsoft Desktop Optimization Pack (MDOP)

MSIT is leveraging or piloting the following tools from the MDOP.

Tool

Used For

Application Virtualization

Adobe and Office pilots

Diagnostics and Recovery Toolset

Broadly deployed with Helpdesk for file recovery

MED-V

Used for one legacy Internet Explorer application

WDS Infrastructure

MSIT used 220 WDS servers worldwide for image availability. In the Puget Sound area, MSIT was initially sustaining over 3000 installations per day on six servers. MSIT upgraded the servers to the pre-release version of Windows Server 2008 R2 and enabled multicast and multiband, which dramatically improved the user experience.

Windows 7 Deployment Results

Helpdesk

  • MSIT set aggressive Helpdesk call volume goals for Windows 7. The goal was to have a 15% call volume rate during the Pre-Beta/Beta phase, 12% at RC, and 10% at RTM.
  • Actual Helpdesk incident rates started at 15% during the Pre-Beta phase, but dipped below target for Beta and RC. At RTM, call volumes were 5.29%. More than one-half of these calls had nothing to do with Windows 7 issues.
  • Post RTM, MSIT sees sustained call volume rates of about 2%, which is unheard of for an operating-system deployment.

Deployment Metrics

  • MSIT's goal was to deploy Windows 7 RTM to 66,000 clients within 60 days of RTM.
  • MSIT easily exceeded this goal, deploying Windows 7 RTM to 84,000 clients within 60 days of RTM.
  • To date, MSIT has deployed Windows 7 RTM to over 190,000 clients worldwide.

Education Resources

Questions & Answers

How do you troubleshoot driver issues when they are managed through Windows Update (WU)?

You can identify the drivers and where they come from by doing a driver ID. There is also a variety of information about where the drivers come from. If there is an issue with one of the WU drivers, you can report it to the WU team and they will take care of it. If you have a problem with a driver, you can do an update over the top of the WU driver. It will take precedence over the WU driver. So you can remediate until the driver issue is resolved. You can push the driver out via System Center Configuration Manager or other management tool.

Does MSIT use just one vendor to build a single image?

No, there are multiple vendors on MSIT's standards list. The MSIT image supports over 46 notebooks and 24 different desktops from the three-year installation base. MSIT includes drivers for all of those hardware devices in the MSIT image. The task sequence process identifies the manufacturer and model of the device and if it is one of the supported standards it creates a small table based on that information and it installs the appropriate drivers that are not included in WU. This is how MSIT is able to support all of the different hardware with one image.

Did you have to increase IT personnel to deploy Windows 7?

No. There were budget constraints when MSIT deployed Windows 7 so MSIT had to stay budget neutral. From a Helpdesk standpoint, in previous operating-system deployments, MSIT has always planned on additional costs to support the deployment. With Windows 7, MSIT actually reduced costs from a support perspective. Overall, MSIT's deployment costs have gone down.

With 66,000 deployments in four weeks, how long did it take to do the applications compatibility testing and remediation?

When deploying Windows 7, MSIT ran through a compatibility test cycle at each major milestone. MSIT started deployments around the pre-beta timeframe and provided an environment for users to test the remediation. By RTM, MSIT had already done the test passes so it didn't delay deployment. Most of the issues were minor. The one major issue was related to a legacy Internet Explorer application that kept MSIT from deploying to about 2000 users.

How do you deploy to home office workers?

MSIT provides two solutions. Home office workers can:

  • Download the image and burn it to a DVD.
  • Download the image and burn it to a USB memory stick.

MSIT's preference is the USB memory stick. The installation process from USB is much faster.

Do users have a choice between 32-bit vs. 64-bit versions of Windows 7?

Yes. The primary deployment is 64-bit. MSIT still has some older hardware (for example, some of the earlier Netbook PCs) that only supports 32-bit. But 64-bit is the preferred deployment solution. And all of the new PCs coming from the factory default to the 64-bit image.

Within our environment, we are utilizing third-party encryption software and encryption keys. How is encrypted data managed with the Windows 7 approach?

Microsoft IT uses BitLocker. If you use BitLocker as your encryption solution, once you set BitLocker up and do the encryption, you can suspend BitLocker to install the new operating system or do major changes, and then re-enable BitLocker. That's not always the case with third-party encryption solutions.

Did you disable UAC in your corporate environment?

No. MSIT found that leaving it enabled was a best practice.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.