Optimizing Windows 7 Deployment with MDOP
Windows® 7 (and Windows Server® 2008 R2) will cause significant changes in many corporate information technology (IT) environments. Companies must determine the readiness of their environments and applications for Windows 7. Part of that process is to manage application inventories and to mitigate compatibility issues. After deploying the new operating systems, companies must troubleshoot any issues and then manage the new configurations.
The Microsoft® Desktop Optimization Pack (MDOP) for Software Assurance (SA) can help organizations to reduce the cost of application deployment, to deliver applications as services, and to manage desktop configurations. Together, the MDOP applications can give SA customers a highly cost-effective and flexible solution for deploying and managing desktop computers.
A Windows 7 deployment is a good time to implement technologies such as MDOP. Organizations can take advantage of the people, processes, and technologies that are already engaged in the operating system rollout to deploy these technologies; in turn, MDOP can help to ease the time, cost, and effort of the operating system rollout.
This article will help IT pros to understand the value of MDOP in a Windows 7 rollout. The article describes the challenges that customers often face before, during, and after desktop deployment. It also describes how MDOP can help overcome many of these challenges.
Rolling out Windows 7 begins with deployment planning. The first step is to collect and rationalize an application inventory. Rationalization of the inventory is the process of categorizing applications and removing duplicate, unnecessary, and unwanted applications. Rationalizing the application inventory includes prioritizing applications.
Rationalizing the application inventory can help to put a Windows 7 deployment project on the path to success. Rationalization helps to plan and prioritize the application-testing effort. The process also helps to determine how to handle applications that have compatibility issues with Windows 7. Additionally, rationalization helps to reduce the number of applications that you must deploy and manage.
By implementing Microsoft Asset Inventory Service (AIS) before starting a Windows 7 rollout, an organization can get a comprehensive view of the software that is installed in its environment. AIS is an MDOP application that can help a company to understand which applications are running on its network, as well as the usage patterns of those applications, so that the company can better prioritize those applications. AIS can help companies sort those applications that require no mitigation from the applications that do. In short, AIS translates the application inventory into actionable and useful information.
You can learn more about AIS through the following resources:
- Microsoft Asset Inventory Service (AIS)
- Asset Inventory Service: Helping You Track Your Company's Inventory
- Asset Inventory Service
By the time deployment begins, the inventory should be rationalized. Companies can use the inventory to drive the application-compatibility testing and mitigation process. Most popular applications are compatible with Windows 7 and do not require mitigation. Because Windows 7 is based on the Windows Vista® foundation, most applications that work with Windows Vista will work with Windows 7. However, applications that work with the operating system at a very low level, such as antivirus and disk utilities, will probably require updates.
Microsoft continuously monitors and validates application compatibility. Microsoft has built a comprehensive list of the most widely used business applications and has tested those applications continuously throughout the product cycle. Microsoft made significant investments in the ecosystem, to help independent software vendors (ISVs) produce compatible applications. These investments were in training, tools, and testing.
The few applications that might not be compatible with Windows 7 include untested and internally developed line of business (LOB) applications. Microsoft has made significant investments in tools to help customers evaluate the compatibility of these applications. These tools include the Windows 7 Upgrade Advisor and Microsoft Application Compatibility Toolkit (ACT). Mitigating compatibility issues with LOB applications can be the most time-consuming part of a deployment. Compatibility problems can sometimes block operating system deployment altogether.
Compatibility issues do not necessarily mean a block to deployment, however. For issues that cannot be mitigated through use of ACT, desktop virtualization can be a viable alternative. Virtualization can help companies to move forward with Windows 7 deployment, by providing a safety net for compatibility. This approach provides an environment in which to run applications that have known compatibility issues. Microsoft provides desktop virtualization in two forms: Windows XP Mode and Microsoft Enterprise Desktop Virtualization (MED-V).
For businesses that have only a few PCs, Windows XP Mode is a good solution. It provides a virtual Windows XP environment that can run many Windows XP–compatible business-productivity applications. Windows XP Mode provides a seamless experience when running Windows XP–compatible applications in Windows 7. For example, users see these applications on the desktop as though the applications were running in Windows 7. They can open files, print, and use USB devices as though the applications were running in Windows 7—when in reality, the applications are running in a virtual Windows XP environment.
MED-V, a benefit of MDOP, is a solution for larger organizations. MED-V can remove compatibility barriers to Windows 7 adoption. The solution provides the benefits of Windows XP Mode with the management that IT needs. IT can centrally create, test, deliver, and maintain virtual images. MED-V helps to manage the entire lifecycle of virtual machines throughout the enterprise. Additionally, MED-V includes usage policies and data-transfer controls, such as authorization, expiration, and Web browser redirection. Like Windows XP Mode, MED-V gives users a seamless experience. They are unaware that applications are running in virtual machines.
The following resources can help you to learn more about MED-V:
- MED-V Overview
- Microsoft Enterprise Desktop Virtualization (Med-V)
- Microsoft Enterprise Desktop Virtualization 1.0
As part of the rationalization process, companies determine how to deploy each application. Of course, they fine tune these decisions during compatibility testing and mitigation. In some cases, organizations choose to deploy an application by using desktop virtualization. They will deploy the remaining applications to the Windows 7 desktop.
There are essentially two thoughts on deploying applications for Windows 7: thick imaging and thin imaging. Each has unique advantages and disadvantages.
Thick images include applications in a custom Windows 7 image that is quick to deploy. However, this image can be large and difficult to move around, and it uses a lot of bandwidth. Image maintenance is challenging because companies must install, update, and recapture the image to update applications. There is also a limit to the number of times that you can run Sysprep on an image, after which the image must be completely rebuilt. Another disadvantage of thick images is that image count tends to go up as different groups within the company have different application requirements. As a result, testing effort increases dramatically as the groups add images to the library.
Thin imaging is a best practice for deploying the Windows operating system. Thin images include the minimum required applications, if any. For example, the images might contain no applications at all or simply the bare minimum security applications. After deploying thin images, companies deploy applications to each PC. Thin images significantly reduce image maintenance in response to application updates, because the applications are not in the image. Thin images also reduce image count because far fewer unique images are required. Many companies have reduced their image count to a single Windows 7 image. As a result, testing effort is dramatically decreased, not only because of the low image count but also because thin images are much simpler than thick ones.
For businesses that are in the process of deploying Windows 7, the choice between thick and thin images is particularly timely. Tools such as the Microsoft Deployment Toolkit 2010 and Microsoft System Center Configuration Manager R2 can help companies to adopt thin imaging more easily.
Making Microsoft Application Virtualization (App-V)—which is another benefit of MDOP—part of the company deployment strategy can make adopting thin imaging even easier. App-V provides applications as a network service. This solution streams applications on demand, without actually installing them on the PC. App-V is perfectly geared to reducing image size and count. Additionally, it pays dividends down the line, by streamlining application updates and management. Updating and managing applications is also easier and less disruptive to the user, and retiring an application does not require it to be uninstalled.
See the following resources for more information about App-V:
- Microsoft Application Virtualization (App-V)
- App-V Configuration Options
- Application Virtualization 4.5
Group Policy Management
Beginning with the early planning stages and continuing through deployment, companies are usually thinking about how to manage Windows 7 after they roll it out to production.
Deploying Windows 7 is only the beginning. Of course, Group Policy is an essential way in which businesses manage their PCs. Windows 7 provides many new Group Policy settings to give businesses finer control of security and compliance on the desktop PCs in their environments. For example, settings such as AppLocker make controlling application usage easier. Most companies will want to take advantage of these new settings.
By itself, however, Group Policy does not help companies manage Group Policy Objects (GPOs). Group Policy does not provide any sort of role-based workflow. Large environments can be complex, with hundreds of GPOs. Often, different people edit different GPOs, with no formal edit, review, approval, and deployment processes. Administrators cannot edit GPOs without affecting the production environment and cannot easily roll back GPOs when they fail. Group Policy, by itself, does not provide control of authoring and deployment.
Companies will likely work with Group Policy after deploying Windows 7, so they can use this opportunity to take control of it. Another part of MDOP, Microsoft Advanced Group Policy Management (AGPM), adds the missing role-based delegation model to Group Policy. By using AGPM, companies can delegate reviewer, editor, and approver roles per domain or per GPO. AGPM provides a Group Policy workflow. Administrators can author and test GPOs offline, in a test lab, and can easily move approved GPOs into production. AGPM provides version control for GPOs and allows for quick rollback of failed GPOs. AGPM makes managing GPOs in a complex environment easier by providing features such as filtering and searching.
To learn more about AGPM, see the following resources:
- Advanced Group Policy Management (AGPM)
- A Tour of Advanced Group Policy Management
- Advanced Group Policy Management
Even after all the effort in planning and developing the perfect Windows 7 rollout, things do occasionally go wrong. Monitoring desktop PCs during deployment can help companies anticipate and identify problems before they escalate. For example, companies can identify a common failure and update the application, mitigate the compatibility issue, post recovery instructions on the intranet, and troubleshoot the root cause.
In MDOP, Microsoft System Center Desktop Error Monitoring (DEM) can help organizations monitor their environments for failures. DEM is an agentless monitoring system that is easy to deploy by using a single GPO. Using DEM, companies can identify the probable cause and probable resolution of each failure. The net result is a more-stable and more-reliable desktop environment. DEM enables companies to be proactive in identifying applications that might fail.
Deploying DEM before deploying Windows 7 can help companies to measure the before-and-after effects of the deployment. First, the company captures baseline data that describes application and system stability before deploying Windows 7. After deploying Windows 7, the company compares current metrics against the baseline data, to measure the impact of the deployment.
Every company that rolls out Windows 7 will troubleshoot the individual and isolated issues that inevitably occur with any deployment. A computer that does not start, a system failure that is caused by a device driver, or a user who accidentally deletes files are examples of common issues. Windows 7 does provide troubleshooting tools such as the Windows Troubleshooting Platform, but these tools do not help companies diagnose more-severe issues.
Microsoft Diagnostics and Recovery Toolset (DaRT) is another MDOP application that can help companies troubleshoot desktop PCs. With DaRT, organizations can recover PCs that will not start. Administrators can remove bad device drivers and services that prevent systems from starting. DaRT includes tools that help troubleshoot varieties of other problems, too. The result can be quicker recovery and reduced downtime and data loss.
You can learn more about DEM and DaRT through the following resources:
- System Center Desktop Error Monitoring (DEM)
- A Tour of Desktop Error Monitoring
- Microsoft Diagnostics and Recovery Toolset (DaRT)
- A Tour of the Diagnostics and Recovery Toolset
- Diagnostics and Recovery Toolset (DaRT)
A Windows 7 deployment is the perfect time to deploy the MDOP. First, MDOP can help companies plan for deployment by using the AIS to create and to help rationalize an application inventory.
MDOP can even ease the time and effort of performing the deployment. By using App-V, companies can reduce the cost of deployment by reducing image size and count. They can also reduce the impact of deployment by using tools such as MED-V to support Windows XP–compatible business-productivity applications that are not compatible with Windows 7.
After deployment, MDOP can help companies provide more responsive support. Organizations can use DEM to help improve post-deployment stability and reliability. Additionally, companies can use DaRT to quickly troubleshoot and recover PCs that fail.
For companies that are planning to deploy Windows 7, now is the time to consider MDOP. These organizations are already geared up for a major rollout and are in the mindset for change. They can incorporate the tools that this article describes to help optimize that process. For more information, see Microsoft Desktop Optimization Pack