How (and why) to get going on Windows Vista adoption
On this pageWhy should you care?
What IT pros should look for in Windows Vista
Why accelerate Windows Vista deployment
OK, we agree that OS migration is no easy task
Addressing the challenges
It seems like just last week you finally got Windows XP fine-tuned and secure in your organization, and now you are looking at taking on that pain all over again with Windows Vista. You’ve read the blogs on missing drivers, application compatibility, and new management processes—why can't you just stick with the tried and true?
The fact is, major OS updates don’t happen that often and to the extent that they do it's a fair bet that at some point organizations will start the adoption process; the question is when is the right time to begin and how fast to proceed.
There is a lot of information and misinformation about Windows Vista in a managed IT environment. This article is intended to clear up misperceptions and provide an honest and frank assessment of the challenges and benefits of Windows Vista for you as an IT professional.
As early adopters are beginning to experience, the bottom line is this—Windows Vista does represent a major improvement for IT pros managing a desktop environment, and despite the challenges, on balance it is worth investing the time to learn about Windows Vista from an IT management perspective, because:
- Many organizations have now successfully deployed Windows Vista
- Windows Vista will give you more control to keep desktops up and running
- Windows Vista and the ecosystem is ready for you to begin the adoption process
- Available guidance and tools make migration easier than you think
Why should you care?
At the outset, most of you will experience Windows Vista from the perspective of an end user. Sure, there are improvements in visual design, integrated search, and user interface, but so many of the reasons to embrace Windows Vista lie behind the scenes. The ability to tightly control PC settings and configurations, the improved security architecture, the ability to reduce the number of images created and maintained, and the self-healing properties all combine to make the work of managing Windows Vista PCs better and easier than Windows XP.
What IT pros should look for in Windows Vista
Deployment and management
Windows Vista includes new and updated features that make it easier for you to manage client computers in your organization:
- Modular architecture and a new file-based imaging format (WIM) allow a single language-independent and hardware-independent image to be created and deployed across the infrastructure. In addition, non-destructive imaging now allows a PC to migrate to Windows Vista while preserving files and settings.
- Expanded Group Policy settings make almost every aspect of Windows Vista centrally configurable, providing an appropriate level of lockdown and fewer opportunities for disruption.
- Expanded reporting and event logging allows you to view computer system health and status to prevent or diagnose problems.
- The improved Task Scheduler automates routine administrative and system tasks, and responds to events on client computers by triggering responsive actions when specified events occur.
Windows Vista is designed to correct common problems and errors without IT intervention—saving time and effort while keeping end users up and running:
- Automatically detects and resolves many known problems—requiring little or no effort on the part of your end users, either repairing the problem or providing a series of steps for the user to follow.
- The Windows Network Diagnostics tool identifies the top potential issues preventing network connectivity, and automatically takes appropriate steps toward correcting them.
- Built-in diagnostic scenarios record events in the event log, providing a record of automatically repaired issues and provides detailed information on problems that can't be resolved automatically.
Layered defenses employ a strategy of prevention, isolation, and recovery against malicious software threats and intrusions:
- User Access Control gives administrators the option of restricting permissions while still enabling most applications to run—reducing the 'attack surface' on individual PCs by avoiding administrator credentials for most users.
- BitLocker Drive Encryption protects information on laptops and hard drives to prevent security breaches.
- The improved firewall offers a new Advanced Security interface for configuring client PC and Internet protocol security (IPsec) settings, with full Group Policy support for configuration and rules. In concert with Windows Service Hardening, the new architecture provides defense-in-depth and restricts abnormal activity.
Why accelerate Windows Vista deployment
Migrating to a new operating system touches every aspect of the PC environment, and is consequently a complex undertaking. It's no wonder that the safer option appears to be to delay for as long as possible. On one hand, the longer a new OS deployment is put off, the more mature the ecosystem becomes—resolving most of the compatibility and readiness issues. So the best course of action is to put off the pain to a later point in time, right?
While deploying Windows Vista early will cause you to encounter more issues than if you were to wait, in the long run the advantages of accelerating the process outweigh the added pains. It's not just getting to "nirvana" sooner where you can take advantage of the benefits over Windows XP; you will avoid a number of problems and find yourself in a better position in your organization if you begin the process as soon as possible.
Super users will often bring Windows Vista into the environment for a particular purpose. You'll want to be able to handle any issues that arise, and maintaining a knowledge advantage in the organization is important. An IT organization that is ahead of even their most advanced users commands respect, making resources easier to garner.
- Windows Vista has specific management and security advantages that you will want to take advantage of, especially if you have environments that will benefit from lockdown, or if you have many mobile users with critical confidential information on their laptops.
- Windows Vista is out there, so before it finds its way into your infrastructure, it is advantageous to understand Windows Vista as a "managed node" so that you are able to stay ahead of issues that might surface.
- As the first major update in five years, Windows Vista migration is foreseeable in a Windows environment. The sooner that you begin familiarizing yourself with Windows Vista, the more prepared you will be for a conversion driven by new business requirements or a dictate from the CIO.
Understanding Windows Vista as a "managed node" is different from understanding it as an end user. It is therefore important to familiarize yourself with Windows Vista in a lab environment and become comfortable with the testing and deployment tools as early as possible, so adoption into your infrastructure (intentional or unintentional) isn’t disruptive to your work or the management processes.
OK, we agree that OS migration is no easy task
Application compatibility can be a challenge with Windows Vista. While there are several tools and techniques to understand and mitigate application compatibility and conflicts, this will probably represent the most challenging aspect of the migration to Windows Vista.
- Windows Vista represents a significant change in the underlying code base. The changes were made for fundamentally sound reasons around security and broad-scale manageability, but consequently many applications needed modification to function properly.
- Some software vendors have been slow to update their applications to work with Windows Vista, so consequently it is can be a challenge for IT pros to ensure that the portfolio of key business applications and utilities function properly.
- With the impact on so many applications, just testing the portfolio for compatibility and conflicts can be extensive, depending on the number of applications the IT group supports.
Windows Vista has high demands for hardware capability. PCs and laptops more than a couple of years old are probably not good candidates for migration to Windows Vista; in this case it is better to wait until the asset is retired and bring Windows Vista in on the refresh cycle.
- Windows Vista is designed to take advantage of advancements in processing and display technologies, but older PCs may struggle in performance.
- Some hardware vendors have been slow to develop updated device drivers for Windows Vista, so ensuring the devices operate properly requires extra effort and in some cases delays.
Windows Vista represents a change to how the PC infrastructure is managed.
- Windows Vista was designed to make deployment and management easier for IT pros, but this entails some changes to management processes, especially around group policy and security configuration. The end result is more control and greater security, but you will need to change some of the ways you do things.
- Windows Vista uses a new file-based image format, so the way you create, deploy, and manage images will change. The benefit is that you can now have a single image that is hardware and language independent.
- Windows Vista images are much larger than Windows XP images—typically 2GB or more. Your network capacity may impact how you decide to deploy Windows Vista to specific PCs.
Windows Vista represents a change in how some activities are performed by end users.
- There will need to be some degree of guidance and training for end users to perform daily tasks. Once they become familiar with these refined processes, their productivity will increase, but it will require some initial guidance.
Addressing the challenges
Approaching Windows Vista deployment as a sequence of small steps will greatly simplify the overall process, and certainly make it seem less overwhelming. Before starting, think about the process at a high level, and familiarize yourself with the information you’ll need and potential challenges at the key milestones. This will help organize the effort and avoid distracting you with unnecessary complexity.
- Discovery—first take the time to look at Windows Vista from an IT management perspective. What are the changes that will affect your work? How will day-to-day processes be improved or changed? How will changes for the end users affect your interactions?
- Exploration—dig a bit deeper into the management aspects of Windows Vista. What are the processes for managing an infrastructure comprised of Windows Vista PCs? How are images created and maintained? How can you use Group Policy more effectively to control the environment? How can you take advantage of the new security architecture to better protect the PCs, confidential data and the IT environment?
- Piloting—plan out a methodical approach to introducing Windows Vista into your infrastructure. Begin in the lab with only a couple PCs, then step up to larger groups in a series of pilot deployments. How are the tools working in your environment? How are group policy objects behaving? Have you uncovered any new application conflicts that need remediation? What hardware updates will you need to make before broad-scale migration?
- Rollout—now that you have experienced deploying Windows Vista to multiple user groups, develop a plan to roll it out across your infrastructure. Should you roll out in a staged sequence, or convert the organization simultaneously? What end-user preparation and training will you need to coordinate? How soon will you be able to consolidate down to a single OS and image?
Microsoft offers a number of tools and step-by-step guidance documents to help tackle the major steps in deployment—planning the process, assessing the application portfolio, evaluating hardware, and implementing the deployment plan. Some of the key tools Microsoft offers are:
- The Microsoft Solution Accelerator for Business Desktop Deployment (BDD) 2007 for Windows Vista and the 2007 Microsoft Office system (BDD 2007) delivers end-to-end guidance for the efficient planning, building, testing, and deployment of Windows Vista and the 2007 Office system. This accelerator provides proven tools and practices with which IT professionals can:
- Create a software and hardware inventory to assist in deployment planning
- Test applications for compatibility with Windows Vista and Windows XP Professional and mitigate the compatibility issues discovered during the process
- Set up an initial lab environment with imaging and deployment servers
- Customize and package core and supplemental applications
- Automate desktop image creation and deployment
- Ensure that the desktop is hardened to improve security within the environment
- Manage processes and technologies to produce comprehensive and integrated Lite Touch Installation (LTI) and Zero Touch Installation (ZTI) deployments
- The Application Compatibility Toolkit (ACT) enables you to determine whether your current applications are compatible with Windows Vista before migrating to the new operating system. ACT also enables you to determine how an update to the new version will affect their applications. You can use the ACT features to:
- Verify an application's compatibility with a new version of the Windows operating system, or a Windows Update including determining your risk assessment.
- Become involved in the ACT Community, including sharing your risk assessment with other ACT users. A great place to check for application readiness is http://www.appreadiness.com.
- Test your Web applications and Web sites for compatibility with new releases and security updates to the Windows Internet Explorer Internet browser. The Application Compatibility Factory (ACF) is a related service available through Microsoft partners to actually remediate application issues.
- The Windows Vista Hardware Assessment (HAT) is a tool that will find computers on a network and perform a detailed inventory of the computers using Windows Management Instrumentation (WMI). Through use of this detailed inventory, the tool will assess and report whether the computers can run Windows Vista, where to find drivers for devices on the computers, and provide recommendations for hardware upgrades, where appropriate.
- The Microsoft Desktop Optimization Pack (MDOP) is a set of tools that help you manage your desktop infrastructure more effectively and efficiently. Available through the Software Assurance program, MDOP is comprised of four modules—SoftGrid Application Virtualization, Advanced Group Policy Manager, Asset Inventory Service, and Diagnostics and recovery toolkit. These tools help reduce the challenges of migrating operating systems, from reduced testing for application-to-application conflicts (SoftGrid Application Virtualization) to comprehensive application inventory assessment (Asset Inventory Service) and configuring group policies (Advanced Group Policy Manager). For more information on MDOP, please see http://www.microsoft.com/windows.
- If your organization is a Microsoft Software Assurance customer, you might be eligible for some additional help. Depending on the products licensed, you might qualify for Microsoft Desktop Deployment Planning Services (DDPS), a 1- to 15-day engagement with a consultant trained in deploying Windows Vista and the 2007 Office system. For more information on the benefits and eligibility requirements, please visit http://www.microsoft.com/licensing/sa/benefits/deployment.mspx.
Tips for Windows Vista deployment
Where to go for more information
The Windows Vista TechNet TechCenter provides a comprehensive library of guidance, tools, resources, and tips for IT pros responsible for PC management. We have a special landing page for Windows Vista adoption resources: www.microsoft.com/technet/springboard.
User group forums are a great way to learn from others 'in the trenches' and share your tips and tricks. There are many forums that address Windows Vista issues; some of the best and most focused are available on TechNet, and have active participation from the developers on the Windows team: http://go.microsoft.com/?link=7561528
In addition to TechNet forums, you will find useful guidance and best practices on a number of third-party forums. One in particular is focused specifically on Windows Deployment: http://deploymentforum.com/
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.