Home » DA » Win10 to end endpoint woes

In last decade or so, in my pursuit to improve enterprise IT and user productivity while lowering TCO, I have explored server technologies throughout. Be it Linux/Unix or windows server, exchange or skype for business server, private cloud or public, perl or PowerShell automation, I tapped their innovations to help business, user as well as security/compliance. However, Client OS is the one I have not been into, beyond installing on my own system and test VDI/VM. This is the one that touches all enterprise user and If not kept up to date, for sure can render the effectiveness and adoption of solutions deployed in enterprise. For example, direct access (DA), if can’t connect on teredo, would fall back on IP HTTPS. Win7, with double encryption on https tunnel doesn’t give a great remote access experience. Bitlocker encryption, if not done at the time of OS deployment, doesn’t go well with the lack of encrypt only data used portion of the volume in win7. There are many reason and excuse like manpower required to backup/restore data as well as performing the OS upgrade, availability of user and their system, application compatibility. On top of that unprecedented UI and architecture changes, creating roadblock towards new client OS adoption. Vista never seen the light and win7 migration was intensified only towards the end of XP retirement stage. Not even one percentage of systems in the enterprise moved to Win8 as clicking on the start button to shut down the machine was a non-negotiable option for most users.

Roadmap of Windows 10 to have win7 and win8 UI fusion along with in place upgrade option, prompt me to explore the opportunity to migrate the enterprise users to win10, quickly and holistically. This blog series will be on my as is situation analysis and the approach taken to improve them and get the win10 enterprise migration aspiration in fast track.

For existing systems, traditional deployment approach of wipe and reload takes lot of productive time, for both user and desktop engineer. And the multiple dependencies like user availability, makes overall migration with wipe and reload approach takes forever to complete. The approach of tying up with OEM to supply new systems with enterprise image helps in achieving the migration in case of system refresh. However, it does come with shortcomings like long delivery time and inflexibility to incorporate changes through enterprise image. If planned well, both the new in-place upgrade and provisioning package options with Windows 10 can help addressing these challenges and open up the new era of leveraging user to migrate their own system i.e. self-service way. Here are few key points as part of defining the approach for windows 10.

  • Upgrade process has to be idiot proof so that user self-service can be an option to migrate the OS. Windows 10 comes with matured upgrade process that takes care of most of things. In case something goes wrong, fall back mechanism bring back to where it was started.
    • Default image that can be used for in place upgrade gives limited opportunity for customization. Irrespective of the current working status of direct access (DA), post upgrade to windows 10 remote systems requires DA connectivity to get themselves activated from corporate KMS.
  • Image size has to be smaller so that it helps user to download the image file for self-service upgrade.
    • Current image from tools like MDT/SCCM etc. goes beyond 10G and even without office package it doesn’t fit into a single layer DVD. Asking user to download such humongous image, especially who are remote, is going impact. Default image of windows 10, supported for in place upgrade is small but does have scope for further reduction in size. Unalike the WIM image, new ESD format doesn’t provide options like image servicing. However, the reduced size makes it a perfect choice for media that goes to end user.
  • In place upgrade takes well care of migrating data and application, except few observations.
    • I have seen upgrade process doesn’t complain about certain VPN client. However, post upgrade none of the network connection works with the presence of that VPN client in add/remove program.
    • Antivirus software along with bundled add-in modules like HIPS, DLP etc. creates roadblock if not upgraded to supported version. The choice given by windows 10 upgrade process to uninstall would fail if uninstallation code is required by the software.
  • Driver, BIOS and firmware update
    • By and large old version of them, that was working fine so far, can create issue under windows 10 if not up to date. Things like system freezing, BOS, no network connection etc. are quite common observation if not using right driver. It is better to update them before migration or have them downloaded to a local folder or flash driver so that even with issues like no network connection after upgrade, they can be updated from this local drive.
  • Provisioning package option is evolving, not much option now to dealt with win32 applications
    • Package create from Scanstate, part of USMT are big and always gets into error
    • Use of ICD gives only installation option at run time. It needs to be scripted, only silent installation and logging need to be taken care as no built in logging.
  • System Drive free space availability for in place upgrade
    • Important aspects of in place upgrade is the ability to rollback in case of any issue during upgrade process. For this the upgrade process has to preserve existing OS, applications and settings along with user data. Hence adequate space required on system to squeeze the windows 10 OS along with whatever already there. Often the hard drive on user machine is partitioned and over a period of use free space on the OS drive is reduced to an extent that in place upgrade is not feasible. Though, modern OS allows to expand the volume the free space need to immediately after the sector where system drive ends. Like if you have D drive after C drive, you might have to first shrink D drive, create E drive on the shrink space, move data from D to E and delete D than to give the required continuous sector for C drive to expand.

Next Post will be on making the image ready.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*