Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Windows as a service

advertisement 
Windows 10 Deployment
In-Depth Overview
Michael Niehaus
@mniehaus
blogs.technet.com/mniehaus
Required Reading
Plan for Windows 10 Deployment
https://technet.microsoft.com/enus/library/mt574241(v=vs.85).aspx
Introduction to Windows 10 Servicing
https://technet.microsoft.com/enus/library/mt598226(v=vs.85).aspx
Michael Niehaus
Redmond, WA, USA
Director of
Product
Marketing
#MMSMOA
•
20 years with
SMS/ConfigMgr
•
12 years with
Microsoft
•
3 years with
Windows
product
management
http://blogs.technet.
com/mniehaus
@mniehaus
Only 1526 days
until the end of support
for Windows 7
Only 63 days until the end of support
for IE8, 9, and 10 on Windows 7
You need to move to IE11 by January 12, 2016.
Step 0. Get to Internet Explorer 11.
Enterprise Investments for Internet Explorer 11
Help with Compatibility Issues
•
Enterprise Mode, offering improved Internet Explorer 8
compatibility and document type overrides
•
Enterprise Site Discovery Toolkit, to better understand
how users are browsing
•
All capabilities will be carried forward to Windows 10
A Natural Stepping Stone to Windows 10
•
Migrate to Internet Explorer 11 on Windows 7
(before 2016) to prepare
•
http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-upto-date-with-internet-explorer.aspx
Legacy Web Apps
Required Reading
Internet Explorer 11 (IE11) - Deployment Guide for IT Pros
https://technet.microsoft.com/enus/library/dn338135.aspx
Stay up-to-date with Internet Explorer
http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-upto-date-with-internet-explorer.aspx
Step 1. Prepare for Windows 10.
ConfigMgr and MDT Support for Windows 10
Product
Supports Windows 10
Management?
System Center Configuration Manager 2007
with hotfix
System Center 2012 Configuration Manager
with SP2
System Center 2012 R2 Configuration Manager
with SP1
Supports Windows 10
Deployment?
System Center Configuration Manager v.Next
Microsoft Deployment Toolkit 2013
Configuration Manager v.Next Enhancements
•
•
•
•
Upgrade task sequence
Windows 10 configuration support
New Windows 10 servicing features
Configuration Manager as a service, to support Windows 10 CB/CBB
with Update 1
MDT 2013 Update 1 (re-release) Enhancements
•
•
•
•
Upgrade task sequence
Split WIM support
DISM for applying and capturing images
Bug fixes
Required Reading
The Future of Configuration Manager
http://blogs.technet.com/b/in_the_cloud/archive/2015/10/
27/the-future-of-configuration-manager.aspx
System Center Configuration Manager: Support for
Windows 10 and Microsoft Intune
http://blogs.technet.com/b/configmgrteam/archive/2015/
10/27/system-center-configmgr-support-for-win-10-andintune.aspx
Windows update needed to support Windows 10 with existing KMS servers (Windows
Server)
• https://support.microsoft.com/en-us/kb/3058168 adds support with Windows 8, Windows 8.1,
Windows Server 2012, Windows Server 2012 R2
• https://support.microsoft.com/en-us/kb/3079821 adds support for Windows 7 and Windows Server
2008 R2
New KMS and MAK keys needed, available on VLSC on 8/1
• Look for “Windows Srv 2012R2 Data Ctr/Std KMS for Windows 10” on VLSC under licenses, not under
downloads and keys
Continued support for Active Directory-based activation (re-configure with new KMS
key)
Windows Server 2008 R2 and above
•
Previous versions are no longer supported, upgrade now
•
Update KMS with a hotfix, as already discussed
•
Any forest level, functional level, schema level (although some specific features may require higher)
Consider upgrading to Windows Server 2012 or above
•
WSUS support for deploying Windows 10 feature upgrades via hotfix
http://support.microsoft.com/kb/3095113
•
Won’t be backported to Windows Server 2008 R2 (already in extended support)
•
Be sure to select new products (for WSUS and ConfigMgr SUP)
Keep an eye on Windows Server 2016
MDOP 2015 (released in August) adds Windows 10 support, via
service pack-style releases
Product
Required/Recommended Version
AGPM
AGPM 4.0 SP3
App-V
App-V 5.1
DaRT
DaRT 10
MBAM
MBAM 2.5 SP1, 2.5 is OK
UE-V
UE-V 2.1 SP1
App-V 5.1 Enhancements
App-V 5 Adoption
Improved Q:\ drive support
for App-V 4 package
conversion
Added support for multiple
scripts per trigger
Application
Compatibility
Added Windows 10 support
Added Advanced Package
Editor Abilities
Expanded Copy-on-Write to
support more file extensions
Environment Variables are
merged in Connection Groups
Manageability
Modernized the App-V Server
User Interface
Consolidated and simplified
client logging
UE-V 2.1 SP1 Enhancements
Added Windows 10
compatibility
Network printers synchronized
between devices
New Windows 10 desktop
settings
Synchronized default printer
setting
Improved performance when
deploying templates from a
Template Catalog
Fixed automatic population of
AD Home Path for Setting
Storage Path configuration
MBAM 2.5 SP1 Enhancements
Improve managing the
enablement of BitLocker
during Windows Imaging
Improve MBAM server
logging and diagnostic
abilities
Encrypted Hard Drive support
Import BitlLocker/TPM
recovery information from AD
to MBAM
TPM Auto-Unlock after
BitLocker Recovery
International Domain Name
support
Customize the message in the
BitLocker Recovery Screen
(Win10)
FIPS compliant recovery
password support on
Windows 7 (requires Windows
hotfix:
http://aka.ms/bitlockerfips)
Backup Windows-created
TPM OwnerAuth (not just
MBAM-created)
Full Windows 10 support
Step 2. Deploy Windows 10.
How to deploy
Wipe-and-Load
In-Place
Provisioning
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
Configure new devices
• Transform into an Enterprise
device
• Remove extra items, add
organizational apps and config
Still an option for all scenarios
Recommended for existing
devices (Windows 7/8/8.1)
New capability for new devices
Moving In-place
Preferred option for enterprises
• Supported with Windows 7, Windows 8, and
Windows 8.1
• Consumers use Windows Update, but enterprises
want more control
Simplified process, builds on
prior experience
• Popular for Windows 8 to Windows 8.1
• Piloted process with a customer to upgrade from
Windows 7 to Windows 8.1, as a learning process
• Use System Center Configuration Manager or
MDT for managing the process
• Feedback integrated into Windows 10 to provide
additional capabilities for automation, drivers,
logging, etc.
• Uses the standard Windows 10 image
• Working with ISVs for disk encryption
• Automatically preserves existing apps, settings,
and drivers
• Fast and reliable, with automatic roll-back if issues
are encountered
Moving In-place
When not to use in-place upgrade?
•
•
•
•
•
•
•
Changing from Windows x86 to x64
Systems using Windows To Go, Boot from VHD
Changing from legacy BIOS to UEFI
Dual boot and multi-boot systems
Image creation processes (can’t sysprep after upgrade)
Using certain third-party disk encryption products
Wholesale changes to the apps on existing PCs
Provisioning, not reimaging
Take off-the-shelf
hardware
Device is ready for
productive use
Transform with little or no
user interaction
User-driven, from the cloud
• Company-owned devices:
Azure AD join, either during OOBE or after from
Settings
IT-driven, using new tools
• Create provisioning package using Windows
Imaging and Configuration Designer with needed
settings:
• BYOD devices:
“Add a work account” for device registration
• Change Windows SKU
• Automatic MDM enrollment as part of both
• Install apps and updates
• MDM policies pushed down:
• Change the Windows SKU
• Apply settings
• Install apps
• Apply settings
• Enroll a device for ongoing management
(just enough to bootstrap)
• Deploy manually, add to images
Traditional Deployment
Enhancements to existing tools
Minimal changes to existing
deployment processes
• New Assessment and Deployment Kit includes
support for Windows 10, while continuing to
support down to Windows 7
• Will feel “natural” to IT Pros used to deploying
Windows 7 and Windows 8.1
• Minor updates to System Center 2012 to add
support
• Minor updates in Microsoft Deployment Toolkit
2013 Update 1 to add support
• Drop in a Windows 10 image, use it to create your
new master image
• Capture a Windows 10 image, use it for wipe-andload deployments
App & Device Compatibility
•
•
•
•
Hardware requirements are unchanged
Strong desktop app compatibility
Windows Store apps are compatible
Internet Explorer enterprise investments
Step 3. Keep Windows 10 up to date.
Market driven quality: external and internal
Hundreds
of millions
10’s of
thousands
Several Million
Users
Engineering
builds
Broad
Microsoft
internal
validation
Microsoft
Insider Preview
Branch
Current Branch
Time
Current Branch for Business
Customer
Internal Ring
I
Customer
Internal Ring
II
4 to 6 months
4 months
8 months
*Conceptual illustration only
Customer
Customer
Internal Ring
Internal Ring
III
IV
Application Compatibility Testing
Windows as a Service requires a new approach:
Identify mission-critical applications and web sites
•
Focus testing effort on just these apps
Leverage internal flights for testing other applications and web sites
•
From initial pilot groups to large populations of users
•
Define groups to ensure broad hardware and software coverage prior to broad deployment
•
React to issues reported, remediate issues before expanding
Talk to your ISVs to determine how they plan to support Windows
as a service
Costs for deployment
Traditional deployment (ever y 3-5 years)
2001
2002
2003
2004
2005
2006
2007
Apps
2008
2009
Infra
Imaging
2010
2011
2012
2013
2014
2015
2025
2026
2027
2028
Windows as a ser vice (2-3 times per year)
2009
2015
2016
2017
2018
2019
2020
Apps
2021
2022
Infra
Imaging
2023
2024
Thinking through deployment strategy
Windows Insider
Preview Branch
Current Branch
Current Branch for
Business
Long Term
Servicing Branch
Information workers
General population
Specialized systems
Stage broad deployment
Deploy for mission critical
systems
Deploy to appropriate audiences
Specific feature and
performance feedback
NUMBER OF DEVICES
Application compatibility
validation
Test machines, small pilots
STAGE
Test and prepare for broad
deployment
Early adopters, initial
pilots, IT devices
Release
Configuring to receive feature upgrades via CBB
Settings-> Update and Security-> Windows
Update -> Advanced Options
Computer Configuration -> Administrative
Templates -> Windows Components ->
Windows Update
If you are using WSUS or ConfigMgr, the setting doesn’t really matter. Affects Windows Update.
What to deploy
Microsoft Windows 10 Enterprise
(Current Branch, Current Branch for Business)
Microsoft Windows 10 Enterprise 2015 LTSB
When to deploy
Windows Insider
Preview Branch
Current Branch
Current Branch
For Business
Specific feature and
performance feedback
Deploy to appropriate
audiences via WUB
Stage broad deployment
via WU for Business
Application compatibility
validation
Test and prepare for broad
deployment
Evaluate
Pilot
4-8 months of active
development
4 months (minimum)
Deploy
8 months (minimum)
12 month deployment
(minimum)
When to deploy
Evaluate
Pilot
Evaluate
Deploy
Pilot
Evaluate
Deploy
Pilot
Deploy
• There will be two supported CBB releases in the market at all times
• Be prepared to jump from one release to the next
• Don’t try to skip one, as it compresses the deployment timeline too much
Staying up to date with Windows 10
Windows Update
• Cloud
• Upgrades installed as
they are released
(subject to throttling)
• Delivery optimization
for peer-to-peer
distribution
• Only option for
Windows 10 Home
Windows Update for
Business
• Cloud
• Upgrades can be
deferred
• Uses Windows
Update for content
Windows Server
Update Services
• On-Prem
• Upgrades are
deployed when you
approve them
• Content distributed
from WSUS servers
• Requires KB3095113
System Center
Configuration Manager
• On-Prem
• Choice of task
sequence-based
upgrades or (with
vNext) software
update capabilities
• Content distributed
from ConfigMgr DPs
Step 1. Point all computers to Windows Update directly (no WSUS or SUP)
Step 2. Create policies (GPO) or settings (MDM) to specify how long groups of machines
should defer.
Computer Configuration ->
Administrative Templates ->
Windows Components ->
Windows Update
Step 3. Target policies or settings to different groups of PCs.
Discuss…
Ask your questions-real world answers!
Plenty of time to engage, share knowledge.
Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also
download slides). One lucky winner will receive a free ticket to the next MMS!
SPONSORS
Session Title: Deploying Windows 10 in the Enterprise
Related documents
Powerpoint Project * Windows 8
Powerpoint Project * Windows 8
Migrating to New Technologies
Migrating to New Technologies
Cabled deployment of 5-beam Dopplers for wave/turbulence
Cabled deployment of 5-beam Dopplers for wave/turbulence
MBUG Office 365 B2B
MBUG Office 365 B2B
Infrastructure Engineer Job Description This position of infrastructure
Infrastructure Engineer Job Description This position of infrastructure
serviceEngineering2
serviceEngineering2
2014.11-NYExUG-Microsoft-Chandan-Bharti-Microsoft
2014.11-NYExUG-Microsoft-Chandan-Bharti-Microsoft
Understanding Server App-V, Sequencing and Deploying Datacenter
Understanding Server App-V, Sequencing and Deploying Datacenter
Download
advertisement