Notes from the Field – Windows 10 Planning and Architecture
By Steven Black
Nearly all organisations are going to move to Windows 10. Like it or not, the current operating systems we run will fall out of support, vendors will upgrade their applications, hardware manufacturers will no longer write drivers, and the Windows 10 train will take you aboard. Along the way you’ll gain a lot of features that will help with security and tighten up control of information.
Remember the last desktop upgrade project you did? Anyone who has done one never forgets it. The optimism at the start, then week after week having to negotiate schedules, upgrade desktops and laptops, resolve user problems after the upgrade, and the long tail at the end when it takes almost as long to do the remaining 5% of folks as it did for the previous 95%. It’s hardly surprising desktop migrations are viewed as a tricky and expensive things to do.
I wish I could say it will all be different for Windows 10 but – it depends. It depends on whether you upgrade, or opt for the traditional “wipe and load” when deploying Windows 10. By upgrading, you are only changing the underlying operating system; all of the applications and user profile settings remain as they were. This obviously means less disruption to the user as the upgrade time is less than a wipe and load and they lose none of their applications or profile customisations.
However, for upgrading, the fly, or more like flies, in the soup are that your applications have to be Windows 10 compatible or fixable by using shims, and any third party disk encryption software can be suitably configured to allow the upgrade to get past the first reboot.
To find out if your applications are compatible one of the best routes is to use the free Microsoft OMS Upgrade Readiness tool. This deploys an agent to your workstation estate which then reports application information back to the OMS cloud service. This in turn analyses the application data and, from its large knowledge base, tells you if your applications are compatible, compatible with shims, incompatible or unknown. This helps a lot in planning a Windows 10 deployment as you can quickly identify the machines that are potential upgrade candidates.
For disk encryption products it’s very much a matter of asking each vendor if or how they can allow the upgrade. Some, such as Symantec, provide guidance on how to upgrade. Others, such as PGP Desktop, will stop an upgrade before it begins. Decryption is always an option, but is impractical in the context of an enterprise deployment as it takes hours and may breach your security policy if carried out.
The success rate of upgrades is also a factor. In the field we have seen success rates of 90% or more on Windows 7 and 8.1 machines with relatively standard hardware and software configurations. The further you deviate away from standard the rate drops, as hardware drivers and unknown or incompatible applications prevent the upgrade.
Opting to upgrade is a sensible option if you want to minimise business disruption, have very few incompatible applications that are not in mainstream use, and can work around third party disk encryption to allow the upgrade to proceed. It does mandate testing beforehand to prove the consistency and reliability of the process, but this is true for wipe and load scenarios too.
This is part one of a series where we will bring you our experiences of deploying Windows 10 in the wild. I hope it has been useful – you can contact me on the email address below.