Windows Vista Security and Compliance
Download
Report
Transcript Windows Vista Security and Compliance
Windows Vista and Office 2007
Deployment 101 - Best Practices, Tools and Tips
Rodrigo Mier y Concha
Windows Client Technology Specialist
[email protected]
Microsoft Canada Co.
Top Deployment Challenges
1.
2.
3.
4.
5.
Overall Cost and Complexity
Application Compatibility
Hardware Compatibility
User State Migration
On-going Maintenance
Tip of the Day!
Stay for the Optimized Desktop session (next
one) to find out about the Partners Go to Market
Opportunities to win Bigger Deals with these
technologies!
IT Labor
Infrastructure Optimization and Windows Vista
Enabled Best Practices can significantly reduce PC
deployment costs
Basic
Standardized
Rationalized
$1,320 per
PC
$580 per PC
$230 per PC
Best Practices
Desktop standardization = $110 per PC
Centrally managed PC config. = $190 per PC
Comprehensive PC security = $130 per PC
“UACorganizations
will make it possible
for users
applications
require
rights Vista
while will
“For
with a diverse
mixtoofrun
hardware
and athat
"thin"
imageadministrative
strategy, Windows
operating
under Standard
User
rights.
Notpractice
having of
thisusing
ability
in Windows
XP makes implementing
make
it possible
for them to
attain
a best
a single
image.“
this best practice difficult, and the often-required workarounds increase complexity.
Gillen, Research
IDC
––AlAlGillen,
ResearchVP,
VP,
IDC
Source: Optimizing Infrastructure, IDC 2006, Sponsored by Microsoft
Agenda
Deployment Lifecycle overview
Step 1 – Planning
Step 2 – Building
Step 3 – Implementation
Next Steps
Enabling The Deployment Cycle
Planning
Application inventory
Application
analysis/testing
Application
compatibility mitigation
Migration testing
Migration scripts
Tools
ACTThe
USMT
WVHA
VA2.0
OMPM
Building
Build desktop image
from modules
Customize image
Add drivers, languages
and applications
Capture image
Prepare for rollout
Tools
Implementation
Install image
to desktops
Migration/upgrade
Remote deployments
Tools
Microsoft Deployment
Toolkit formerly
Image BasedBDD
Setup
Image Based Setup
Consistent, repeatable
methodology and best practices
WDS
ImageX
SMS 2003
Using new Windows
VistaImage
and 2007
Office deployment
tools/ SCCM 2007
System
Manager
Microsoft Deployment
THE recommendedSysprep
methodology for desktop deployments
Toolkit
Combined learning from over 5 million desktops deployed!
The technology solution behind DDPS!Windows PE
Step 1 - Planning
• Changes in Windows Vista to
consider
• Microsoft Hardware Assessment
• Application Compatibility Toolkit
• Microsoft SoftGrid Application
Virtualization
• Volume Activation 2.0
Examples of Changes in
Windows Vista Requiring Attention:
User Account Control
Application with platform specific drivers
Registry changes
Firewall
Internet Explorer 7 - Lower Rights IE (LoRIE)
Windows Vista Hardware requirements - 800
MHz processor, 512 MB of RAM, 20 GB hard
drive with 15 GB of free space
Compatibility Solutions and Tools
Compatibility tools
1. Windows Vista Hardware Upgrade Advisor and
Windows Vista Hardware Assessment Solution
Accelerator
2. Application Compatibility Toolkit
3. Office Migration Planning Manager
Bridging technologies to address difficult
application compatibility issues
Virtual PC 2007
Terminal Services for hosting applications
Microsoft Softgrid
Microsoft SoftGrid Application Virtualization
Dynamically streaming software as a centrally managed service
»
Applications are virtualized
per instance:
»
»
»
»
»
»
»
»
»
Files (incl System Files)
Registry
Fonts
.ini
COM/DCOM objects
Services
Name Spaces
Applications do not get
installed or alter the
operating system
Yet Tasks process locally
on the host computer
DEMO
Application Compatibility Toolkit
Microsoft SoftGrid Application Virtualization
Microsoft SoftGrid Application Virtualization
Dynamically streaming software as a centrally managed service
Life without traditional
Software Installation
Deliver applications to users
on-demand –in seconds, to
any licensed machine
Reduce user downtime and
admin preparation time
associated with software
installation
Enforce authorization of
machines to applications –
permissions are centralized,
applications are sandboxed
Benefits to IT
**Return on Virtualization: Calculating the Economic Impact of the Softricity
Desktop Report 2006 http://www.softricity.com/solutions/savings-scenario.asp
Accelerate desktop deployment
and take control of the desktop
Minimize application conflicts
through application isolation at
streaming server
Minimize significant application
compatibility testing and scripting,
multi-platform packaging, or
significant regression testing
Run real time usage reports
Enable device roaming
Enterprises have experienced over
80% reduction in application
management costs, 30% reduction
in help desk costs, and enables a
four-fold increase in user up-time**
Activation Options
Online
Phone
Multiple Activation Key (MAK)
Key Management Service (KMS)
BIOS-bound
Pre-install
Multiple Activation Key - MAK
One time activation against Microsoft
Two methods of activation using a MAK:
MAK Independent Activation: Each desktop
individually connects and activates with Microsoft
(online or telephone)
MAK Proxy Activation: One centralized activation
request on behalf of multiple desktops with one
connection to Microsoft
Reactivation may be required if there is
significant change in the underlying
hardware
Has an associated upper limit, depending on
the license agreement, and can be easily
refilled
Key Management Service - KMS
Activate using customer hosted service and
NOT with Microsoft
Systems must re-activate by connecting to
KMS host at least every 180 days
Requires 25+ for Windows Vista
Default activation option for all volume
editions of Windows Vista and Windows
Server “Longhorn”
Requires no user interaction
Currently available on Windows Vista and
Longhorn Server, can run on Windows Server
2003
Step 2 - Building
•
•
•
•
Microsoft Deployment Toolkit
Windows Imaging Format
ImageX
Windows System Image
Manager
ImageX & Windows Imaging Format
Building
Build desktop image
from modules
Customize image
Add drivers, languages
and applications
Capture image
Prepare for rollout
Windows
Imaging
Modularization
• Add/remove optional components – drivers,
patches
• Language independence
Advantages
• Single instance of duplicate files (SHA-1 hashing)
• Files compressed through LZX
• WIMs can be split and applied from parts
Tools
Vista ImageX
System Image Manager
• File-based format – hardware independent
• Multiple images in one WIM file
• Single instanced and compressed – small size
• Spanned media support
DEMO
•Deployment Workbench
•System Image Manager
•ImageX
Step 3 – Implementation
•
•
•
•
•
Systems Management Server 2003
Systems Center Configuration Manager 2007
Windows Deployment Services
Microsoft Deployment Toolkit
Lite Touch and Zero Touch Installations
Microsoft Deployment Toolkit
Microsoft Deployment
Zero Touch
Lite Touch
with Configuration Manager 2007 or
SMS 2003
•No management infrastructure
•Manually initiated
•Wizard driven
•Windows XP, Windows Vista,
Windows Server 2003, Windows
Server 2008
•Central scheduling
•Central monitoring
•Windows XP, Windows Vista,
Windows Server 2003, Windows
Server 2008
•Extensions and enhancements
Leverages core deployment tools:
•Windows PE
•Windows Deployment Services
•ImageX
Provides process and tool guidance
Implementation
Windows Deployment Services
Delivers “in-box” OS provisioning solution
Leverages new deployment technology
Coexistence with RIS
Delivers customizable platform components
Remote boot capability for WinPE
Plug-in model for Pre-boot Execution Environment (PXE)
Image store and communication protocol
Unifies on single image format
Continues to deploy RIS images from WDS servers
Zero Touch Installation Workflow
SMS 2003 OSD Update
1
SMS inventory is used to create a
collection. Computers are targeted
for refresh.
2
Client receives advertisement for
OS refresh, saves user state
3
SMS delivers bootable Windows
PE image using WIM to existing
OS partition
4
Boot files are modified,
reboots to Windows PE on
hard disk, then cleans disk
MOM
SMS
Server
Logs all
activity
Target Machine
SMS Client
Agent Pre-OS
Hard
Bootable
OS
Windows
Disk PE
5
Compressed WIM OS
image is downloaded and
installed
6
Image is personalized and
boots to full OS with SMS
agent
7
SMS Advanced Client agent
starts up
8
SMS delivers role based
applications and post-OS
configuration. User state is
restored.
OS ImagePE
Delivery
Application
Delivery
Windows
Ima
SMS Advanced Client Agent
Windows-Present
Deployment Technologies
Why are the deployment technologies
important to me?
Lowering your costs
Providing best practices
Benefits in scalability, repeatability
Light and zero touch deployments
Preparing for Windows Server 2008
Preparing for lifecycle management
Significantly better than what we delivered
during Windows XP and Windows Server
2003
Tips from the Field
Start small – build a lab
Deploy Windows Vista in your organization
Demonstrate the business value – load on
a BDM/TDM’s PC
Look for the easy wins – mobile workers,
PC refresh, ISV applications
Touch the desktop once -> Vista + Office
Use the tools and guidance
www.microsoft.com/desktopdeployment
Partner Resources
• Microsoft Partner Program
Competency
• Desktop Deployment Partner
Services
Windows Desktop Deployment –
New Specialization within Advanced
Infrastructure Competency
Demonstrates proven skills and deep expertise to Microsoft
customers and increases visibility to the marketplace
Provides eligibility to achieve a Advanced Infrastructure
Solutions competency
Forms knowledge base for partner readiness programs for
Windows Vista and future versions of Windows
Customer references, individual certifications, and
deployments of Windows Vista are all part of specialization
requirements
More information at:
https://partner.microsoft.com/global/program/competencies/40033580
Desktop Deployment Planning
Services (DDPS)
What is DDPS?
Software Assurance (SA) benefit for eligible customers
4-5 day in-depth technical and hands-on training in the latest
deployment offerings from Microsoft – BDD expertise!
Microsoft pays DDPS certified partners to deliver customized
deployment plans to eligible customers
Opens the door with existing and new customers to have a Core IO
conversation while setting the stage for ongoing revenue
opportunities
8 US DDPS certified Partners have earned an average of $93,000 in
additional revenue from completed DDPS engagements.
Visit http://microsoftddps.com or contact
[email protected] for more information
Summary
There is a significant opportunity around
Windows Vista deployment
Deploying Windows and Office are now easier
than ever
Build relationships, value added services around
security, collaboration
Tools, solutions and best practices make it
easier for you to provide the service
Take advantage of the programs and
certifications
Start application and hardware testing today
Stay for the next session about Partner Business
Opportunities with these technologies!