uem1359bu best practices in migrating windows 7 to or ... · mark margevicius uem1359bu #vmworld...
TRANSCRIPT
Mark Margevicius
UEM1359BU
#VMworld #UEM1359BU
Best Practices in Migrating Windows 7 to Windows 10
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#UEM1359BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Times are a Changin’…..
#UEM1359BU CONFIDENTIAL 3
“We’re suggesting changing Windows deployment from a project
that customers do every three to five years to thinking about
deployment as a process. You move to Windows 10 and then
continually stay up to date with the new features as released, and
the benefits are that you get security capabilities faster, you get
less disruption, you get a simpler deployment process.”
Computerworld | JUN 12, 2017Quote from Michael Niehaus, Director Windows Product Marketing
VMworld 2017 Content: Not fo
r publication or distri
bution
User Trust
Today’s Evolving Windows World
Data Loss
Prevention
Conditional
Access
Device Posture
#UEM1359BU CONFIDENTIAL 4
VMworld 2017 Content: Not fo
r publication or distri
bution
Windows 10 Is Disrupting IT and Business
5
Simpler Lifecycle ManagementEnterprise Ready SecurityConsumer First Experience
500MMonthly active users of Windows
10 in about an year
4MDoD devices moving to Windows
10
40%orgs. using EMM for portion of
Windows
Better performance over Windows 771%
Better security over Windows 761%
Cost efficient compared to Windows 740%
Source: SpiceWorks Windows 10 Adoption research
#UEM1359BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Please rank the top three EUC projects/programs, based on their priority to your company. (BASE: Customers, n=368)
Windows 10 Migration Tops End-User Computing Priorities
6
Windows 10 migration is the top priority
p/q indicates significant difference at 95% CI
64%
56%
51%
48%
29%
22%
21%
9%
Windows 10 migration
Maintain/support existing Windows 7/8 PCs
PC hardware refresh
Desktop Virtualization/VDI
Application Publishing
Enterprise Mobility Management (EMM)
Identity Management
Desktop as a Service (DaaS)
p Enterprise: 31%
p Enterprise: 57%
% ranked #1, #2 or #3 EUC priority
#UEM1359BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
#UEM1359BU CONFIDENTIAL 7
So What Are the Best Practices in Getting to Windows 10?
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practices #1: Understand that this Windows Migration is really a Transformation
#UEM1359BU CONFIDENTIAL 8
It’s a move to Modern IT Management
New Tools
Better SLAs
Better Processes
UEM
Flexible Management
Lower Costs
Modern IT
VMworld 2017 Content: Not fo
r publication or distri
bution
PC Use Cases Have Evolved
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
PC Management Has Not
• Off-network
• Modern apps
• Mobile-Cloud OS
• Device type and ownership
• New procurement and servicing
Legacy, on-premises PC lifecycle management is not designed to support these
modern desktop use cases! VMworld 2017 Content: N
ot for publicatio
n or distribution
Traditional PC ManagementFalls short for your modern OS & workforce demands
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Compromised SecuritySlow to identify non-compliance
Unreliable Software DistributionResource intensive packaging and deployment
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Poor User ExperienceLocked down experience and no self-service
Limited VisibilityPolicies and updates pending
Tra
dit
ion
al
Syste
ms M
an
ag
em
en
t
OS UpdateServers (WSUS)
Software Distribution
Servers
GPO PolicyServers
(AD)
VMworld 2017 Content: Not fo
r publication or distri
bution
Annual Cost: $2,800 - $4,500Labor: 75 percentCapital: 25 percent
Management Complexity vs. Available Resources
Management complexityAvailable resources
Labor
Technologyand best practices
Close the gap
Time
Increasing
The Corporate Desktop
EU Ops40%
Capex20%
Admin15%
Support25%
EU Ops Capex Admin Support
Best Practice #2: Realize that Traditional PC Management is Expensive!
#UEM1359BU CONFIDENTIAL 11
VMworld 2017 Content: Not fo
r publication or distri
bution
IT Staff Efficiency: Deploying Windows 10
Current State of IT
OS migration impacts IT and end-user
• Tech heavy with significant time and costs
• User downtime and experience
Future State of Windows Management
• Move away from complex imaging processes
• Get users up and running quickly
• Out of the box and over the air deployment workflows that save IT time and money:
#UEM1359BU CONFIDENTIAL 121 Gartner (XP to 7 migration)
$1,930 per device cost of OS deployment1
Azure AD Join
(OOBE)
Workspace
ONE Adaptive
Enrollment
Self-service
via
AWagent.com
Runtime / Bulk
Provisioning
VMworld 2017 Content: Not fo
r publication or distri
bution
Unified Endpoint ManagementEnables a modern approach to PC management
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Security Across NetworksBacked by a powerful compliance engine
Scalable Software DistributionFrom the cloud, eliminate physical infrastructure
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Better User ExperienceSelf-service and peak user experience
Real-time VisibilityPolicy and updates in seconds, not months
Un
ifie
d E
nd
po
int
Man
ag
em
en
t
Store B
Configuration, Apps,
Updates, Security
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practices #3: Picking the Right Version of Windows 10
#UEM1359BU CONFIDENTIAL
Windows Insider Preview (WIP)
• Target audience are enthusiasts and early testers who are willing to provide feedback
• IS NOT for Production use!
• Fast Ring gets more frequent but unstable releases
• Slow Ring gets less frequent but more stable releases
• Enrolled PCs in WIP are either on Fast Ring or Slow Ring
Semi-annual Channel (SAC)
• Target audience are business computers for production
• Designed for most common scenarios/devices/applications
• Each SAC release is available for 18 months
• 1st phase of SAC is known as Pilot, which is typically available for 3 months
• Pilot phase moves to Broadphase, which is when SAC goes mainstream (approx. 3-4 months after release)
Long-Term Servicing Channel (LTSC)
• Provides new versions that do not include all Windows 10 features
• Intended for limited use where stability is needed for years (ex. Medical devices, IoT)
• NOT for laptops or desktops!
• Updates are delivered every 2-3 years
• Mainstream support is 5 years and extended support is 5 more years
• Updates are referred to as Quality updates (bug fixes, security patches)
14
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #4: Putting the Right Team Together
#UEM1359BU CONFIDENTIAL 15
AustraliaAustralia
Asia
Europe
Desktop
Architect
Project
ManagerChief
Architect
Network
Architect
(DNS/DHCP)
Deputy
Architect
Applications
Architects
Messaging
Architect
Security
Manager
Help Desk
Manager
Business
Strategist
End-User
Representative
North AmericaVMworld 2017 Content: Not fo
r publication or distri
bution
High Diversity = High Costs
Low Diversity = More Control
Form a cross-functional project team with
strong leadership
Link goals to business objectives
Evaluate the process and technology
requirements
Identify the impact on existing processes
Limit the scope
Identify service and support requirements
Communicate
Management Tools
Lock Down
Hardware Diversity
Application Diversity
Image Diversity
OS Diversity
Support
Culture
Process
Best Practice #5: Reduce Complexity through Standardization
#UEM1359BU CONFIDENTIAL 16
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #6: Plan your Work, then Work your Plan
#UEM1359BU CONFIDENTIAL 17
Assign Project Manager
Understand Requirements
Set Policy
Set Goals
Build Business Case
Secure Funding
Assign Chief Architect
Build Migration Team
Evaluate Need for BYO
Train Team
Evaluate Management Tools
Evaluate Migration Tools
Train Administrators
Train Help Desk
Prepare User Training
Arrange for Extra Support
Survey Pilot Users
Run First Pilot
Survey Pilot Users
Tally Surveys – Check Goals
Build a Communication Plan
Run Additional Pilot(s)
Begin Migration
Create Documentation
Inventory of PCs
Analyze Users to be Migrated
Application Portfolio Analysis
Test Applications
Understand Org. Groupings
Understand User Classifications
Conduct Skills Assessment
Build a Project Plan
Catch-up Fridays
Redefine Support Roles
Build Prototypes
Set Pilot
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #7: Learn about the Different Approaches to a Windows Migration
#UEM1359BU CONFIDENTIAL 18
Cost
Complexity
In-Place
Upgrades
VDI
PC
RefreshRe-image
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #7: Learn about the Different Approaches to a Windows Migration
#UEM1359BU CONFIDENTIAL 19
Cost
Complexity
In-Place
Upgrades
VDI
Re-imagePC
Refresh
Pros:Vendor supplied; latest from OEM; over the air updates; clean
Cons:Costly; bloatware; generic image likely incomplete
VMworld 2017 Content: Not fo
r publication or distri
bution
PC
Refresh
Best Practice #7: Learn about the Different Approaches to a Windows Migration
#UEM1359BU CONFIDENTIAL 20
Cost
Complexity
VDI
Re-image
Pros:Easy*; no data/app deployment issues; quick; non-disruptive
Cons:App compat; “old” management; baggage of config/bloat/users; mixed results w/TPMs
In-Place
UpgradesVMworld 2017 Content: Not fo
r publication or distri
bution
In-Place
Upgrades
PC
Refresh
Best Practice #7: Learn about the Different Approaches to a Windows Migration
#UEM1359BU CONFIDENTIAL 21
Cost
Complexity
VDI
Pros:Clean; latest/greatest; modern config; “tested” image
Cons:Time consuming; heavy/hard workload; new/different not always good
Re-image
VMworld 2017 Content: Not fo
r publication or distri
bution
Re-image
In-Place
Upgrades
PC
Refresh
Best Practice #7: Learn about the Different Approaches to a Windows Migration
#UEM1359BU CONFIDENTIAL 22
Cost
Complexity
Pros:Generic Windows; IT controlled; relatively static; pristine; predictable
Cons:Complex to setup; infrastructure requirements; more costly than a PC
VDI
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #8: Embrace the New, Eliminate the Old
#UEM1359BU CONFIDENTIAL 23
Function/
Area
Migration
TypeDO… Do NOT…. Why?
BIOS/
Partition
In Place Convert to UEFI and GPT Stay on BIOS and
MBR
Better Security, New HW Features,
easier updates, more flexible,
expandable
Existing
Migration Tools
In Place,
Re-Image
Use MS/VMW tools,
existing PCLM tools
Forget to include AW
agent in the distro
Migration tools can be used to bridge
to modern EMM management that
Win10 offers
New Install PC Refresh Use Runtime provisioning,
OOB deployment, XML
scripting, and embed AW
agent
Build new Images Dynamic provisioning is more flexible,
easier, and is a simpler process than
master/gold images
Skills All Learn UEM and Modern
Management techniques
Migrate away from
device dependent
mgt.
UEM is more dynamic and addresses
diversity/complexity at scale
People All Unify mobile/PC teams Maintain silo’d
organizations
Silo’d organizations are costly, rigid,
redundant, and inefficient
VMworld 2017 Content: Not fo
r publication or distri
bution
Windows 10 and VDI: Persistent and Non-Persistent Options Abound
#UEM1359BU CONFIDENTIAL 24
+
INSTANT CLONES
Data/Files
User 1
Personalization
User 1
Data/Files
User 2
Personalization
User 2
USER DATA
+
CORPORATE APPS
Simplified, consistent
management
No patch maintenance
window
Provisioning on-demand
Space efficient
Non-Persistent Desktops Persistent Desktops
VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #9: Use Simple Application Provisioning
#UEM1359BU CONFIDENTIAL 25
No packaging, no sequencing, no streaming. Simply install applications natively.
Provision applications as easily as installing them.
2Mount the AppStack
and install applications. 1
Create a new,
empty AppStack.
3 Provision the AppStack.VMworld 2017 Content: Not fo
r publication or distri
bution
Best Practice #10: Embrace Modern IT and UEM
Comprehensive unified endpoint management (UEM) features transforming the way IT manages Windows 10
Self-Service Access & SSO
Co-exist with Systems
Management
Deploy Updates Off the Network
Device HealthAttestation
Win32 AppLifecycle
Management
Instant Push Configuration for Policies
GPOs On or Off the Domain
Windows Information Protection
Patch Auditing
Granular Updates
Management
5. Client Health & Security
3. OS Patch Management
4. SoftwareDistribution
2. ConfigurationManagement
1. MDM for Windows
Asset Tracking
Device and OS Lifecycle ManagementApp Management and
DeliveryEnd-to-end Security
Management
App Inventory
BitLocker Encryption
Enterprise App Store
Imageless Provisioning
In-place or custom image
migration
Modern Management
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Intelligent Insights and Rules Engine
BIOS Management
DeliveryOptimization
AutomatedCompliance
VMworld 2017 Content: Not fo
r publication or distri
bution
Simplify Migration to Windows 10 and Modern Management
27
VMware AirWatch
AirWatch In-place Upgrade Tool for Dell Windows 10 Devices
AirWatch SCCM App Migration Tool for Windows 10
AirWatch GPO Migration Tool for Windows 10
VMware AirWatch Unified Endpoint Management Migration Toolkit (MTK)*
* Download the free tools today at https://code.vmware.com/
Migrate policy and app packages
Company Image AirWatch Agent
+Re-image
Provisioning PPKG AirWatch Agent
+
SC
CM
Win
7/8
VMworld 2017 Content: Not fo
r publication or distri
bution
Top 10 Migration Pitfalls
#UEM1359BU CONFIDENTIAL 28
10. No Business Unit Buy-In
9. Single Project for all Migration Types
8. Underestimating Complexity Leads to Shortfall in Time or Money
7. Project Stuffing Without Additional Time or Budget
6. Continuous Migrations With No Breaks
5. Do not Measure Progress and Success
4. No Business Plan
3. Not Enough Application Testing Time
2. Quest for Homogeneity
1. Political Issues Delay Project or Lead to Bad Decisions
VMworld 2017 Content: Not fo
r publication or distri
bution
Other Migration Best Practices
Process
TestPlan
Justification
Measure ROI and TCO
Aligns with IT Strategy
CommunicationPlan
Start outside of IT
Define Stated Goals
Training (IT and Users)
Adherence to Standards
Embrace New Tools and Methods
Implementation Plan
2017
Avoid Executives
Meet Early and Often
Hyper-Support
Pilot
Test Test Test
Provide ConciergeService
Keep it Manageable
Be There
#UEM1359BU CONFIDENTIAL 29
VMworld 2017 Content: Not fo
r publication or distri
bution
Final Thoughts….
30
• Recognize that change is hard!
• UEM is the next new frontier in management
• Rely on both internal and external resources
• Understand the priority as compared to other IT initiatives
• Establishing positive credibility is key
#UEM1359BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
Ways to Learn More
Sessions
• SIE3197BU - Secure Your Windows 10 and Office 365 Deployment with VMware Security Solutions - 8/29 5:00pm
• UEM1827BU - Cut the Cost with Cloud-First, Scalable Windows Software Distribution -8/30 12:30pm
Meet the Expert
• Stop by our booth
• MTE4825U - Mobile and Desktop Converge with Jason Roszak - 8/30 10:15am
32
Group Discussions
• UEM2931GU - Big Mobile Device Management and Mobile Application Management Deployment Data: What We Have Discovered and How We Have Responded - 8/30 3:30pm
Content
• www.workspaceone.com
• www.airwatch.com/solutions/windows
Hands-on Labs
• Stop by our hands on labs at VMworld
• https://www.vmware.com/try-vmware/try-hands-on-labs.html
ASK THE EXPERTS
#UEM1359BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution