virtual techdaysINDIA │ 22-24 November 2010

Microsoft IT: Windows 7 Deployment Made Easy

Aviraj Ajgekar│ Technology Evangelist │Microsoft CorporationBlog: http://blogs.technet.com/aviraj │ aviraj@microsoft.com

Microsoft IT: Windows 7 Deployment Made Easy

1) Windows® 7 Microsoft® Information Technology (IT) Deployment Overview:

Installation Scenarios and Image BenefitsWindows 7 Image ArchitectureImage DesignImage Setup ProcessMicrosoft Environment Overview Microsoft IT Windows 7 Deployment MetricsMicrosoft IT Approach

 2) Why Microsoft IT Uses Windows 7:Improving Security with Windows 7Hardware RequirementsScenario-focused CommunicationsBitLocker™ Drive Encryption & DirectAccessHelp Desk and SupportabilityLine-of-Business (LOB) Application Compatibility

3) Keys to a Successful DeploymentIT Showcase Videos on Windows 7Microsoft Desktop Optimization Pack (MDOP)Modena: Operating System Deployment (OSD) at Microsoft

4) Resources

5) Q&A

Agenda

Installation Scenarios and Microsoft IT Image Benefits

Benefits of the Microsoft IT image:Clean installationIncludes data migration using the Windows User State Migration Tool (USMT) Structured, simple processSupported by IT, key drivers are tested!Complete installation in 2 hours, with Microsoft Office productivity appsOperating System (32-bit and 64-bit) with driver payload and applications

Installation Scenarios

Installation with Data Migration(Recommended

)

Clean InstallationWindows Vista®

Upgrade

Large campus

Windows Deployment

Services

Windows Deployment

ServicesFlat file

Medium site

Windows Deployment

Services

Windows Deployment

ServicesFlat file

Small site/ Remote

ISO ISO ISO

Windows 7 Image Architecture

Image DeliveryWindows Deployme

nt Services

ISO/USB

OSD

Factory Image

Microsoft IT Image

Documentation

Branding

Task SequencerApplications and Settings

Drivers Payload

Maintenance Scripts

Base Operating Systemunattend.xml

oobe.xml

QFEs / Patches

Boot drivers

USMT – Hard Link

Migration

Image Design

boot.wim

Boot critical drivers

USMT (optional)

install.wimBoot critical drivers

Driver payload

Driver Payload / Task Sequencer

Registry changes

Applications• Microsoft Office 2010 RTM (MUI)• Microsoft Office Communicator 2007 R2• ISA Firewall Client• IT Connection Manager (VPN)• Smart card modules• Microsoft IT Welcome Center• Microsoft IT branding (logo, background, etc.)• Windows Mobile® Device Center 6.1• Microsoft Silverlight™ 3.0• Adobe Acrobat Reader 9.2• Adobe Flash Player 10• MSW, ITWeb, Bing search connectors• FastHelp, Bing desktop gadgets• Token Activation License

System-specific drivers

Energy Star 4.0–compliant power settings

Language Packs (EN-US, DE-DE, FR-FR, JA-JP, ZH-CN)

unattent.xml

oobe.xml

Image Setup Process

7

Windows PEPnP

(text)

Restart

Operating system

OOBE(GUI)

Task sequencin

g

Restart

System

ready

Microsoft Environment Overview

Puget Sound37,213

Population

North America15,105

Population

Latin America2,235

Population

Europe Middle East and Africa

18,893Population

Asia 14,839

Population

Help desk–supported Languages

Microsoft Offices in 105 countries89,000 employees globally70,000 vendors globally220 Windows deployment servers and product servers globally on a virtual server infrastructureUsers supported by 5 call centers globally

Afrikaans Chinese Simplified Japanese Estonian Turkish Korean Polish Slovak UkrainianArabic Chinese Traditional Czech Finnish Hebrew Latvian Portuguese Spanish Urdu

Armenian Creole Danish French Hungarian Lithuanian Romanian Swahili VenezuelanBosnian Croatian Dutch German Icelandic Macedonian Russian Swedish

Bulgarian Italian English Greek Kazakhstani Norwegian Serbian Turkish

Windows 7 Deployment Metrics

As of October 2009, Windows 7 RTM installed on 84,000 client computers

Microsoft BranchCache™ has been deployed at 28 regional sites Cumulative installations from beta to RTM exceed 144,000

Microsoft IT Windows 7 Deployment Metrics

Hardware RequirementsOEM Category Model

Dell Notebook E6400Dell Notebook E6500Dell Notebook E4200Dell Notebook D830Dell Notebook D630Dell Notebook D620Dell Notebook D820Dell Notebook XTDell Notebook E4300HP Notebook nc8430HP Notebook nc6400HP Notebook 6910pHP Notebook 8510wHP Notebook 8510pHP Notebook 2710pHP Notebook 2510pHP Notebook 2530pHP Notebook 2730pHP Notebook 8530wHP Notebook 8730wHP Notebook 6930pLenovo Notebook X301Lenovo Notebook X200sLenovo Notebook T400Lenovo Notebook W500Lenovo Notebook T61pLenovo Notebook T60Lenovo Notebook X61Lenovo Notebook X61tLenovo Notebook X60Lenovo Notebook T61Lenovo Notebook T60pLenovo Notebook x60 Tablet Lenovo Notebook X300Lenovo Notebook X200tLenovo Notebook W700Toshiba Notebook Portégé M400Toshiba Notebook Tecra M5Toshiba Notebook Portégé R500Toshiba Notebook Tecra M9Toshiba Notebook Portégé M700Toshiba Notebook Tecra A9Toshiba Notebook Portégé R400Toshiba Notebook Portégé R600

Currently, 70% of system drivers delivered to users via Windows Update through enterprise image automationNo system BIOS updates required for global deploymentExtensive testing by Microsoft IT and Windows of the Microsoft IT three-year installation base, resulting bugs and issues being addressed and resolved:

46 portable computers by RTM, 22 desktop computers by RTM

Windows 7

Significant shift in hardware requirements from previous operating system requirementsPoor driver coverage at RTMOlder systems required BIOS updates to take advantage on new operating system and driversMany different driver sources, causing user confusion

Windows Vista Lessons

Minimum Hardware Requirement Windows Vista hardware LogoRTM Minimum Hardware Requirements:

Processor: 1 GHz 32-bit or 64-bit processorMemory: 1 GB of system memory (Microsoft 2–4 GB)Hard disk: 16 GB of available disk spaceVideo card: Support for Microsoft DirectX® 9 graphics with 128 MB of memory (to enable the Windows Aero® theme) and at minimum a Windows Vista–supported driver.

Hardware Requirements

BitLocker

Difficult to implement broadly on existing hardware without full wipe and re-partitionRequired user accessing BIOS to enable TPM 1.2Required high touch from the help desk

Windows Vista Lessons

Improvement in Windows tools for BitLockerSignificant improvement to the Drive Shrink toolMicrosoft IT–documented business rules and automation to streamline deployment

Windows 7

Tool scripts Windows 7 calls: no custom code for BitLocker:

Turn on BitLockerTake ownership of the TPMDrive Shrink and security partition creationEncryption of the drive

Focus on managing business rules and automating setup

Tool

Exclusion of Russia and China from BitLocker requirementTool enforces BitLocker compliance: future investigating NAPOpt-out process for valid business reasonsPIN policy

Business Rules

DirectAccess

Client benefits:Remote connectivity - “it just works”No VPNMore productive–“always on corpnet” vs. limitations of only mail RPC/HTTPNo long quarantine times for health checksFirewall traversal–access from hotels, customer sites, home90%+ satisfaction rates, with the highest NSAT scores (148 NSAT)Productivity gains reported in survey87% survey respondents reported instant productivity gains–every user has saved as much as 1 hour each day as a result of using DirectAccess (Small Survey Results)

IT benefits:Increased manageability, operational efficiencies, always on, proactive monitoring, and patch management Enhanced securityNAP for health validationEncryptionEvaluating potential cost savings for Internet-connected Offices (ICO) by not requiring dedicated leased lines.

IPsec and IPv6 encryption client to network edge; ultimately end to EndStrong authentication smart cards TPMCurrently piloting TPM storage of certificate with BitLocker and PIN enabledFirewall traversal via IP-HTTPSNetwork Access Protection (NAP) for client health validation, enforcement, and reporting

Microsoft IT’s remote access technologies overlapThree transport methods (VPN, TS Gateway, DirectAccess)Five publishing methods (remote access portal, TS Web portal, mobile, OWA, RPC/HTTP)User confusionHigh operational costs supporting numerous technologiesLow user satisfaction (NSAT) vs. security compliance

Remote Access IT: Approach

Results

DirectAccessServer

DirectAccessClient

Application servers

Domain Controller /DNS server

NAP/NPSServer

Intranet

Internet

RC

Beta

Pre

-beta

RTM

Oct (M3) Nov (M3) Dec (M3) Jan (Beta) Feb (Beta) Mar (Beta) Apr (Beta) May (RC) Jun (RC) Jul (RC) RTM

0 0 0

0.2059 0.2059 0.2059 0.2059

0.1772 0.1772 0.1772

0.251

15.57% 15.17% 14.26%

9.79%

12.59%11.57%

14.87%

8.43%10.26% 9.77%

5.29%

15% 15% 15% 15% 15% 15% 15%

12% 12% 12%10%

Incident Rate TrendVista Dogfood Windows 7 Dogfood Windows 7 Goal

Top Customer Pain Points

Help Desk and Supportability

Issue Classification%

Vol.Comments

Setup: help 49.7% Help with Install/ RIS/ DVD

Display driver issues 10.9%Display drivers/video drivers require updates

Configure: help Personalize computer: settings

5.9%Personalize computer/remove Windows .old

Domain user not admin.

3.0% Need admin rights

Windows fails to start correctly

3.0%Windows fails to start correctly/ unable to start

Activation (error/key needed)

2.3%Activation key needed for Ultimate editions

Domain join/trust relation

2.1% Domain join

Information requests 2.0%Generic information requests

Network printer 1.7% Printer setup/driver

Summary80.6

%

Dedicated help desk queues for dogfood Daily triage for help desk incidents and detailed root cause analysis to understand top and emerging issuesImproved IVR to drive incident volume avoidance Problem Recorder, Action Center, with troubleshooters used for help desk troubleshooting Assisted support without setup issue not offeredSupport for multiple heterogeneous graphics cardsSignificant improvement in startup, networking, and memory performance leading to better user experienceGreater out-of-the-box compatibility

Windows 7

Help desk focused around user issue resolution, not on feedback and product improvement User calls went to general dogfood support queues Minimal incident trending and call volume analysis to drive product feedback Significant call drivers:

Assisted setup without issuesSetup, activation , drivers, networking etc.Multi-monitor supportLong startup time and application sluggishnessNon-Microsoft application and device-compatibility issues

Windows Vista Lessons

Line of Business Application Compatibility

Issues were with Internet Explorer related–not operating system issues Internet Explorer 8 Compatibility View reduced issues One application with significant compatibility concerns: Currently leveraging Windows XP Mode for users with that application (in the Future, leverage Microsoft Enterprise Desktop Virtualization [MED-V]) Did over a year of real enterprise testing that resulted in a better product

Windows XP Windows Vista Windows 7Engineering Group Apps Engineering Group Apps Engineering Group Apps

AIT 143 AIT 144 AIT 81EXD - LPO 20 Field IT 88 Field IT 50RXD 19 RXD 41 Business Group Engineering 31E&D Division 16 SMD - ASM 39 EXD - LPO 19Field IT 11 EXD - LPO 30 RXD 16Clearing for App Discovery 11 E&D Division 23 SMD - ASM 14Business Group Engineering 9 EXD - OEM IT 22 Business Intelligence 14SMD - ASM 8 Business Group Engineering 18 SMD - InfoSec 6Business Intelligence 4 SMD - InfoSec 17 MSCOM 1SMD - InfoSec 3 Business Intelligence 11 MSIT Apps 1MMS Infrastructure Services 3 Clearing for App Discovery 6 EXD - OEM IT 1

MSCOM 3 MBS 5 Total 234MSIT Apps 2 MMS Infrastructure Services 5EXD - EAS 1 MSIT Apps 3Global Service Automation 1 EXD - EAS 2

MBS 1 Total 454Total 255

Individual Applications Tested (Participation)

Win

dow

s

49%vs. last wave

Multiple major milestone test passes: Consolidated test passes with Windows Internet Explorer 8 stand-aloneConsolidated testing infrastructure: Provided application teams with server-based virtual “client” sessions for testingFocused on vital few applications that exercised core infrastructure and programing methodsTested 234 applications out of 1,500 total LOB applications

Expanded testing to cover more applicationsNet results did significantly improve product quality

Windows Vista Lessons Windows 7 Approach Results

http://download.microsoft.com/download/4/e/8/4e8c1b99-54f1-4be7-8e9b-78024015848d/LOBApplicationCompatibilityTesting_TWP.doc

Keys to Successful Deployment

Seamless user experience

BitLocker

Application compatibility

User satisfaction

Costs

Modena: OSD at Microsoft

Modena: A Feature of MDT 2010

Powerful pre-flightDomain and OU selectionChecks credentials, machine ownershipVolume and backup selectionLanguage and localeSelective application deployment

Resources

Customer Ready Content for Windows 7

• Additional content on Microsoft IT deployments and best practices can be found on http://www.microsoft.com/itshowcase

• Microsoft IT Showcase Webcasts http://www.microsoft.com/howmicrosoftdoesitwebcasts

• Microsoft TechNet http://www.microsoft.com/technet/itshowcase

• Microsoft IT Showcase Windows 7 content http://technet.microsoft.com/en-us/library/bb687804.aspx

• http://blogs.technet.com/aviraj

Q & A

virtual techdaysINDIA │ 22-24 November 2010

Springboard Series

http://www.microsoft.com/springboard

The right resources, the right technical level, at the right time in your adoption lifecycle

Under which of the following tabs of the Springboard series for Windows 7 would you find a link to ebook on Essential Guidance for Deploying Windows 7: Discover & Explore, Pilot & Deploy, Manage? Send in your answer to: vtd@timeus.net

virtual techdaysTHANKS│22-24 November 2010

Email: i-aviraj@microsoft.com Blog: http://blogs.technet.com/aviraj