This is the day and now is the time. Microsoft Office 2010 is official launched today, May 12th, 2010. Looking back, it is amazing to realize how far we have come and how much impact the Office family products and solutions have been making in our everyday life, education, and businesses.
Experience It
So begin your experience with Microsoft Office 2010, Microsoft SharePoint 2010, Microsoft Visio 2010 and Microsoft Project 2010 by test-driving the new wave of business productivity with virtual labs, videos, free downloads.
Download Trials
Know It
Celebrate Together
Here I thought to share some of my favorites in PowerPoint 2010 to highlight the new in Office 2010. These features are what I now use on a daily basis to save time, carry a productive conversation, develop better content, and deliver an effective session to my audiences. Here they are.
PowerPoint Broadcasting has to be the first one to talk about since I have used it so often. It is simple to do and what a difference it can make. Anytime, either in a phone conversation, instant messaging exchange, or presentation, a few mouse clicks will enable me to broadcast out PowerPoint slides to facilitate a discussion. As needed, a viewer can use cell phone as a viewing device. It makes it easier for every one to follow and be on the same page. This feature is a must-have for those who are mobile while still need to carry out an in-depth or lengthy conversation or presentation while on the road. There are a few limitations to be aware of.
Inserting a screenshot right from PowerPoint 2010 is another great feature I can’t stop talking about. Previously I need to jump back and forth between PowerPoint and a screen capture tool and with many repetitions of copy-n-paste to get a screenshot into a slide the way I want it.
Now, just bring up your browser and go to an intended URL, then in PowerPoint simply click Insert Screenshot. It really can’t be any easier. Once the image is inserted, I also hyperlink it to the URL. In this way, during a presentation, I can always show the screenshot and if with internet access and time permitting, I will click the inserted screenshot and show the linked URL in real-time since the inserted image may be out-dated or I want to point my audiences to a particular part of the page.
This exciting milestone represents the end of development and testing. Office 2010 embraces trends in computing such as social networking and is ready for the cloud from the ground up. The launch of Office 2010 and SharePoint 2010 is on May 12th. You can pre-order Office 2010 and be among the first to get the product when it ships in June. Meanwhile, register a Launch 2010 (full-day) event or a Launch 2010 Highlight (half-day) event in a city near you. It’s an exciting time. Don’t miss it.
Office 2010 Launch Events
City
Date
IT PRO
Developer
CT - Farmington
Thursday, May 13, 2010
Register
DC - Washington *
Tuesday, May 18, 2010
FL - Miami
Tuesday, April 20, 2010
FL - Orlando *
Thursday, April 22, 2010
GA - Atlanta *
Thursday, May 20, 2010
MA - Boston *
Thursday, April 29, 2010
MD - Baltimore
Friday, June 04, 2010
ME - Augusta
Tuesday, May 11, 2010
NC -Charlotte
Thursday, June 03, 2010
NC - Raleigh
Wednesday, June 02, 2010
NJ - Parsippany
Tuesday, June 15, 2010
NY - Hempstead
Wednesday, June 16, 2010
NY - New York City *
NY - Rochester
Thursday, May 06, 2010
PA - Philadelphia *
Thursday, May 27, 2010
PA - Pittsburgh
RI - Providence **
Wednesday, June 09, 2010
* Full day Launch Events
** Community Event
The content of this post was based on Windows Server 2008 R2. However the concepts remains applicable and the implementations are much the same with those in Windows Server 2012.
The ability to deliver a desktop with full fidelity over a network, while deploying applications on demand and with hardware independence, is an IT reality with Windows 7, Windows Server 2008 R2, and Application Virtualization (App-V) which is part of Microsoft Desktop Optimization Pack (MDOP). This screencast highlights how these three amazing technologies work as a solution platform, by demonstrating key user scenarios. Notice that if to implement the VDI solution in a Windows 2003 functional level domain, one must extend the AD schema to Windows Server 2008 level.
For more information, I have also published a number of blog posts and screencasts on Microsoft virtualization solutions including:
<Back to Part 1>
Recognizing “workspace” is a key concept for a user to become productive with SPW 2010, I want to focus on the three types of workspaces available in SPW 2010. They are:
Regarding software requirements, a SharePoint Workspace in SPW 2010 can synchronize only with a site running on Microsoft SharePoint Server 2010, SharePoint Foundation 2010, or SharePoint Online servers. While a SharePoint Files Tool in Groove 2007 can synchronize with a SharePoint document library running on Microsoft Office SharePoint Server 2007, Windows SharePoint Services, and later.
SharePoint Workspace
SharePoint Workspace in SPW 2010 is a new construct allowing a user who is also a SharePoint content owner to acquire a “local and personal” copy of selected libraries and lists of a SharePoint site. The user can work on the content locally and SPW 2010 will synchronize the changes automatically and on demand with those libraries and lists in the SharePoint site.
When there is connectivity, the changes made to the local copy of libraries and lists are automatically synchronized with the corresponding items in an associate SharePoint site. SPW 210 treats all local changes as high priority and initiates an immediate synchronization with SharePoint. When there is no connectivity, changes made in SharePoint workspaces are stored locally. The changes made offline are synchronized automatically the next time the user connects to the server.
The synchronization between a SharePoint Workspace and the associated libraries and lists of a SharePoint site is bi-directional. Consequently SPW 2010 introduces changes made in a SharePoint Workspace to SharePoint; SPW 2010 also brings in changes made directly in SharePoint by other authorized users to the SharePoint Workspace. The bi-directional synchronization is implied whenever data synchronization happens between a SharePoint Workspace and an associated libraries and lists of a SharePoint site. This two-way synchronization between a SharePoint Workspace and SharePoint is the vehicle to extend SharePoint content creation and some content management form SharePoint to desktop.
SPW 2010 is a response to the business needs of taking the content of a SharePoint site offline due to the increasing mobility in the work environment. Ultimately, a SharePoint Workspace is a “personal” copy of libraries and lists of a SharePoint site that a content owner chooses to take offline. The term, personal, here indicates a noticeable departure of work pattern in SPW 2010 from that in Groove 2007. The following explains.
The SharePoint Files Tool in Groove 2007 is a “tool” in a workspace and not a workspace by itself. A SharePoint Files Tool synchronizes with a target SharePoint document library. And the members of a Groove 2007 workspace where a SharePoint Files tool is added can by default access the content of this tool, i.e. a local copy of an intended SharePoint document library, unless the permissions of the tool are altered within the workspace. On the other hand, a SharePoint Workspace in SPW 2010 is not a tool in a workspace, but a workspace by itself, and has one and only one member, the user who creates the SharePoint Workspace. A user share the changes made in a SharePoint Workspace with other authorized SharePoint users by content synchronization with the corresponding items in a related SharePoint site.
In other words, a SharePoint Workspace is intended for the content owner to have anytime access and can (check out as needed and) work on the content without the need to maintain connectivity with SharePoint. A SharePoint Workspace is nevertheless NOT intended for sharing content; the sharing should still go through synchronization with SharePoint, i.e. via SharePoint infrastructure and security model. While in Groove 2007, it is a different concept: the workspace construct and its tools including SharePoint Files Tool are solely for sharing with workspace members. There are also other implications, like data encryption, that SPW 2010 users and those who are used to Groove should be aware of. The following is a table depicting the encryption in SPW 2010 as published in SPW team blog.
Another important distinction of SPW 2010 from Groove 2007 is that a SharePoint Workspace in one computer DOES NOT synchronize across multiple computers where the same SPW 2010 account is restored. A user will need to create a SharePoint Workspace on each computer, although the user’s SPW account is restored in each computer and the SharePoint Workspace in each computer synchronizes with the same libraries and lists of a SharePoint site. While in Groove 2007, a workspace is automatically synchronized to all computers in which the same user account is restored.
One obvious reason to create a SharePoint Workspace is to have offline access to SharePoint content. Additionally, many may prefer working in a SharePoint Workspace, instead of accessing and administering SharePoint content via a browser, because the tools in a SharePoint Workspace provides a quick and easy navigation among libraries and lists, as compared with working directly on SharePoint sites using a Web browser. For example, changing the folder structure in a SharePoint Workspace is simple and very similar to the operations in Windows Explorer, while the same changes made directly in a SharePoint site using a browser interface will require some operational knowledge in SharePoint administration. Also one can switch among lists and libraries in a SharePoint Workspace by clicking with the mouse, which is essentially instantaneous. While the same context switching using a browser may result in reloading web pages, which is relatively slow and tedious. For a system administrator managing libraries and lists in multiple SharePoint sites, one can create local copies of those libraries and lists with corresponding SharePoint Workspaces, and organize them in the Launchbar as shown (and followed by right-clicking or simply dragging an intended SharePoint Workspaces to desktop to create shortcuts) for quick access and easy navigation. And as changes are made, synchronize the content with SharePoint. This also gives a consistent user experience in managing SharePoint site content, regardless if a user is online or offline.
In simple terms, a SharePoint Workspace gives a content owner and only this content owner access to a local copy of SharePoint libraries and lists at any time, whether there is connectivity with the associated SharePoint site or not. The simplicity and familiarity of performing many standard tasks, like folder arrangements, adding new items to lists and libraries, etc. also allow a user to focus more on the quality, and less on the specific operational requirements of managing and producing SharePoint contents.
Creating SharePoint Workspace
Two ways there are. Directly from SharePoint Site Actions, a user can click Sync to SharePoint Workspace as shown below to create a local copy of the site content for synchronization. Or a user can create a SharePoint Workspace form the Launchbar and in the process the user must specify the web address of and be authenticated by an intended SharePoint site.
Here it shows the content in a SharePoint Workspace can optionally be checked out to avoid editing conflicts with other people who have access to the same content on the SharePoint site.
Unsupported Content Types
SPW 2010 does not support all SharePoint sites. And not all content types of SharePoint lists and libraries as shown below are supported in SPW 2010 either. Calendar, survey, and Wiki are, for example, non-supported types. A SharePoint site with a content type not supported by SPW 2010 will not have the option to “Sync to SharePoint Workspace” in SharePoint Site Actions.
Deleting SharePoint Workspace
This operation removes the local copy of SharePoint content; this deletion has no effect and does not delete the corresponding content stored on a SharePoint site. After deleting a SharePoint Workspace, one can create a new SharePoint Workspace referencing the same SharePoint content. This is sometimes a quick fix for a SharePoint Workspace in an unknown state.
Coauthoring SharePoint Content
Office 2010 introduces “coauthoring,” a long-waited collaboration feature. Although coauthoring is and should be a topic by itself, a brief discussion is here to highlight some exciting scenarios using SPW 2010 as described below:
So the settings are: SharePoint 2010, SPW 2010, and Word 2010; and the document is stored in SharePoint. All authors use a SharePoint Workspace to acquire a local copy of the document. All authors can make changes to the document regardless if there is connectivity between SPW 2010 and SharePoint 2010. All authors synchronize the changes made locally via the SharePoint Workspace.
Here, a SharePoint Workspace is the synchronization vehicle, the platform for co-authoring SharePoint document without the concern of network connectivity. The operational model is to have multiple clients synchronize with a centralized copy in SharePoint and not a direct peer-to-peer synchronization.
This coauthoring scenario gets even more exciting when the OS platform is Windows 7 and the machine is configured as a DirectAccess client. DirectAccess allows a DirectAccess client to connect to a private network securely without VPN. Basically whenever there is internet connectivity, a user can connect to corporate domain network. And with internet access, the coauthoring with synchronization can then happen anytime, anywhere, and on any network with a DirectAccess client
Virus Scanning
SPW 2010 has a security option to scan all incoming and outgoing files to protect against viruses. This virus scanning feature is supported if you are running Norton AntiVirus Personal Edition 2002 or higher. However the virus scanning feature is not supported, if you are running Norton AV Corporate Edition or Sophos Anti-Virus.
Groove Workspace
This is the original workspace type in Groove 2007, before the product name changed to SPW 2010. When creating a new Groove workspace in SPW 2010, a user can choose between 2010 (the default) and 2007 versions. Each workspace version has a different set of productivity tools like Documents, Discussion, and Calendar. A member of a 2010 workspace must be running SPW 2010. All members of a 2007 workspace must be running Groove 2007 or later.
With Groove workspaces, one can collaborate beyond organization boundaries with external partners and offsite team members. Groove workspaces in SPW 2010 continue to leverage the peer-to-peer features as those functioning in Groove 2007. Those having used Groove 2007 before can expect much similar, if not identical, Groove functionality in SPW 2010.
Within a Groove workspace, the content is by default synchronized automatically to all workspace members. When a member is online, all inbound and outbound messages (i.e. application and user data) are immediately received and sent, respectively. When a member is offline, all inbound messages are queued in the Groove Server Relay designated for the user and all outbound messages are stored locally. A discussion of Groove infrastructure and deployment models is available elsewhere and far beyond the scope of this article.
In a workspace created in Groove 2007, the SharePoint Files Tool which can synchronize with and only with a target SharePoint document library is available. However, in a Groove workspace with the 2010 version created in SPW 2010, there is no such tool.
The above shows tools added by default to a 2010 version of Groove workspace include Documents, Discussions, and Calendar. There is no SharePoint Files Tool in the workspace tool set.
The above shows tools added by default to a 2007 version of Groove workspace are Files and Discussion. The SharePoint Files Tool is included in the workspace tool set.
A frequently asked question about a Groove workspace is the size limitation. One can check the workspace properties to find out the current workspace size. For optimal performance, limit the size of a Groove workspace to 2 GB or less. In fact, SPW 2010 by design cannot send/replicate a Groove workspace exceeding 2 GB to new invitees.
The automatic content synchronization of a Groove workspace among members and user routines in SPW 2010 are very much the same with those in Groove 2007. For peer-to-peer collaboration using Groove, a Groove infrastructure based on Groove PKI needs to be in place. For those who are not familiar with how Groove 2007 works and would like to know more, the following information may be helpful.
Workspace Invitation
There are ways: using instant messaging within SPW 2010, via Outlook, and as a file to deliver a workspace invitation. One operational detail a user should be aware of is: if to invite others with a workspace invitation file, the workspace can be sent, i.e. replicated, to an invitee only from the SPW 2010 device on which the invitation file was created. Needless to say, the workspace will not be sent to invitees other than when that SPW 2010 device is online.
Shared Folder
As an alternative to a Groove workspace, one can create a Shared Folder which is visible to Windows file system across all computers on which the same user account is restored. Because the content is exposed to local Windows file system, a Shared Folder is searchable. Previously in Groove 2007, Shared Folder did not supported in 64-bit OS. It is now in SPW 2010.
This article is for readers who already have some experience with Microsoft Office Groove 2007 (Groove 2007) to better understand the usage, business values, and limitations related to the new feature, SharePoint Workspace, in SPW 2010. Those who are not familiar with how Groove 2007 works should first reference resources listed under Groove Workspace in Part 2 of this article.
As part of Microsoft Office 2010 Professional Plus, SPW 2010 brings much-needed SharePoint capabilities into the desktop. A key feature in SPW 2010 is the ability to synchronize SharePoint libraries and lists. Taking SharePoint content offline and synchronizing the content automatically and as needed is probably one of the most requested features in Office since the introduction of SharePoint Files Tool in Groove 2007. The SharePoint Files Tool in Groove 2007 can synchronize data with and only with a SharePoint document library. With SPW 2010, a content owner can create a so-called SharePoint Workspace and maintain a local copy of SharePoint libraries and lists and synchronize them with the corresponding items in an associated SharePoint site. SPW 2010 is the rich client for SharePoint 2010. And the relationship between a SharePoint Workspace and SharePoint is similar to how Outlook relates to Exchange.
There are other important changes introduced in SPW 2010. The Ribbon, shown below as the UI, provides a user experience that is consistent across all solutions in the Office family. InfoPath 2010 is now the form designer for all forms in SPW 2010. Both Discussion and List tools in SPW 2010 are based on InfoPath. In the Documents tool, users now can drag and drop items like they do in Windows Explorer. For quick and frequent access, a user can drag a SharePoint Workspace to the desktop. To simplify the log-in process without compromising security, SPW 2010 now provides an SSO experience, employing Windows credentials to authenticate a user.
SPW 2010 can be considered as new capabilities (including Ribbon and SharePoint Workspace) and most Groove 2007 features together, and essentially a two-in-one package. SPW 2010, in my opinion, signifies a major, strategic investment from Microsoft in data synchronization with SharePoint. For those who live to Groove and Groove to live, yes, most Groove functions and features are still available within SPW 2010 and life is good. Above all, SPW 2010 is to effectively address the business needs for accessing libraries and lists of a SharePoint site offline with a rich desktop client, while maintains high mobility for collaborating in a dynamic, ad hoc fashion with team members who are both within and outside of an organization.
Notice that there are products and features which are NO LONGER AVAILABLE in SPW 2010, including:
More specifically:
One interesting fact in SPW 2010 is workspace members can only be promoted. This rule applies to any workspace member who is uninvited from a workspace and then re-invited to the workspace. For example, a participant who is uninvited from a workspace can be re-invited to the same workspace only as a participant or manager. (Continued in Part 2)
State
Date/Reg. Link
Presenters
FL
Miami
Yung Chou
John Baker
Orlando
MA
Boston
Dan Stolts
Bob Hunt
NY
Rochester
ME
Augusta
Blain Barton
New York
CT
Farmington
DC
Washington
GA
Atlanta
PA
Philadelphia
Pittsburgh
MD
Baltimore
NJ
Parsippany
Hempstead
Tampa
Thursday, June 29, 2010
Windows 7 RC Expiration
Support for Windows Vista RTM Ends
Support for Windows XP SP2 and Windows 2000 Ends
Updating your Windows 2000, Windows XP, and Windows Vista–based PCs before the end of mainstream support dates will ensure that your PCs stay supported and receive security updates. Migrating to Windows 7 provides the longest support lifecycle for your organization, helping to ensure protection, support, and timely updates.
End of Support
Visit our new End of Support center when it goes live Feb 18th @ www.microsoft.com/eos. For more information on Windows 2000 and Windows 2000 Server End of Support visit Windows 2000 End of Support Solution Center.
Testing/Evaluating Windows 7 and More
There are a number of downloads providing a great opportunity for you to test/evaluate a full version of Windows 7 Enterprise, and a number of solutions as well:
The TechNet team at Microsoft is planning some big changes to the TechNet web site over the next few months.“TechNet 2.0” or “TN20” for short is the project called.
TechNet 2.0 is a continual effort to improve the way how Microsoft audience discover information, the presentation of content with better quality and timeliness, and the invitations for participating in the site. In other words, improved user experience, better discoverability, and increased participations are what TN20 is hoping to achieve.
To find out more of TN20, Keith’s has a blog series details the exciting changes coming.
The main delivery of App-V 4.6 is 64-bit supportability. The rest product features and functions are much the same, if not identical, with those of App-V 5.1 SP1.The following shows App-V 4.6 Windows Desktop Client and App-V 4.6 Client for Remote Desktop Services (or Terminal Services) installed in a 64-bit operating system.
Notice this 21-minute screencast is not a tutorial of App-V 4.6. The viewers are expected to be already experienced with App-V and familiar with App-V infrastructure. The presented App-V user experience is based on a server-based deployment scenario with a full App-V infrastructure with packages streamed in RTSPS over port 332. Using RTSPS provides high security since the communication between App-V Servers and Clients is signed and encrypted. The following table depicts the methods for deploying virtual application packages to terminal servers and Windows desktops. In the screencast, I employed an App-V Management Server with local SQL Server 2008. The demo environment consists of virtual machines running within my laptop which is a Windows Server 2008 R2 with Hyper-V role added.
Source: Application Virtualization 4.5 for Terminal Services
The configurations of the demo environment is highlighted in the topology diagram shown below. Here contoso.corp is an Active Directory domain with an App-V infrastructure of the following components.
To minimize the number of virtual machines needed, I installed App-V Management Server, App-V Admin Console, and SQL Server 2008 in the domain controller, dc.contoso.corp. While App-V 4.6 Terminal Services (App-V/TS) Client was installed in the Remote Desktop Session Host (RDSH), app.contoso.corp. And App-V 4.6 Windows Desktop Client was installed in a managed Windows 7 desktop, w7ent.contoso.corp. The domain, contoso.corp was configured with DirectAccess with w7ent as a DirectAccess client.
In the demos, I first talked about how the demo evironemnt is configured. And with the App-V default application which is the test application installed with App-V Management Console, I added domain admins as the authorized users to verify the readiness and correctness of the App-V infrastructure. Later I used a test account, alice, to test the streamed App-V applications. Notice the demo environment was constructed to mainly present the user experience of App-V 4.6 with minimal complexity. No attempt was made to optimize the performance, server placement, or user profile management.
Additional resources on App-V:
For those who would like to try and get familiar with Windows 7 and Windows Server 2008 R2, follow the following links to download, install, and test it out. Here I also include the download information of Forefront and System Center which are essential for securing and managing enterprise infrastructure.
The US TechNet events for this quarter are open for registration. There are: one focus – you; two presenters - the good and the better looking, not listed in order however; and three topics - Azure, Hyper-V, and Windows 7 deployment. There will be a lot of fun, serious learning, and geeky conversations. You do not want to miss it.
Call to Action
If you would like to subscribe TechNet Plus, do not pay the full price now. Go to the personal blog of or simply email your regional IT Pro Evangelist and look for a promotion code (for instance, TNITE10) to get 28% off. This promotion is good till 03/31/2010.
For US east region, here is a list for all scheduled events. Click the city name to link to registration page and the speaker name to one’s personal blog. Look forward to seeing you all.
TechNet US East Region Events
State - City
Speakers
PA - Philadelphia
Tuesday, February 23, 2010
Yung Chou,
VA - McLean
Thursday, February 25, 2010
GA - Alpharetta
John Baker,
NJ - Edison
Tuesday, March 02, 2010
Bob Hunt,
Wednesday, March 03, 2010
NC - Charlotte
Friday, March 05, 2010
FL - Orlando
Tuesday, March 09, 2010
Blain Barton,
MD - Towson
Wednesday, March 10, 2010
FL - Ft. Lauderdale
Thursday, March 11, 2010
NY - Troy
Friday, March 12, 2010
Dan Stolts,
Tuesday, March 16, 2010
MD - Chevy Chase
Tuesday, March 23, 2010
MA - Waltham
Wednesday, March 24, 2010
NY - New York City
Thursday, March 25, 2010
Friday, March 26, 2010
This is a follow-up posting of Windows 7 BranchCache™ Explained.
BranchCache, an exciting feature introduced in Windows 7 and Windows Server 2008 R2, enables content from file and Web servers on a wide area network (WAN) to be cached on computers at a local branch office. Once BranchCache is configured, a copy of data accessed from intranet Web and file servers is cached locally within the branch office. Cached content can either be distributed across peer client computers (Distributed Cache mode) or centrally hosted on a server (Hosted Cache mode). When another client on the same network requests the file, the client downloads it from the local cache without downloading the same content across the WAN. BranchCache is to improve application response time and reduce WAN traffic.
Specifically BranchCache, as shown below, has two operating modes: Hosted Cache mode and Distributed Cache mode. Hosted Cache mode specifies a local server for caching content downloaded form a content server over the WAN. Caching occurs at the very first request from a user in a branch office. A user from the same branch office subsequently requests for the same content will establish a connection with and retrieve the cached content from the local Hosted Cache server. Host Cache mode is recommended for a branch with more than 50 clients and does require some form of infrastructure for caching and accessing the content in a local server.
Distributed Cache mode, on the other hand, is for a small branch without a local file server that can be used as a hosted cache server. This configuration caches content downloaded from a content server over the WAN at a user’s computer. Caching occurs at the very first request from a user in a branch office. A user from the same branch office subsequently requests for the same content will locate the cached content by broadcasting, and then retrieve the content from that user’s computer in the local area network. Peer-to-peer sharing is the basic idea. There is no central repository in the branch. There are no requirements for servers or services in the branch office beyond client computers running Windows 7.
Hosted Cache mode is different from the Distributed Cache Mode process since:
This screencast walked through the steps to configure and demonstrate BranchCache Hosted Cache mode with a simulated WAN environment. All virtual machines used in the screencast were running in one hard disk of a laptop with 8 GB of RAM running Windows Server 2008 R2 with Hyper-V enabled.
Additional information:
(This is a cross-posting from Windows Server Expert Blogs)
This is a follow-up posting and a continual discussion of desktop virtualization and Remote Desktop Services (RDS) relevant to Windows 7 and Windows Server 2008 R2 (WS2008R2). I highly recommend those who are not familiar with RDS taking a moment to review the architecture and know what role RDWA, RDG, RDSH, RDVH, and RDCB each is playing in serving a remote access request. Which will facilitate one’s understanding of the integration between RDS and VDI, and sets the stage for the next level of discussion in my upcoming post to go over the nuts and bolts of building a VDI solution. I wrote this article with the following logical flow in mind:
What It Is
A centralized desktop delivery solution, Microsoft Virtual Desktop Infrastructure (VDI) is. The concept of VDI is to store and run desktop workloads including a Windows client operating system, applications, and data in a server-based virtual machine (VM) in a data center and allow a user to interact with the desktop presented onto a user device via Remote Desktop Protocol (RDP). Notice VDI is part of an enterprise’s cohesive, holistic virtualization strategy across IT infrastructure to support Microsoft’s vision of Dynamic IT. VDI is not an isolated architecture, but one of the many technologies available to optimize enterprise desktops.
User Experience
A noticeable component in the Remote Desktop Services (RDS) of WS2008R2 is the availability of Remote Desktop Connection Broker (RDCB). RDCB is a native VDI connection broker to provide a unified experience for access to VDI as well as traditional session-based remote desktops. With RDCB, virtual desktops are now delivered similar to RemoteApp. For example, a user will access http://rds-all.contoso.corp/rdweb and be presented with a webpage with authorized applications and desktops, once authenticated, as shown below.
Here, three Office 2007 applications are published as RemoteApp which works very much the same with that in Windows Server 2008. In Windows Server 2008 R2 however, RemoteApp programs shown on this consistent URL can be composed from multiple sources. The RemoteApp programs shown here are not necessarily installed on the same Remote Desktop Session Host (RDSH) or Terminal Server. They can be from multiple RDSHs and Terminal Servers, yet composed and presented with the same URL. Further, the presence of a RemoteApp program is based on the access control list of a published application in RDSH. By default, all authenticated users will have access to published RemoteApp programs.
The icon, My Desktop, appears for only those who are assigned with a personal virtual desktop. The assignment can be done in RDCB, or the User object in Active Directory. When a user click My Desktop icon, a virtual desktop will be delivered to the user’s device, once the user is authenticated. The follow screen capture shows Word 2007 accessed as a RemoteApp program and a virtual desktop delivered via VDI to a user on a non-managed Windows 7 client.
The icon, Contoso Desktop, is for accessing a virtual desktop running on a VM dynamically picked from a VM pool defied in RDCB. Notice once a VM pool is defined, the icon to access a VM in the pool will show up on the RDS webpage for all authenticated users, regardless if a user has access to the pool. Both the display name of the page and the display name of the icon to access a VM pool can be easily customized in RDCB, here “Contoso Wonder LAN” and “Contoso Desktop” are both customized display names. Further information of the RDS architecture and how RDCB plays a central role in a VDI solution is available in “Remote Desktop Services (RDS) Architecture Explained.”
RemoteApp and Desktop Connection
A new feature in WS2008R2 worth mentioning here is RemoteApp and Desktop Connection which provides the ability to access to RemoteApp programs, remote desktops, and virtual desktops from the Start menu of a Windows 7 PC. In Windows 7, a user can go to Control Panel to configure it with a few mouse clicks in a friendly wizard-driven process. The URL of an intended RDS webpage and user credentials of an intended user are needed to complete the process. When RemoteApp and Desktop Connection accessing a target RDS webpage on a user’s behalf, the user will be prompted for credentials. The screen capture on the right shows the Widows 7 Start menu integrated with RDS resources published on the Contoso Wonder LAN page shown earlier. If the user deletes the settings configured in RemoteAll and Desktop Connection, the Contoso Wonder LAN and its content will be removed accordingly.
To facilitate RDS/VDI deployment, an enterprise administrator can create and distribute a client configuration (.wcx) file to a user to facilitate configuring RemoteApp and Desktop Connection. Another way is to distribute a script to run the client configuration file silently, so that RemoteApp and Desktop Connection is set up automatically when a user logs on to their account on a Windows 7 computer. The automation can be easily done, minimize operator intervention, and provide a great user experience.
With RemoteApp and Desktop Connection, a Windows 7 user can access RemoteApp programs and virtual desktops directly from the Start menu without the need to specify the RDS URL. This minimizes the user training and offers a consistent user experience on using Windows applications.
How It Works
With VDI, a virtual desktop is isolated from the client’s device and runs in a VM maintained in a data center. Here the device can be a desktop, laptop or thin client. A VDI user interacts with one’s virtual desktop through RDP which provides a rich desktop experience. Similar to session-based remote desktops (formerly known as Terminal Services), VDI provides a server session with a full-fidelity desktop environment that is virtualized within a server-based hypervisor. The premise on VDI is that all VDI users are running virtual desktops on VMs. Key technical components making VDI a reality include:
In a VDI deployment, there are two models: (1) a static or persistent virtual desktop and (2) a dynamic or non-persistent one. In static mode, there is a one-to-one mapping of VMs to users. Each user is assigned with a designated VM. Since VMs are commonly stored on a Storage Area Network (SAN) and execute on a server, a larger number of users will likely lead to significant SAN requirements.
In a dynamic architecture, on the other hand, there is only one master image of the desktop stored. All user personalization, profile, applications, etc. are stored separately from the desktop. When a user requests a desktop, a VM cloned from the master image is combined with the user’s personal data and applications dynamically delivered to the user device based on roaming profiles and App-V. This delivers a personalized desktop experience by dynamically provisioning a base image. it simplifies the overall VM management by reducing the number of desktop images maintained.
Considerations
Both RDS and VDI are core components of desktop virtualization, and they satisfy specific computing requirements and scenarios with deployment readiness and flexibility. For a remote task worker who needs to access a specific application for carrying out a well-defined task like entering data or reporting a status for time reporting, inventory update, or incident reports, etc. RemoteApp may be sufficient. A knowledge worker, on the other hand, who performs complex or unstructured routines like analyzing data, architecting a solution, design a product, writing code, troubleshooting system, etc. will likely require full access to a desktop to assure productivity, and deploying a virtual desktop is one solution.
Notice that VDI, while flexible, does require more server hardware resources than the traditional session-based remote desktop approach. In general, VDI requires an upfront investment in server and storage hardware to store and execute all needed VMs. To ensure users able to access virtual desktops, the network supporting VDI needs highly available since for a user, no network connectivity, no virtual desktop accessible. Generally speaking, the network bandwidth requirement is also expected relatively higher to support VDI than that supports Terminal Services. Virtual machine management software is also essential to manage enterprise virtual desktops, i.e. VMs, running in hypervisor hosts. On user experience, one should not expect a remote desktop or a virtual desktop to perform exactly as well as a locally installed desktop. Audio, video, and USB performance on a remote desktop may not be as rich as those directly running on or attaching to a user’s device. The fact is a rich client will always provide a superior user experience to that delivered with VDI. Overall, considerations of a Microsoft VDI solution should include, but not be limited to:
VDI Licensing
VDI essentially delivers a desktop on demand to a user device via a network connection. This is different from running a conventional desktop machine with which an OEM license is bound to hardware and cannot be dynamically assigned as VDI does. The traditional licensing has become insufficient to correctly reflect the number of licenses consumed in a desktop deployment delivered with VDI.
To accommodate new deployment scenarios, Microsoft has introduced two new offerings for VDI: Microsoft Virtual Desktop Infrastructure Standard Suite (VDI Standard Suite) and Microsoft Virtual Desktop Infrastructure Premium Suite (VDI Premium Suite). Both the VDI Standard Suite and the VDI Premium Suite are licensed per client device that accesses VDI environment, and thereby allow for flexibility of server infrastructure design and growth. Additional information on Remote Desktop Services Licensing is available.
RDS vs. VDI
Like many solutions, there are pros and cons in employing RDS or VDI, as shown below. And in my view, just like the debates on ”thick client vs. thin client” and “in the cloud vs. on premises,” I have no doubt there will also be a mix of the two, RDS and VDI, in enterprise IT in a foreseeable future. I believe what we must recognize is that business requirements should dictate a solution chosen.
Why VDI
Since virtual desktops delivered by VDI are VMs running in a data center, enterprise IT can realize all the benefits of centralized desktop management. Strategically, VDI enables enterprise IT to
VDI is not for every user but provides deployment readiness and flexibility for specific scenarios including:
Best Practices for VDI
Segment desktop users and categorize user requirements to better understand user scenarios. Assess who can benefit from centralized desktops, and with what kind of business benefits.
Centralizing desktops can be implemented using RDS, VDI, or a combination of the two. And user requirements should determine which is best fit.
Separate applications from desktop image, dynamically provision desktop applications based on user, and minimize the number of desktop image. One solution is to employ Microsoft App-V/TS or App-V for Terminal Services with a VDI solution. Further discussion of App-V/TS will be in my upcoming blog and beyond scope of this article.
Closing Thoughts
We must be aware that running virtual desktops does not eliminate licenses or IT management costs. And it may be a challenge to prove the TCO reduction with an emerging technology like VDI which uplifts IT’s capabilities to a new dimension by fundamentally changes how desktops and applications can be deployed and managed like a service using virtualization.
“Service” sometimes can be a very scary term. For decades, enterprise IT has been delivering services to its customers. Today, we are still learning and debating how to quantify and put a business value to IT services. VDI, in my view, is a service and I am almost hearing “everything as a service” now. To ensure a success and realize business benefits of a VDI solution, a baseline is integral and should be first established. As discussed earlier, VDI works well for some scenarios, and there are times VDI may not be the most cost-effective way, nevertheless it is a solution with most predictability to succeed. The key is to be clear on what a VDI solution is trying to achieve and, as critical, identify: what to measure, where to draw a line, and on which direction an organization is heading. Although it sounds a common sense and like project management 101, in a VDI project basics are critical. And I here predict:
I have already seen VDI and other virtualization technologies like App-V and RDS bringing new opportunities and challenges to many of us. Going forward I believe VDI will continue having an impact on how you, I, and organizations perceive IT and carry out an IT business. As cliché as it sounds, this is an IT transformation from an infrastructure-focused deployment to physical devices into a dynamic and user-centric approach with virtual desktops. Perhaps, this is what I am really saying:
In Windows Server 2008 R2 (WS2008R2), Terminal Services (TS) has been expanded and renamed to Remote Desktop Services (RDS). RDS is the backbone of Microsoft's VDI solutions. And in Windows Server 2012, RDS is further enhanced and with a scenario-based configuration wizard. Still the concept and architecture remain very much the same since WS2008R2. The new and enhanced architecture takes advantage of virtualization and makes remote access a much flexible solution with new deployment scenarios. To realize the capabilities of RDS, it is essential to understand the functions of key architectural components and how they complement one another to process a RDS request. There are many new terms and acronyms to get familiar with in the context of RDS. For the remainder of this post, notice RDS implies the server platform of WS2008R2 and later, while TS implies WS2008.
There are five main architectural components in RDS, as shown, and all require a RDS licensing server. Each component includes a set of features designed to achieve particular functions. Together, the five form a framework for accessing Terminal Services applications, remote desktops, and virtual desktops all with WS2008R2 capabilities. Essentially, WS2008R2 offers a set of building blocks with essential functions for constructing enterprise remote access infrastructure.
To start, a user will access a RDS webpage by specifying an URL where RDS resources are published to. This interface, provided by Remote Desktop Web Access (RDWA) and configured with a local IIS with SSL, is the web access point to RemoteApp and VDI. The URL is consistent regardless how resources are organized, composed, and published from multiple RDS session hosts behind the scene. By default, RDS publishes resources at https://the-FQDN-of-a-RDWA-server/rdweb and this URL is the only information a system administrator needs to provide to a user for accessing authorized resources via RDS. A user will need to be authenticated with one’s AD credentials when accessing the URL and the RemoteApp programs presented by this URL is trimmed with access control list. Namely, an authenticated user will see and be able to access only authorized RemoteApp programs.
Remote Desktop Gateway (RDG) is optional and functions very much the same with that in TS. A RDG is to be placed at the edge of a corporate network to filter out incoming RDS requests by referencing criteria defined in a designated Network Policy Server (NPS). With a server certificate, RDG offers secure remote access to RDS infrastructure. As far as a system administrator is concerned, RDG is the boundary of a RDS network. There are two policies in NPS relevant to an associated RDG:
In RDS, applications are installed and published in a Remote Desktop Session Host (RDSH) similar to a TS Session Host, or simply a Terminal Server in a TS solution. A RDSH loads applications, crunches numbers, and produces results. It is our trusted and beloved working horse in a RDS solution. Digital signing can be easily enabled in a RDSH with a certificate. Multiple RDSHs can be deployed along with a load balancing technology. Which requires every RDSH in a load-balancing group to be identically configured with the same applications.
A noticeable enhancement in RDSH (as compared with TS Session Host) is the ability to trim the presence of a published application based on the access control list (ACL) of the application. An authorized user will see, hence have an access to, only published applications of which the user is included in the ACL. By default, the Everyone group is authorized in a published application’s ACL, and all connected user will have access to a published application.
Remote Desktop Virtualization Host (RDVH) is a new feature which serves requests for virtual desktops running in virtual machines, or VMs. A RDVH server is a Hyper-V based host, for instance a Windows Server with Hyper-V server role enabled. When serving a VM-based request, an associated RDVH will automatically start an intended VM, if the VM is not already running. And a user will always be prompted for credentials when accessing a virtual desktop. However, a RDVH does not directly accept connection requests and it uses a designated RDSH as a “redirector” for serving VM-based requests. The pairing of a RDVH and its redirector is defined in Remote Desktop Connection Broker (RDCB) when adding a RDVH as a resource.
Remote Desktop Connection Broker (RDCB), an expansion of the Terminal Services Session Broker in TS, provides a unified experience for setting up user access to traditional TS applications and virtual machine (VM)-based virtual desktops. Here, a virtual desktop can be running in either a designated VM, or a VM dynamically picked based on load balancing from a defined VM pool. A system administrator will use the RDCB console, called Remote Desktop Connection Manager, to include RDSHs, TS Servers, and RDVHs such that those applications published by the RDSHs and TS Servers, and those VMs running in RDVHs can be later composed and presented to users with a consistent URL by RDWA. And with this consistent URL, authenticated users can access authorized RemoteApp programs and virtual desktops.
A Remote Desktop (RD) Client gets connection information from the RDWA server in a RDS solution. If a RD client is outside of a corporate network, the client connects through a RDG. If a RD client is internal, the client can then directly connect to an intended RDSH or RDVH once RDCB provides the connection information. In both cases, RDCB plays a central role to make sure a client gets connected to a correct resource. With certificates, a system administrator can configure digital signing and single sign-on among RDS components to provide a great user experience with high security.
Conceptually, RDCB is the chief intelligence and operation officer of a RDS solution and knows which is where, whom to talk to, and what to do with a RDS request. Before a logical connection can be established between a client and a target RDSH or RDVH, RDCB acts as a go-between passing and forwarding pertinent information to and from associated parties when serving a RDS request. From a 50,000-foot view, a remote client uses RDWA/RDG to obtain access to a target RDSH or RDVH, while RDCB connects the client to a session on the target RDSH, or an intended VM configured in a target RDVH. Above is a RDS architecture poster with visual presentation on how all flow together. Http://aka.ms/free has number of free e-books and this poster for additional information of WS2008R2 Active Directory, RDS, and other components.
The configuration in WS2008 is a bit challenging with many details easily overlooked. Windows Server 2012 has greatly improved the user experience by facilitating the configuration processes with a scenario-based wizard. Stay tuned and I will further discuss this in an upcoming blog post series.
Recommended additional reading on RDS/VDI/App-V, cloud essentials, and private cloud
ThriveLive! Online IT Professional Virtualization Tour
Join our IT Professional Evangelists Yung Chou, Dan Stolts, Blain Barton, and John Baker bringing you the highlights of Microsoft’s great virtualization solutions. We will go from the desktop to the enterprise, starting with VHD native boot – a new feature for Windows® 7 and Windows Server® 2008 R2. Next, moving into Windows XP mode, Windows Server 2008 R2 Hyper-V™, and finish with System Center Virtual Machine Manager (SCVMM).
If that does not work for you, sign up the live streaming of our Orlando event next week.
Meanwhile, get the trial software or download bits from your TechNet subscription and join us on the wave to transforming IT with Microsoft virtualization solutions.
Its EASY!
Official Rules:
See you all at the events.
The Windows® 7 and Windows Server® 2008 R2 operating systems introduce DirectAccess, a new solution that provides users with the same experience working remotely as they would have when working in the office. With DirectAccess, remote users can access corporate file shares, Web sites, and applications without connecting to a virtual private network (VPN). Further DirectAccess separates intranet traffic from Internet traffic as shown on the right and reduces unnecessary traffic on the corporate network.
DirectAccess requirements include:
Here’s how DirectAccess works:
Notice the DirectAccess connection process happens automatically once a DirectAccess client boots up without requiring a user to log on.
This is a nice compilation of pertinent information of deploying Windows 7. For those who are focusing on Windows 7 deployment in an enterprise environment, the following are in my view essential readings as well.
Learn about the new features of Windows Server 2008 R2 in the areas of virtualization, management, the Web application platform, scalability and reliability, and interoperability with Windows 7. Download Introducing Windows Server 2008 R2, written by industry experts Charlie Russel and Craig Zacker along with the Windows Server team at Microsoft.
I have introduced this e-book a while ago. A great resource to get some technical depth on Microsoft virtualization solutions this is. Also included here are some of my blog posts which you may find worth reviewing. Registration is required to download this book.
For those who would like to try and get familiar with Windows 7 and Windows Server 2008 R2, follow the following links to download, install, and test it out. Here also include is the download information of Forefront and System Center which are essential for securing and managing enterprise infrastructure.
Windows Virtual PC is the latest Microsoft virtualization technology designed for Windows 7. It is the runtime engine for Windows XP Mode to provide a virtual Windows environment for Windows 7. Windows XP Mode, a new benefit of Windows 7 Professional and Windows 7 Ultimate, provides a virtual Windows XP SP3 runtime environment within Windows 7, and allows one to install and run Windows XP specific application directly from your Windows 7-based PC. Notice Windows XP Mode is 32-bit only while Windows 7 has both 32-bit and 64-bit versions. Windows XP Mode is a full virtual version of Windows XP SP3 and follows the same support lifecycle as Windows XP whose support phase ends in 2014.
On the other hand, if running Windows Vista or Windows XP on a physical machine, one can use Microsoft Virtual PC 2007 to run multiple operating systems at the same time on the same physical computer. There are noticeable differences between Windows Virtual PC and Microsoft Virtual PC. For instance the former requires hardware assisted-virtualization, supports USB, and is integrated with Windows XP Mode, while the latter does not. Here is the information to Compare some of the many features of Virtual PC 2007 to Windows Virtual PC.
8:00 AM – 12:00 PM, Friday December 11, 2009
North Charleston Convention Center
AITP Charleston Chapter in association with Discovery Training Center, Dimension Data, and Integral Solutions, present an opportunity to learn about the latest Microsoft desktop, server, and collaboration tools.
Sponsored by Microsoft
Fun stuff Door Prizes including
Continental Breakfast will be served
Please RSVP rsvp@aitp-charleston.org
Since the last month, while delivering Windows 7 Launch Events, I have realized how strong the interests on Windows XP Mode (XP Mode) is out there, how much IT Pro want to know more about it, and how many questions are being asked again and again. So I thought to put together something concise and you can get most of your questions answered in a short read.
Designed primarily with small businesses in mind, XP Mode for Windows 7 enables a user to install and run Windows XP applications directly from a Windows 7-based PC. With Windows Virtual PC (not the same with Virtual PC 2007,) XP Mode works in Windows 7 Professional and Ultimate, and provides a 32-bit Windows XP Professional Service Pack 3 (XPSP3) environment pre-loaded on a virtual hard disk. Notice running XP Mode requires turning on hardware virtualization with AMD-V™, Intel® VT, or VIA® VT, which may not be available in all PCs. For Enterprise customers, Microsoft Enterprise Desktop Virtualization (MED-V,) part of Microsoft Desktop Optimization Pack (MDOP) and available in Software Assurance, is a management solution for deploying Windows XP Mode and local virtualization solutions in an enterprise setting. While MED-V 1.0 SP1 to be available in the first quarter of 2010 with host support for Windows 7, notice that both MED-V 1.0, MED-V 1.0 SP1 will leverage Microsoft Virtual PC 2007 which does not required hardware assisted virtualization.
To enable XP Mode after installing Windows 7, a local administrator can click “Windows XP Mode” from “All Programs/Windows Virtual PC,” as shown, to access the online download page. Follow the instructions to install Windows Virtual PC and XP Mode. A virtual machine will be automatically initialized with Windows XP SP3. The user will be prompted and can choose to cache the built-in service’s account’s credentials to automatically start the Windows XP SP3 virtual machine.
XP Mode is an integrated environment with a number of productivity features including:
The XPSP3 virtual machine running in XP Mode is by default networked with the hosting Windows 7 machine using Network Address Translation. This network and additional virtual machine settings of the XP Mode are customizable. After all, XP Mode is desktop virtualization and a virtual machine. Most settings applicable to a virtual machine are applicable to XP Mode as well. Also keep in mind when it comes to desktop management, XP Mode or a virtual machine should be managed like a physical machine. In other words, a virtual machine in production needs to be secured, patched, and monitored just like a physical machine since at a logical level a virtual machine can be targeted and attacked just like a physical machine.
Register for your chance to WIN!
The first seven people to register for any of our Fall 2009 TechNet Unleashed Events by Blain, Dan, John, and Yung your TechNet IT Evangelists with the Referral Code of WIN7 will take home a copy of the MCTS Self-Paced Training Kit (Exam 70-652): Configuring Windows Server® Virtualization (Approximate Retail Value - $45 USD).* And, if you miss the first 7 window of opportunity, don't worry - we'll have several more to raffle off at each event. *Government employees and officials not eligible for contest. Must be present to win. Contest ends December 20, 2009.
Join Blain, Dan, John, and Yung, your TechNet IT Evangelists as we hit the road again this fall to bring you the highlights of Microsoft’s great virtualization solutions. We’ll go from the desktop to the enterprise, starting with VHD native boot – a new feature for Windows® 7 and Windows Server® 2008 R2. Next, we’ll move into Windows XP mode, Windows Server 2008 R2 Hyper-V™, and finish with System Center Virtual Machine Manager (SCVMM).
Reservations are required and space is limited, so register today to save your seat.
For more information or to register, visit: www.technetevents.com OR CALL 1-877-MSEVENT
VHD Native Boot We’ll kick off the afternoon by exploring VHD Native Boot, which is a new feature for Windows 7 and Windows Server 2008 R2. VHD Native Boot can be used as the running operating system on designated hardware – without a parent operating system, virtual machine, or hypervisor. This is one of the best virtualization features to date for technology professionals of every kind – from enterprise to small and medium-size business pros and consultants.
Windows XP Mode With Windows XP Mode, it’s easy to install and run multiple Windows XP productivity applications directly from your Windows 7-based PC. Do you have application compatibility issues? Windows XP Mode can ease those compatibility headaches, because it gives you the best of both worlds. You can easily run older Windows XP business software – including web applications that require an old version of Internet Explorer® – while taking advantage of the many benefits of your Windows 7 desktop. This is a can’t-miss session for IT pros who juggle both new and established software and web applications.
Windows Server 2008 R2 Hyper-V It’s time to focus on enterprise with an overview of Windows Server 2008 R2 Hyper-V. In this session, we’ll look at how to create virtual machines in Hyper-V and demonstrate how the snapshot feature can easily revert the virtual machine to a previous state. You’ll come away from this session with a sold understanding of all the capabilities and new features in Windows Server 2008 R2 Hyper-V.
System Center Virtual Machine Manager Finally, no virtualization discussion is complete without a conversation about management. When it comes to managing virtual infrastructures, System Center Virtual Machine Manager 2008 (SCVMM) is the best of the best. This member of the System Center family of system management products provides a straightforward, cost-effective solution for unified management of physical and virtual machines.
Free Admission>
Reston, VA >> November 30, 2009 1:00pm - 5:00pm
Alpharetta, GA >> December 1, 2009 1:00pm - 5:00pm
Rochester, NY >> December 2, 2009 1:00pm - 5:00pm
Charlotte, NC >> December 3, 2009 1:00pm - 5:00pm
Bridgewater, NJ >> December 7, 2009 1:00pm - 5:00pm
Waltham, MA >> December 9, 2009 1:00pm - 5:00pm
Malvern, PA >> December 11, 2009 1:00pm - 5:00pm
Orlando, FL >> December 14, 2009 8:30am - 12:00pm
This is it! We had waited and waited, and it's finally here. Windows 7 is now generally available. With Windows 7, there's never been a better time to be a PC. For all you IT Professionals out there, let me highlight the 3 key deliveries:
and innovations introduced in Windows 7 and make pertinent information readily available for you here.
Making people productive anywhere
Making people productive is not that hard. In your office plugging company’s network with a laptop loaded with apps, you can be productive. Making people productive “anywhere” on the other hand is a very challenging effort for IT, while facing the mass amount of mobile devices and increasingly complex network computing environment today. The growing numbers of mobile workforce and branch offices are at the same time demanding corporate resources seamlessly available regardless the required infrastructure and organizational boundaries. Two Windows 7 solutions to facilitate remote access are BranchCache and DirectAccess.
Managing risks through enhanced security and control
Security is nothing we need to much justify the need in today’s network computing environment. It is critical, imperative, and all too often costly. From Windows Vista, Windows Vista SP1, to Windows 7, BitLocker has been expanded from a single drive, multiple drives, now to portable media. Windows 7 offers security enhancements enabling a user to secure data from unauthorized access very easily with BitLocker-to-Go, for example. In Windows 7 Explorer, highlight a portable drive, right-click to turn on BitLocker-to-Go. It is that readily available, easy to do, and readable with Windows XP. There is really no reason not to do it since it is so little to do, yet with so much control and so strong protection on data. As a memory stick is now with 32 GB and beyond capacity, BitLocker-to-Go is one very cost-effective way to protect data from unauthorized access. For a large company, BitLocker technology with group policies offers a software based enterprise solution of hard disk encryption. You don’t need to look for a solution and end up with a second-best solution. It is in Microsoft Vista and it is much enhanced in Microsoft Windows 7.
In an enterprise environment, software restriction is one of the most difficult enforcements. Not only it needs a mature infrastructure to provide software inventories, metering, and on-going monitoring, but the required skill sets to develop, test, and manage those software restriction policies are hard to find, take years to develop, and come with very high costs. Windows 7 and Windows Server 2008 R2 together present AppLocker as a vehicle with which a system administrator can provision a policy to deny/allow execution, installation, or usage of a target application based on the application's digital signature by deriving a publisher rule defined and enforced with a Group Policy Object without programming. A complex requirement, for instance allowing task workers to access Office 2007 and later, but not PowerPoint when accessed by contractors, can be done with AppLocker in a few mouse clicks without any scripting.
Reducing cost by streamlining PC management
Many thought without a direct migration path, i.e. in-place upgrade, from Windows XP to Windows 7, the deployment of Windows 7 must be a tedious and tricky process. In fact, Windows 7 offers a number of vehicles making the migration an intuitive and straightforward process. For consumers and small businesses, Easy Transfer makes migrating from Windows XP to Windows 7 absolutely “easy” and, in my view, fun actually. Scanstate and Loadstate, two key utilities in USMT (User State Migration Tools) make a migration process very logical and easy to understand. Hard-Link Migration leaves and remaps data in place and significantly reduces the time needed to place large amount of user data in a typical PC refresh scenario.
In the past two years, with Microsoft’s introduction of virtualization strategies and solutions, there are many options in resolving compatibility issues at an application or OS level while reducing TCO and increasing flexibilities in deploying and managing IT resources in the long run. Specific to Windows XP compatibility issues, Windows 7 Professional and above offer Windows XP Mode (via a free download) with a local virtualization of Windows XP SP3 machine. So those applications developed specific for Windows XP can now essentially run in a Windows 7 environment with a few steps to set up a virtualized Windows XP SP3 run-time environment to host those Windows XP specific applications. Further an application running in Widows XP Mode can be seamlessly integrated into the Start/All Programs menu of a host Windows 7 machine. Notice Windows XP Mode alone is designed for a relatively small deployment since there is basically no built-in system management function. For a large scale deployment, MED-V or Microsoft Enterprise Desktop Virtualization, one of the six offerings that come with MDOP (or Microsoft Desktop Optimization Pack available through Software Assurance program) is the solution to manage local desktop virtualization with the abilities to provision a MED-V workspace policy to deploy XP Mode with standardized settings and a consistent user experience, etc. While MED-V 1.0 SP1 to be available in the first quarter of 2010 with host support for Windows 7, notice that both MED-V 1.0, MED-V 1.0 SP1 will leverage Microsoft Virtual PC 2007 which does not required hardware assisted virtualization.
Yung Chou on Hybrid Cloud - Site Home - TechNet Blogs