Vista deployment secrets

Vista adoption may be slow, but numerous IT shops have taken the plunge. Find out why they did and how they've made the shift

Vista adoption in business has been slow (and at this writing more than 75,000 people have signed InfoWorld's petition asking Microsoft to keep Windows XP available indefinitely). Nonetheless, thousands of businesses worldwide have already adopted Vista.

Some have made the move because they see real benefit to changes in the OS, especially for deployment management and security protection. Others see Vista as inevitable and would rather switch sooner than later. In either case, early adopters offer lessons on how to get the most from Vista and how to deploy with minimal disruption.

[ Many IT shops and consultants aren't ready to move to Vista. Find out why. ]

Such insight can only help the vast majority of businesses that are holding off on Vista. "The market has been slower to adopt Vista than lots of folks expected," notes Jeff Dimock, vice president of Microsoft solutions at the IT consultancy Dimension Data Americas. Gartner has advised its clients to wait until early 2009, to give Microsoft time to issue a couple of service packs and for third-party providers to update their applications and drivers, notes Michael Silver, a research vice president.

Both Dimock and Silver recommend that IT shops avoid installing Vista onto existing PCs unless they are less than a year old and instead pair a Vista upgrade with a hardware refresh. "We encourage customers to integrate these two cycles," Dimock says. The reasons are to confine the user and IT disruption and to avoid the performance and compatibility issues that older hardware can have with Vista.

When the time is right to move to Vista, Dimock expects IT organizations will like the tighter security, despite the fact it requires a change in both user behavior (to acknowledge the User Account Control warnings when installing potentially harmful applications) and an update in applications (to run in user mode rather than administrator mode). "It's a lot more robust security model, but it does come at a price," he says.

Dimock also sees the adoption of Vista as a handy excuse to clean out old apps from the IT portfolio, as many will no longer be fully compatible. "It is an ideal time to do that," he says.

For IT, perhaps the other big advantage is Vista's ability to create a unified installation image that selectively loads the needed drivers and applications onto users' computers — saving IT from having to manage lots of install images as with XP or to rely on the PC-model-specific OEM installations whose "bloatware" then needs to be removed from each system.

YMCA's incremental strategy keeps Vista costs low
The local YMCA in Milwaukee is taking what analysts consider the most common approach to deploying Vista in business: one PC at a time as new users come on board or individual PCs are replaced. "We didn't want to make all the investment at once," explained IT director David Fritzke. At first he considered upgrading the existing computers' memory from their average of 512MB to the 2GB that Vista needs, but ultimately he couldn't justify investing in older computers that would need to be replaced in a year or two anyhow.

This incremental approach means that IT has to be able to manage and support both its earlier (usually XP) systems and its Vista systems simultaneously. (Managing and supporting multiple versions is also necessary for the recommended enterprise deployment approach, which requires staging an OS upgrade over several years in batches, notes Michael Silver, a Gartner research vice president.)

At YMCA Milwaukee, that meant adding support staff and beefing up install scripts, Fritzke says, but "the cost difference was minimal," he notes. One reason that user support costs didn't rise much with Vista, Fritzke notes, was that the universe of affected PCs is small, about 130 of the 650 PCs in use. At the YMCA, Vista is used mainly in laptops, mostly because of its improved ability to rejoin wireless networks automatically, and laptop users tend to be more knowledgeable. In fact, employees who adopted Vista on their home computers pushed Fritzke to bring Vista into the office so they'd have only one OS interface to use.

At first, Fritzke "downgraded" new laptops' Vista installations to XP, but stopped doing so because the generic XP installations didn't run as well as the OEM-tuned Vista installations — and there were, of course, no tuned XP installation discs from the OEMs for these new Vista-oriented laptops.

Fritzke did run into a surprising issue with Vista's BitLocker disk-encryption technology. Users turned this feature on to protect data if their laptops were lost or stolen, but when they left the YMCA's employment, IT discovered it couldn't read the backed-up files from their laptops. BitLocker requires that the data be opened on the actual computer where it was encrypted, even with administrator privileges. Fritzke's team now uses an awkward workaround: If they need access to a former employees' files, they take back that employee's laptop from its current owner, copy the files to it, decrypt them with BitLocker, and then give back the laptop when done. Fritzke is hoping that Microsoft or a third party will provide a way for IT to open these files when backed up, so he can end this workaround.

Long term, Fritzke also expects the switch to Vista to not require additional support costs. The reason, though, is unrelated to Vista: He is shifting the rest of the YMCA's PCs to a thin-client model, with apps served up to Linux desktop clients via Microsoft Windows 2003 Server (and soon Windows 2008 Server) using Citrix's thin-client tools. The goal is to have all desktops using thin clients and only laptops using Vista.

Kemet ties its upgrade to a hardware refresh
At capacitor manufacturer Kemet, Global Infrastructure Manager Jeff Padgett began planning his Vista upgrade 18 months ago, several months before the first version was available to businesses.

The reason: the company was upgrading the 5,600 desktop PCs and 2,000 laptops used in the 22 countries where it has facilities. And Padgett wanted to combine the OS and hardware upgrade into one IT migration plan, not treat them as separate projects. (To be safe and to keep on schedule, he did install XP on new systems deployed in the first year of the hardware refresh, knowing that they would all support Vista when he was ready to bring it on board, which he plans to do this spring.)

Padgett used the refresh effort as an opportunity to consider a shift to a different platform — Mac or Linux — but decided the compatibility issues were too great and there would be no savings even from the less expensive Linux platform after training and application support costs were factored in.

He also had positive reasons for going to Vista. A big one was Lenovo's (originally IBM's) ThinkVantage software, a suite of deployment and security tools for XP. It turned out these tools caused many of the trouble-ticket reports, especially around connecting to presentation hardware and wireless LANs, but Vista had its own tools for these, so Padgett saw he could remove a source of support calls.

Another incentive to adopt Vista was its built-in performance monitor, which logs all failures into a central location, complete with history, giving his support staff the context needed to diagnose problems that it had not had with its existing help-desk trouble-ticket system.

Not everything in Vista has worked as Padgett would like. He's disabled the User Account Control security system, which makes users confirm any suspicious activity before allowing it, annoying users and causing many to click OK without reading the warnings. Instead, Padgett will continue to use Trend Micro's anti-malware software to protect the PCs. "While UAC would protect against rogue administrator-privileged apps, we couldn't afford to handle the user support [requests it would cause]," he says. Padgett says UAC makes sense in a tightly controlled network environment, where most risks are filtered out before they get to the user, but that's not a realistic state for his network, as it connects to supplier and customer networks beyond Kemet's control.

Although many people have complained that Vista's new security model breaks apps designed to run in administrator mode — not in user mode as Microsoft has been urging since 1999 — this has not caused much of a problem at Kemet. The reason, Padgett says, is that he had already reworked homegrown programs to run in user mode. Today, only five of 50 .Net and FoxPro database applications in use have problems with the new security model, and he expects to have those externally developed apps fixed shortly. Padgett's team has also migrated from Visual Studio 2003 to the 2005 edition, which natively supports the Vista security model.

Ready for Vista after a compatibility delay
As a member of Microsoft's Technology Adoption Program, Gary Wilhelm has been ready for Vista for nearly two years. But only now is he ready to start his Vista rollout at the Englewood Hospital Medical Center in New Jersey, in concert with a hardware refresh. The issue was compatibility: the Encentuate single-sign-on software that the hospital uses was only recently updated to support Vista and is now being tested, notes Wilhelm, the hospital's business and systems financial manager (a combination of CTO and CFO).

Wilhelm's Vista plans were based primarily on a desire to modernize the hospital's systems. Right now, in addition to the bulk of XP installations, there are still Windows 2000, 98, 95, and even 3.1 systems in use. The pre-XP systems will be the first to be replaced with Vista PCs. "Managing two OSes [XP and Vista] will be easier," he says dryly.

But the Vista migration will also bring automatic connection to wireless LANs, without requiring users to reauthenticate as they switch access points — "a pleasant surprise that XP can't do," Wilhelm says. He also likes the new user interface, which he says he quickly learned to prefer over XP's: "It's like watching high-def and trying to go back."

Wilhelm began buying Vista-compatible PCs a year ago, but he installed XP on them pending the resolution to the SSO issue and to an unrelated VPN compatibility issue. (Wilhelm resolved than VPN issue in the five months that Vista was available to businesses but not to consumers, so Vista-equipped hospital users working from home never encountered the compatibility issue.)

He won't upgrade those PCs to Vista ("I didn't want to spend the time," he says) but he plans on bringing Vista into the hospital with the next department scheduled for a hardware refresh — the 100 or so nursing floor computers will all run Vista later this year, he notes. Because Wilhelm refreshes the hospital's PCs in three-year cycles, he expects to have replaced all 2,500 systems with Vista by 2011.

The SSO and VPN compatibility issues were all that stood in the way of an earlier Vista deployment, Wilhelm says. The issues that some users have had with the new security model didn't apply to a medical setting because his IT group had already locked down the PCs in a way similar to what Vista does by default. "We never gave users full access to the PC [administrator privileges], so they're not seeing a change" in what applications they can run from user mode, he notes.

One Vista security feature has caused some problems, Wilhelm notes: the BitLocker encryption capability. It is an all-or-nothing tool, encrypting the entire disk or nothing, which caused some access issues on PCs that are used by multiple people with separate user accounts. It also would encrypt only the C drive, even though the hospital uses a separate D partition for data, distinct from application and system files. Wilhelm hopes that Microsoft will change BitLocker so it can encrypt just specific files or folders, as some third-party encryption tools already do, and support encryption across multiple volumes.

Collegiate Housing sees easier OS deployment with Vista
Sumeeth Evans recalls the last time he had to manage an OS migration and he doesn't relish the memory. As IT director at Collegiate Housing Services, an 80-person college facilities management firm, it took Evans about five days to upgrade approximately 40 users to XP six years ago.

He had to make sure he used the right installation image for the specific computer model, running them manually using Symantec's Norton Ghost software. Even though he had an inventory of what applications users were supposed to have, it turned out to be inaccurate, so users came back complaining of missing programs. "I missed a lot of software that had been previously installed," he recalls.

Fast-forward to early 2007: Evans upgraded 80 systems to Vista in half a day. What was different? Microsoft's Windows Automated Installation Kit, a free download that let Evans use a single Vista installation image for all PCs, with drivers and applications loaded as needed.

But more than that, another Microsoft tool, the free Vista Hardware Assessment tool, had inventoried users' applications, so he had a complete inventory before reimaging the PCs; plus, it verified hardware compatibility. That last feature let Evans figure out which existing PCs could be retained, saving $20,000 in planned, new PC costs. In most cases, those salvageable PCs needed just a memory boost to 2GB to run Vista.

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies