The 4 Biggest Concerns About OS Migration

GettyImages-606707234With the release of Microsoft Windows 10 and all its various branches, you’re likely considering what place the new operating system will have in your organization, and how it will be deployed. Many organizations struggle with implementing a new OS, but that doesn’t have to be the case.

LANDESK has developed proven solutions for some of the biggest concerns considering OS migration.

1. Productivity

A significant fear of CIOs across the globe is phones ringing off the hook and business disruptions the morning after the migration, either because the migration was unsuccessful or the users no longer have the applications they need to perform their job functions. Disruptions simply cannot happen. Not only does the operating system need to be properly installed, the applications that are key to productivity must be installed and functional.

Even if the OS and applications are working properly, end users can become frustrated and unproductive if the environment isn’t properly customized. By capturing the user’s profile settings before the upgrade, you can ensure that the environment will be familiar and functional. For example, the user’s local printer must have the correct drivers installed and configured. If not, the user will have to do it or create a help desk ticket.

2. Manpower

Whether you still have a few Windows XP devices in use or you’re in a pure Windows 8 environment, there’s a certain amount of labor involved in upgrading operating systems. Such labor can be performed by your internal IT staff, outsourced to a third party, or shared with the end users themselves. There are a variety of successful models depending on your organization.

The LANDESK solution lets you leverage all of these labor models, including the use of end users. Productivity workers have never been more technology savvy, and they are increasingly being empowered to make decisions and act upon them. End users can be allowed to schedule their device upgrades for a time that accommodates their work schedule. They can also be given options on restoring their data.

3. Data preservation

In organizations with a large number of legacy operating systems, data backup is essential. For instance, Windows XP can’t be upgraded directly. It requires a clean installation. As a result, you must back up the end user’s data, install the OS, and restore the data when finished.

4. Security

There are many aspects of OS migration that impact security. It isn’t uncommon for end users to be told to back up their data on external devices before migration and then restore it afterwards. Whether you have financial data, healthcare patient data, or intellectual property on local drives, leveraging external devices is fraught with danger. There are better alternatives to backing up to local devices manually.

Once a device is upgraded, it must be secured with the latest OS and application packages before it’s ready for use. A unique advantage of the LANDESK solution is that it accommodates encrypted devices and shared devices such as kiosks. Not only can we migrate data without leaving it vulnerable, we can also migrate data stored on devices by multiple users.

Security should not be taken lightly, and OS upgrades shouldn’t represent a security risk.

CTA-Blog-Banner01

Can Your OS Migration Tool Do This?

GettyImages-534165399The heart of IT is about empowering people and being able to serve and secure all types of users, on all the devices they use, wherever they are.

The LANDESK vision of user-centered IT is the balance between providing end users increased control over their devices while providing the IT department the control they need to maintain security, compliance, and productivity.

LANDESK holds to this vision when migrating machines to new operating systems. For instance, IT can allow end users to select when they want to migrate their device plus let them selectively restore the data they want restored.

We work with customers to ensure the solution will meet the needs of each department and their broad spectrum of users. We don’t require you to create customized images that quickly become obsolete.

Still not sold? Here’s why LANDESK is the better choice:

Encryption  

LANDESK has been helping customers migrate operating systems for decades. Our professional services team has assisted many large customers through the process.

Customers in the healthcare and finance industries have faced singular challenges in the migration process due to the encrypted devices in use. Thankfully, those problems are in the past. LANDESK can now migrate devices encrypted with any technology.

Software titles  

Organizations give users machines so they can work more productively. But it’s not the OS that makes users productive; it’s the applications. Workers must have the functionality available to them after the migration takes place.

The LANDESK solution restores to the device either the original application or upgraded titles so users can stay engaged in their work.

User data and configuration 

Users customize their machines in most cases. They also save data needed in the future. The LANDESK solution gathers user settings and data after the user logs in, thus solving the encryption problem. This data is copied to the network in the background. Most users never notice when the operation takes place.

Organizations can determine what data they want backed up. Once the migration is complete, users can select what data they want restored.

KIOSK or multi-user devices 

Since user data is backed up when the user logs in, multi-user devices are supported.

LANDESK professional services 

LANDESK offers extensive experience performing large-scale migrations. Our engineers have designed a highly reliable and flexible migration process that can be customized to your organization’s needs.

The solution is not rigid. Changes can be made globally at any time or for specific groups. Our goal is to provide you a system that will handle your migration needs today and in the future.

Vendor integration 

The LANDESK solution can be integrated with most hardware vendors to allow many conveniences. For example, devices can be auto-provisioned in order to ship the machine directly to the end user rather than going through the IT department.

Restoration of user data to the device begins as soon as the user logs in. The applications used on their old device are also installed on the new device, restoring full functionality.

Picking the time to migrate 

Users generally want to work on newer operating systems, however, they worry about being able to perform their work without interruption. Allowing them flexibility in scheduling the migration buys goodwill. You can free them to choose when they want to migrate or schedule a time with the flexibility to postpone.

Nevertheless, as an IT department you can plan for the migration to take place at a designated time if the user has deferred the task too many times.

Restoring settings and data

Ultimately organizations own the devices and thus own the liability of what’s stored on them. In some cases, company devices can become encumbered with optional or banned content. For this reason, content such as music, movies, photographs, and even software titles can be prohibited from the back-up process.

After the migration takes place, users are able to selectively restore their content. In many cases, they may find old data that’s no longer needed.

Customization

Another advantage is that our solution is highly customizable without hampering scalability. Even geographically dispersed organizations can migrate hundreds of devices a day.

LANDESK Upgrade Services helps you establish a sustainable provisioning strategy that not only works in all the common scenarios, it saves you money.

CTA-Blog-Banner01

10 Smart Reasons to Use LANDESK for Your OS Upgrade (Part 1 of 2)

GettyImages-587942672 (1)Instead of barely surviving an OS migration, wouldn’t it be nice to roll out that shiny new OS and a better IT environment at the same time? What if you could do all that and still keep migration costs relatively low?

To the average IT professional, that might sound too good to be true. But you’re not the average IT professional (hint: we only let above average IT professionals read this blog), so it doesn’t come as a surprise to you that LANDESK offers huge advantages when it comes to OS migration.

In this post, we’ll look at reasons one through five. Be sure to check out 10 Smart Reasons to Use LANDESK for Your OS Upgrade (Part 2 of 2) for reasons six through 10.

1. Your software license compliance remains intact after the upgrade

LANDESK creates a “Software License Mapping Matrix” for those programs that are standard among every single computer in your environment (MS Office, Adobe Acrobat Reader, etc.), as well as for “less standard” applications (Adobe Acrobat Professional). You don’t waste budget deploying software licenses to employees who didn’t need them in the first place.

Whether you’re upgrading an existing machine to Windows 7, 8, or 10 from XP, or refreshing hardware with Windows 7 or 8 on it—you need to migrate software licenses based on your mapped plan and your licensing capabilities.

2. Know your upgrade progress at any time

It’s a fair question: “What executive dashboards are available to show me the status of our migrations?”

The LANDESK SmartVue customizable dashboard application for tablets and smartphones provides IT departments and business executives a real-time view of what’s happening in the IT environment based on time and location. You can inform executives of migration progress against plan, e.g., how many machines are being migrated on average per business day, per week, or per month.

And with help from LANDESK Professional Services, you can forecast and display how much time remains in the migration process at the current pace, taking into account that migration success rates drop off dramatically for the remaining 20 percent of machines, typically due to some machines needing more attention or being temporarily unavailable (in storage, users on maternity or paternity leave, etc.).

3. Users have everything they need, including non-standard applications

The Software License Mapping Matrix mentioned earlier enables you to map out and preserve all the apps, packages, utilities, websites, favorites, virtualized apps, MED-V, Spoon, ThinApp, etc. that employees care about and that are critical to the business.

We’re able to detect the versions of those apps and then map where you want those located on the new machine. You can also leverage this ability as an opportunity for standardization, for example, migrating a particular application to the same version of the application or creating a new standard across the organization.

4. Security standards are maintained once you’ve upgraded

The LANDESK OS upgrade solution is not just an imaging component or a systems management tool. It’s a process-based approach that also includes LANDESK® Security Suite, the endpoint security component.

With it you can make sure that machines meet Microsoft Windows vulnerability patch baseline and that appropriate patches for Microsoft and third party apps, antivirus definitions, etc., are addressed to meet compliance standards such as PCI and HIPAA.

5. Users are provided with upgrade scheduling options

Users are less resistant to a migration when they know what’s coming and can have input into the scheduling of changes to their machine. If you’ve experienced a major OS migration previously, you might recall the frustration that arose when scheduling the migration with the end user.

Many times the IT resource would be dispatched to the end user’s desk to perform the migration, only to find that the user was not prepared or could not perform the migration. This type of miscommunication can totally derail the overall migration schedule and generate serious cost overruns and delays.

Using the LANDESK Process Manager web console, you define the policies that govern how the migration process will function in your environment. You can easily schedule the migration event, communicate with end users, and gain the needed approvals to safely move forward. If the end user needs to change the migration date, it’s not an issue. The process engine simply makes the change with no impact on IT resources.

In addition to managing the schedule, the process engine can communicate with the end user well in advance of the migration date. These communications serve as a mechanism to educate and guide the end user through the migration process. The communications can also be used to deliver special instructions or links to more advanced training designed to help the user through the transition. What’s more, because the LANDESK process engine manages the communications between the end user and the migration process, it’s possible to have the end user give the final go-ahead before the migration takes place. This method provides a clear audit trail that documents the notifications and approvals granted by the end user.

What’s more, because the LANDESK process engine manages the communications between the end user and the migration process, it’s possible to have the end user give the final go-ahead before the migration takes place. This method provides a clear audit trail that documents the notifications and approvals granted by the end user.

This seamless integration between LANDESK Process Manager and LANDESK Management Suite enables you to fully automate the migration process and transform an old XP machine into a new Windows 10 device with everything the user needs to perform their job function. But most importantly, you’re able to extend your existing IT resources and accomplish the migration process with minimal disruption and cost.

Check out 10 Smart Reasons to Use LANDESK for Your OS Upgrade (Part 2 of 2) for advantages six through 10.

CTA-Blog-Banner01

10 Smart Reasons to Use LANDESK for Your OS Upgrade (Part 2 of 2)

GettyImages-524540663In our first post, 10 Smart Reasons to Use LANDESK for Your OS Upgrade (Part 1 of 2), we discussed the first five reasons to choose LANDESK for your OS migration.

This post looks at reasons six through 10.

6. Simplify your upgrade with fewer images

With LANDESK, there’s no need for multiple images to migrate machines of varying models or manufacturers. Hardware-independent imaging capabilities handle the two toughest pieces that cause “blue screens”— the hardware abstraction layer (HAL) and the mass storage driver—as well as all your plug-and-play drivers.

If you get either the HAL or the mass storage driver pieces in your imaging process wrong, that machine will blue screen, that migration will fail, and there will be associated downtime. And chances are if it happens to one machine it will happen to many. LANDESK takes care of these issues for you.

While problems with plug-and-play drivers don’t cause blue screens, items like appropriate monitor resolution or issues with printers, scanners, or trackpads hinder users from being as productive as they could be. Instead of having one image that contains all the drivers for all possible systems in the environment, LANDESK enables you to download only the drivers necessary for each machine, which could mean reducing the size of the image from 15 GB to 8 GB because in some instances 7 GB of image space is taken up by drivers only

7. You avoid excessive network utilization during upgrade

LANDESK Targeted Multicast™ and LANDESK Peer Download™ content delivery tools reduce bandwidth consumption and server resource usage, eliminating redundant traffic over your WAN and LAN links. Targeted Multicast technology makes it possible to distribute large packages to many users across the network with a minimum of network traffic. You can easily distribute software, even in those WAN environments with multiple hops and low connection speeds (56k).

Instead of sending a package across the wire for each device, only one transfer is made for each subnet. Bandwidth savings increase as the number of devices on each subnet increases. Peer Download is a Targeted Multicast option that forces targeted devices to install a package from a device’s local cache or from a peer on the same subnet to conserve network bandwidth.

8. Machines meet your new naming standards as part of the upgrade

A decision engine determines how a machine will look once it’s upgraded, and this also encompasses PC renaming. You have the opportunity to provide consistent naming standards, whether based on a company prefix, user name, site prefix, country prefix, machine prefix, or any other standard.

9. Make your hardware refresh as simple as any upgrade

It’s a common misconception that migration challenges are easily solved simply by purchasing new hardware with Windows 8/10 preinstalled. Of course, many users have aging machines and organizations have considered XP’s end-of-life as a business justification to replace hardware. But what about the company’s standard image or the software applications needed by the end user? In addition, what about the user data? How will that get on the new computer? End users won’t appreciate the new system if none of their profile or application settings have been migrated. And network and security teams will have the added burden of getting the users into the domain and ensuring that the devices are secure.

While the refresh process is a viable method for getting a new operating system, many of the same costs and resource demands still exist to support the end user. LANDESK provides the capability to accomplish all the migration tasks listed in the following table so that everything looks the way it should and you don’t end up with a mess.

10. All drivers are updated during your migration

With LANDESK, all drivers are up-to-date as part of the migration. Integration capabilities with Lenovo, HP, and other hardware brands ensure that BIOS, value-added software, ThinkVantage Technologies, HP battery monitoring, and other drivers supported and endorsed by the manufacturer, are kept up-to-date and installed in the first place.

Upgrading from Windows XP, 7, or 8 to Windows 10 can be a challenge, but LANDESK Upgrade Services addresses all the major obstacles. We can provide assistance in set-up and configuration as well as performing the actual migrations. Our project managers keep the upgrades running at a predictable pace, communicating with you every step of the way. You gain a long-term solution that enables you to keep your devices current.

CTA-Blog-Banner01

4 Paths to Upgrading Your Old Operating System

GettyImages-153536281As an OS ages out of the update cycle, it becomes a big security concern. Patches eventually dry up, allowing new threats to seek out vulnerabilities. Face it, it’s time to upgrade. But these OS upgrades are NOT ‘one size fits all’.

With that in mind, here are four common scenarios for deploying new operating systems:

1. Migration of existing devices

In this first scenario, a user is running Windows XP. They need to be upgraded to a newer operating system with their data (user profile and files) preserved. They also need the new system to have the same application functionality.

You cannot upgrade from Windows XP to Windows 7, 8, or 10. In other words, you can’t run setup.exe to update the Windows files. The machine needs a clean install of the new OS.

2. Upgrade of existing devices

In this second example, we have a user running Windows 7 or 8 on a device that needs to be upgraded to Windows 10. For devices running Windows 7, 8, or 8.1, a direct upgrade is available. Since you’re upgrading the operating system in place, the data is left intact on the device.

3. New devices with data migration

This third scenario is a typical device replacement. A user is running Windows XP, 7, or 8 and is getting a new device. They need their data (user profile and files) moved to the new device. They also need their new device to have the same application functionality.

4. Devices without data migration

This last scenario is for a new employee. They have no previous device from which to migrate data and simply need a device provisioned.

The LANDESK migration solution works in all these instances. Whether you need your data migrated or just have an existing device to upgrade, our solution offers the IT department and the end user flexibility.

This really is just the tip of the iceberg. Click below to find out what else you need to do before migrating your system to Windows 10.

CTA-Blog-Banner01

10 Reasons Why You Should Use LANDESK for Windows 10 Migration

GettyImages-613054782Most organizations are running a variety of versions of Microsoft Windows. Whether you still have devices on Windows XP or are on the latest version of Windows 8.1, there is an upgrade available to you.

Windows 10’s release in 2015 keeps everyone thinking about provisioning new operating systems. Organizations frequently make operating system decisions based on how much pain they can handle rather than on the benefits gained by the latest version.

LANDESK’s OS provisioning solution handles all the common migration scenarios. From updating existing devices to the purchase of new devices, LANDESK can upgrade your OS, restore user data AND ensure all the productivity applications are reinstalled.

In case you need any additional convincing, here are ten solid reasons why you should LANDESK to help with your OS migration:

1. Your software license compliance remains intact after migration.

LANDESK creates a software license mapping matrix so you don’t waste time and money deploying software licenses to employees who didn’t need them in the first place.

2. Know your migration process at any time.

Executives love this. LANDESK SmartVue dashboards and reports give you up to the minute information on the migration process, e.g. the number of machines migrated that day, week, or month, as well as how much time remains at the current pace, and more.

3. Ensure you users have everything they need, including non-standard applications.

LANDESK preserves all tools employees care about and that are critical to the business like apps, packages, utilities, websites, favorites, virtualized apps, MED-V, Spoon, ThinApp, etc.

4. Maintain your security standards once you’ve migrated.

Machines meet PCI, HIPAA, and other compliance standards for sensitive information. Our process-based approach addresses patches for Microsoft and third-party apps, antivirus definitions, etc.

5. Provide users with migration scheduling options.

Automate communication with users so they know what’s coming and can have input into the scheduling of changes to their machine.

6. Simplify your migration with fewer images.

No need for multiple images to migrate machines of varying models or manufacturers thanks to hardware-independent imaging.

7. Avoid excessive network utilization during migration.

Our Targeted Multicast and Peer Download content delivery tools reduce bandwidth consumption and server resource usage, eliminating redundant traffic over you WAN links and LAN links.

8. Machines meet your new naming standards as part of the migration.

A decision engine provides the opportunity to create consistent naming standards whether based on a company prefix, user name, site prefix, country prefix, machine prefix, etc.

9. Make your hardware refresh as simple as any migration.

When you refresh hardware you still need to handle profile captures, apps, AV revisions, installation and validation. LANDESK addresses all of these areas and more.

10. Update all drivers as part of your migration.

Integration and capabilities with Lenovo, HP, and other hardware ensures that BIOS, value-added software, ThinkVantage Technologies, HP battery monitoring, and other drivers are kept up-to-date and installed in the first place.

CTA-Blog-Banner01

Windows 10 Security Mitigations When You Can’t Apply Cumulative Updates

Managing-Windows-10-Updates

The introduction of Windows 10 cumulative updates will force enterprises to make a difficult choice: security or availability. Security in the sense of eliminating the risk of known vulnerabilities through patching. Availability where an application or Windows 10 feature only works when an update isn’t applied. Enterprises will need to plan on Windows 10 security mitigations when applying cumulative updates isn’t an option.

Bad Patches

Bad patches are like any other software bugs: they happen. In speaking with many of our customers, we hear about them experiencing bad Windows patches a few times a year. When these patches are applied they break functionality in Windows or 3rd party applications. Sometimes Microsoft needs to fix something – sometimes a 3rd party vendor (see Windows 10 Cumulative Updates Overview for an example with Citrix XenDesktop). In the past, the solution was fairly straight forward: don’t apply the bad patch, address the security risk of the vulnerabilities in that patch, wait for a fixed patch or 3rd party software to be released, apply the improved patch or software and move forward.

Windows 10 Security Mitigations

With the cumulative updates, selectively applying patches is over. Rather that fretting over the situation, there are a number of mitigations that might be applied in place of the update when issues arise. In April 2014, Gartner’s Neil MacDonald, wrote a report on Best Practices for Secure Use of Windows XP After Support Ends to address the issues of not being able to patch vulnerabilities that would continue to be found. Many of these practices can be used with Windows 10 for these situations where a patch breaks functionality. These practices can also be used persistently, but are often seen as too restrictive. Consider these approaches as part of a flexible security strategy that goes along with your patch management program. I will highlight a few of the practices in that report that can be addressed with LANDESK solutions.

Restrict Network Connectivity to the Minimum Possible

This can be challenging for many client systems, but easier to achieve with fixed function devices like kiosks or POS systems. LANDESK Security Suite can limit network connectivity through Windows firewall management or the LANDESK firewall.

Whitelisting

Whitelisting is a very effective method of securing a system as it stops unauthorized applications from running. LANDESK Security Suite and our recently acquired AppSense Application Manager both provide industry leading whitelisting with plans to blend both capabilities in future product releases.

Remove Administrative Rights

Many Microsoft vulnerabilities can be mitigated if the user does not run with an administrator account. Removing administrative rights is easy, but the limitations from such an action often stop organizations from taking this step. Privilege management software, including AppSense Application Manager, can be used to grant privileges to applications that need them so users can use non-administrative accounts. On the reverse, privilege management software can also be used to remove administrative rights from an application that is vulnerable and cannot be patched.

Address the Most Common Attack Vectors — Web Browsing and Email

There are a number of things that go into securing web browsing and email. Neil mentions the following controls:

  • Patch Management: As discussed in my previous article, 3rd party patch management is a strength of LANDESK Patch Manager
  • Containerization: there are a number of solutions that use technology to isolate applications including our partner Bufferzone. With these solutions, attacks are contained to that application unable to spread to the operating system or other applications.

Keep the Rest of the Software Stack Updated Where Possible, Including Office

Can I get one more amen for patch management? Enough said.

Use an IPS to Shield Systems from Attack

LANDESK Security Suite includes a Host Intrusion Prevention component to address behavioral based attacks and apply file protection rules. Add to that, LANDESK Antivirus brings an industry leading antimalware engine.

Disable USB Ports and CD\DVD Drives

Often malware is introduced through removable media. LANDESK Security Suite provides device control to disable external media devices, make them read-only, and\or shadow copy files that move across those devices.

Key Takeaways

Here are some points to remember and share:

  • Expect Windows 10 cumulative updates to occasionally break features or 3rd party applications
  • Selective application of patches is no longer an option with Windows 10
  • Build out a strategy of security mitigations when applying the cumulative update isn’t feasible

The article marks a stopping point for this series. There will likely be updates and changes to this conversation as new branch upgrades are released, but this gives you a solid foundation. Hopefully this series has been helpful and I wish you great success with Managing Windows 10 updates.

Managing Windows 10 Cumulative Updates with LANDESK

Managing-Windows-10-Updates

Managing Windows 10 cumulative updates with LANDESK leverages years of features and expertise in patch management. LANDESK Patch Manager provides automated assessment and targeting, robust network-sensitive update distribution, third-party patching, and custom patch definitions all of which make a comprehensive solution for Windows 10 patch management. This article will explore the capabilities in LANDESK Patch Manager that address Windows 10 cumulative updates.

Automated Assessment and Targeting

LANDESK Patch Manager provides content to identify computers missing cumulative updates and then target those computers for automated or approved remediation. Content is specific to Windows 10 branches which enables proper targeting of cumulative updates to the appropriate computers.

16 - Windows 10 Update Definitions

Update Distribution

As detailed in my Windows 10 Cumulative Updates Overview, the large size of the updates is one of the biggest challenges that enterprises will need to address. The challenge of distributing these large packages, at least monthly, requires strong software distribution capabilities. LANDESK Patch Manager leverages best in industry distribution capabilities to quickly push packages while minimizing the impact on the network. Such capabilities include:

  • Targeted multicasting: efficiently distributes packages to multiple computers through network efficient communications.
  • Peer-to-peer downloading: peer-to-peer technology enables computers on the same subnet to share packages eliminating the need to communicate across slow links or overwhelming a single server.
  • Bandwidth throttling: throttling limits the amount of traffic a computer uses to preserve network capacity for other communications.
  • Distribution servers: Distribution servers can be designated to host packages in different locations so updates only need to be downloaded once across slow WAN links that connect remote sites to a central datacenter.
  • Checkpoint restart: nothing is more annoying than having to restart a download. With automated checkpoint restart, package downloads can continue where they left off if a system gets disconnected.

Third-Party Application Patching

I continue to be shocked when I speak with enterprises who are not patching their third-party applications. Some are painfully packaging applications for distribution one update at a time, while many others are doing nothing. If there is one thing to be learned from Windows 10 cumulative updates, it is that 3rd party application compatibility is at continuous risk and the need to update such applications rapidly is more important than ever. With LANDESK Patch Manager, thousands of common third-party applications are analyzed to create content that enables silent detection and update of such applications.

Custom Application Patching

For those applications not in our extensive catalog, there is also the option to create a custom definition to detect and update the application. This capability can be particularly beneficial for internally developed applications which will also be under compatibility pressure with Windows 10 updates.

Systematic Rollout of Cumulative Updates

In my previous article on using LANDESK for Branch Upgrades, I discussed the use of the feature, Rollout Projects, to systematically deploy branches. The same feature can be used to deploy Windows 10 Cumulative Updates (as well as any other update, branch, or software package). Rollout projects automates the assessment, distribution, and installation of updates to groups of computers in a predefined order.

16 - Patch Rollout Projects

Steps can be defined to sequence different rollout groups to have a measured approach to updates. Each step can have exit criteria before moving on to the next step. Exit criteria includes:

  • Minimum success rate of systems upgraded
  • Minimum duration of executing that step to give time to identify potential issues
  • Email approval if you need manual change control to proceed

These exit criteria enable the complex process of rolling out branch upgrades to proceed automatically, but with controls to stop rollout issues from spreading.

16 - Patch Exit Criteria

Key Takeaways

LANDESK Patch Manager solves the challenge of managing Windows 10 cumulative updates through:

  • Automated identification of vulnerable Windows 10 computers
  • Network-sensitive update distribution
  • Extensive catalog of third-party application patching
  • Custom patch definition
  • Systematic project-style roll out of patches

In the next and final article in this series, I will explore security mitigations for when you can’t apply Windows 10 cumulative updates.

Windows 10 Migrations Can Be Like Fishing Without a Guide

Fishing Guide Pointing Out A Trout At SunsetFinish this statement: “Give a man a fish, and feed him for a day. Teach a man to fish, and you ____.”

If you plan and strategize right, you can do more than just give your users a new operating system, you gain valuable practice when it comes to upgrading machines continuously, no matter what Microsoft throws at you.

As the end of life for Windows XP approached, many companies—especially those operating under regulatory compliance—had to migrate large numbers of machines to Windows 7 all at once. These high-priority projects led to millions in additional costs.

Much of that came from hiring outside consulting firms to identify needs, creating a migration plan, and using their tools to perform the migration. When the experts were done, they took everything with them and left organizations with upgraded machines but not much else.

Get there faster with a guide

When navigating uncertain waters, it’s best to have a guide who can outfit you with the right equipment, show you where to cast your line, then reel in a few fish to show you proper techniques, before letting you go solo.

Most organizations of any size are not migrating everything at once. If your Windows 10 project plan calls for a phased migration that includes, migrating through attrition, providing pushes to specific departments or groups, and individual upgrade capability through a self-service portal—LANDESK can jumpstart your practice.

LANDESK will provide the systems, the knowledge, and perform a portion of the upgrade, giving you a competitive edge and minimize the learning curve.

Catch more without handling the mess

I have an uncle who fly fishes three or more times a week. Yet, he and my aunt hate to eat fish. He’s an artist at catching the fish and an engineer at the “catch and release”, so much so that he’s got it down to a science.

He uses barbless hooks and created a small device he slips onto the line to pop the fish off the hook without having to touch it. He never gets his hands dirty, despite catching 60-80 fish for every six to eight I reel in.

Are your provisioning processes so efficient, you don’t have to touch each device? Every organization uses hardware attrition to upgrade a portion of their operating systems. Usually that means IT receives a new machine, reimages it, and delivers the device to the user who has backed up their data and profile somewhere.

LANDESK can provide practices and processes to help you deliver a device without touching it, just like my uncle and the many fish he catches. You can deliver a new machine, lay down the approved corporate OS image, provision the latest apps and drivers, and restore the user profile all without IT needing to touch the user’s device. This process involves integrating with a distributor, such as CDW, which can fulfill an individual user order with the corporate image and uses LANDESK with AppSense solutions to extract the user profile and provision the appropriate drivers and up-to-date applications.

windows

Feed them for a lifetime

Learn the best way to automate your provisioning and you’ll be casting more often, for bigger fish, with your IT resources. Let LANDESK be your outfitter and guide to get your Windows 10 project up and running (or working more proficiently). We’ll migrate hundreds, even thousands of machines for you so you can jump start your Windows 10 implementations. Then you’ll be able to migrate, update, and patch your Windows 10 devices in a more automated fashion. After all, if you’re going to do a major OS upgrade, you might as well feed your users the devices they need over many OS lifetimes.

Key takeaways:

  1. Provide multiple methods for migrating to achieve a phased migration
  2. Wherever possible, automate your new device provisioning to eliminate the need to touch each device
  3. When using an outside resource, make sure they help you improve your provisioning practice

For more information about how LANDESK can help your migration, make sure you read our Migrating With LANDESK White Paper.

Windows 10 Cumulative Updates and Branches

Managing-Windows-10-Updates

Windows 10 cumulative updates and branches have a critical relationship. Failing to understand the branch lifecycle can create risk for any patch management program. Much of this article will be a rehash of previous articles I’ve written on Windows 10 branch upgrade management, but it is so important to understand this relationship that I’m going to cover this topic again with an angle on the impact to cumulative updates.

Windows 10 Branch Lifecycle

From the time that a new branch is released, there is a minimum lifecycle of 18 months broken down in the following phases:

  • General Availability (GA) with Current Branch
  • Current Branch for Business declared at least 4 months after GA
  • Grace period begins at least 16 months after GA and lasts for 60 days
  • Once grace period is complete, new cumulative updates are not released for that branch

Let me repeat that last point: once a branch has finished the grace period, there will be no more patches. Here’s a visualization of this lifecycle:

Windows-10-Patch-Support-Life

An Update for Every Branch

As mentioned in my Windows 10 Cumulative Updates Overview, there are distinct update packages for each branch. To date, there is one for 1507, 1511, and 1607. Each package only installs on that specific branch – this is how support will likely be curtailed for older branches.

15 - Cumulative Update Does Not Apply

As to the size, cumulative updates are generally smaller for newer branches as fixes are rolled into the branch upgrade.

Triggering Events

Current Branch for Business

This milestone signifies that a branch is at a higher level of quality and begins with Microsoft declaring a cumulative update that distinguishes a branch to be Current Branch for Business. Only branch 1511 has gone through the Current Branch for Business declaration event. In that case, Current Branch for Business was simply a combination of the GA 1511 release and the March 2016 cumulative update meaning ongoing updates gives the same level of stability to Current Branch systems as those who waited and applied the Current Branch for Business upgrade.

Grace Period

Based on various articles and conversations with Microsoft, we believe the Grace Period for the oldest branch (latest branch – 2) will begin when the latest branch reaches Current Branch for Business. There is a lot of potential variability here as the declaration of Current Branch for Business for 1511 occurred in early April 2016, but didn’t reach Windows Update until late May.

End of Support

Once the Grace Period is complete, there are no more patches for that branch. With the exception of the Long-Term Servicing Branch version of Windows 10, this means systems will need to be upgraded as frequently as 18 months.

Deconstructing a Branch Lifecycle

To date, no branch (including the original 1507) has gone through the entire lifecycle that Microsoft has outlined. Here is a table outlining the three Windows 10 branches to date and their lifecycle milestones with some estimated dates for future milestones.

1507 1511 1607
Current Branch Availability July 29, 2015 November 12, 2015 August 2, 2016
Current Branch for Business July 29, 2015 April 8, 2016 December 2016*
Grace Period Begins December 2016* Unknown Unknown
Grace Period Ends February 2017* Unknown Unknown

* Estimated dates

Upgrade Your Branches or…

With this new continuous update model, businesses must have a plan to continuously update to newer versions of branches to be able to apply the latest security fixes. As I discussed in earlier articles, there is a whole strategy to this (see Windows 10 Branch Upgrade Strategy). If upgrading systems is an issue one option is to consider using Windows 10 Long-Term Servicing Branch (LTSB) which will have a patch support lifecycle of 10 years.

Key Takeaways

Here are the points to remember from this article:

  • Cumulative updates are specific to branch versions
  • Branches have a lifecycle as short as 18 months
  • If you can’t keep up with branch upgrades, consider Windows 10 LTSB version

With this discussion on the relationship between cumulative updates and branches finished, I will next discuss managing Windows 10 cumulative updates with LANDESK Patch Manager.