How to know if a Hardware is ready for Windows 2012 R2

Would like to try Windows 2012 R2?

Are you interested in Hyper-V?

Please before try it, check this site to be sure that your hardware is certified

http://windowsservercatalog.com

Furthermore, I think is also really useful the following site http://www.spec.org/cpu2006/results/

You can compare the CPU performance of several hardware vendors so you can decide for example  that is better to invest in a Cisco UCS B200 M3 (Intel Xeon E5-2665, 2.40 GHz) with 16 core insted of Cisco UCS B200 M3 (Intel Xeon E5-2667, 2.90 GHz) with 12 core.

Recently, I had an interesting experience: my customer bought Cisco UCS B200 M3 machines and the perfomance were incredible but even if the hardware was certified for Windows 2012, we had problem using the Guest Clustering feature.

The problem was that the UCS storage drivers were not optimized for supporting in the right way the guest Clustering. It was a bug recognized by Cisco that was very proactive to provide a workaround.

So I don’t want to blame Cisco for this bug (s**t happens!), I want only warn you to always ask your hardware vendor about knowed issues with the Windows features you want to enable (not only Hyper-V)

If you need more Resources:

General Availability of Windows Azure Hyper-V Recovery Manager

Today Microsoft announced the General Availability of Windows Azure Hyper-V Recovery Manager.

Hyper-V Recovery Manager helps our customers by coordinating the replication of System Center managed clouds to a secondary location, monitoring availability and orchestrating recovery as needed.

Furthermore, because Hyper-V Recovery Manager is an Azure service, customers don’t have to go through a difficult installation/Configuration process. Launch a web browser, log into Azure and manage Replica. Furthermore, because it requires only a web browser it works on your desktop, laptop, tablet and phone.

Hyper-V Recovery Manager 2

Hyper-V Recovery Manager is between sites, not to Azure. Hyper-V Recovery Manager is
the orchestration engine, but no replication occurs to Azure. Azure simply manages the replication between sites as well as provides recovery plans.

Hyper-V Recovery Manager

For more information:

Use Windows Store in an Enterprise Environment

Windows 8.x introduces a new kind of applications named “Modern”

These kind of applications are packaged as .appx files and are published using the Microsoft Windows Store.

I created a personal FAQ based on my experience with enterprise customers that are interested in using Windows 8.

As you will see, the Windows Store actually is very “consumer” and not really “enterprise”

NOTE: The following informations are updated to Janurary 2014

Q: It’s mandatory to have a Microsoft Account to install and update the modern apps published in the Windows Store?

A: Yes, the only apps that you can update without having a Microsoft Account are the Windows 8 embedded Modern apps (Mail, Calendar, People, Video…)

Q: Can I create a large number of Microsoft Accounts using a script or some service provided by Microsoft

A: No

Q: Can I federate my enterprise directory with the Windows Store in order to avoid the need of a Microsoft Account and provide a single sign-on experience?

A: No

Q: If I develop my own Modern Application I need to publish it on the Windows Store?

A: No, you can distribute it using SCCM, Intune or other products due the fact that you own the .appx file

Q: Can I distribute a Modern Application that is placed in the public store to my users?

A: You can publish a “deep link” that is a sort of web link to the Windows Store page where the user can install the application. It’s not possible to retrieve the .appx file of a Modern App published in Windows Store and it’s not possible to push the installation of a Modern App published in the Windows Store

Q: Can I update a Modern Application that is placed in the public store to my users?

A: No, you can only publish the deep link to the updated version of the app but it’s the user that must open the store and click “update”

Q: It’s possible to buy a large number of Modern Apps from the Windows Store?

A: Actually it’s not possible to buy Modern Applications in bulk. Every single application needs to be bought by the user using a credit card associated with the Microsoft Account

Q: I bought a Modern Application from the Windows Store for a user that is leaving the company. Can I reassign the App?

A: No, the license is chained with the Microsoft Account and you cannot trasfert it

Q: Can I disable the access to the store?

A: Yes using Group policies

Q: Can I prevent users to install some kind of applications from the store?

A: Using App Locker you can prevent the installation of a given set/type of applications

System Center Universe 2014 Event in Europe

Today I found this interesting community event that takes place in Europe and focused on System Center and Microsoft Virtualization solutions.

http://www.systemcenteruniverse.ch/

Unfortunately, the last event was held in september 2013 so I will need to wait until September 2014 to attend it.

For an overview of this event, take a look at this blog:

http://www.thomasmaurer.ch/2014/01/system-center-universe-europe-2014-announced/

Application Compatibility Lifecycle

XP will reach the end of support in few month (April 2014) and several companies have already migrated to Windows 7 / 8. Many others are hurrying because they are not still ready to migrate…

I don’t want to discuss about the risks of using XP after April 2014, but I want to write some thought about application lifecycle.

In 2001 Microsoft introduced Windows XP that was a “smooth” transition for the companies that used Windows 2000 workstation.

The majority of applications were compatibles between Windows 2000 and Windows XP.

After several years (November 2006) Microsoft released a new Operating System (Windows Vista) that introduced lot of changes and problems and was not adopted by nobody.

The next Operating System was Windows 7 (October 2009) and as usual the majority of enterprise customers waited until the Service Pack 1 (February 2011) before begin to adopt it.

This means that for more or less 10 years the companies don’t care about Operating System migration. They loose the focus on changing the OS due to the lack of new OS.

In addition, Microsoft released several Internet Explorer versions but an IT could continue to run an old IE version and apply all the security fixes and Service Packs. I have lot of customers that use Windows 7 with service pack 1 but Internet Explorer 8.

Now the things are gonna change…

With Windows 8.1 Microsoft made available a sort of Service Pack with the aggregation of all the existing fixes and also with some new features (the return of the start menu button, the boot to desktop policy and many others)

The key difference is that 8.1 includes Internet Explorer 11 and you cannot avoid the installation of this browser if you want to upgrade your windows 8 to 8.1.

This kind of behavior is very similar to Apple that includes a new version of Safari browser every time a new Mac OSx 10.x is shipped.

I have no secret information to share but I bet that next autumn Microsoft will release Windows 8.2 with Internet Explorer 12 included.

Bring back the control over your company applications

First the IT needs to asset their applications. I have several customers form Finance to Commercial to Public Sector to Telco market that have no idea about how many applications they own, who needs a given application and why.

This is the reason why several customers still use Windows XP because they are trying to clarify their application portfolio.

Work around application compatibility

Assuming that a company knows exactly every application needed by users, how can I migrate from Windows XP to 7 or 8?

Depending on the circumstances, you need to consider one of the 5 R’s solutions:
  • Retire
  • Re-code – Fix the code to be compatible
  • Replace, with a newer, compatible version
  • Re-platform – Move it to the cloud, web, virtualization (Citrix) etc.
  • Repair – Shim the app to work

Retire

Maybe you can retire the current application because you don’t need it anymore or you can replace it with a new one compatible with the new OS.

Re-code

If you own the source code of the application (for example an internal web portal) you can made changes to the code in order to make it compatible with the new OS.

Replace

The first step is about vendor assessment that is about know if the application vendor supports it on the new OS.

If the answer is “NO” maybe the vendor has a new version that is supported but you must take into account the costs of new version license and that a new version maybe is not compatible with the whole IT infrastructure (for example SAP Gui 7.20 is compatible with Windows 7 but maybe your back end infrastructure works only with Gui 6.84)

Re-platform

Changing the platform means not to install the application on the new OS but to access it remotely. For example maybe a Windows XP compatible application is installable on a Windows 2003 server that can be exposed to the user using Citrix XenApp.

Consider that re-Platform with Citrix would only be a temporary measure because Windows 2003 support will end July 2015.

Repair

You can try to fix compatibility issues using remediation packages called “shims”. This Microsoft technology is used to run incompatible applications and works changing the OS behavior. For example App1 doesn’t work because was written for XP and Windows 7 use UAC that gives problem to App1. With a Shim you can avoid UAC only for App1 and only when this app is launched.

Consider that is not always possible to remediate an application using shims and this is a temporary measure because you are using an application on a unsupported platform.

Create an endless application lifeclycle

I think that in the next years several releases of Microsoft Operating Systems will be available. The new 8.x releases will have new features but also new browsers so IT departments need to change the way they support Operating System migration.

It’s important to build the infrastructure and the procedures needed to perform as fast as possible the application compatibility tests every time a new OS version / browser is made available.

Create an endless application lifeclycle

I think that in the next years several releases of Microsoft Operating Systems will be availables. The new 8.x releases will have new features but also new browsers so IT departments need to change the way they support Operating System migration.

It’s important build the infrastructure and the procedures needed to perform as fast as possible the application compatibility tests every time a new OS version / browser is made available.

Today I see lot  of companies without a good test environment for application compatibility. No one knows how many applications need a test, who is the owner of a given application, how to install and test an application…

This is no longer sustainable.

My experience with Application Virtualization Solutions

In the recent years, lots of hype was generated by Application Virtualization products/solutions.

This kind of technology permits to create an isolated environment where an installed program can run.

The isolation is useful when you need to run several versions of the same product on a PC and the product doesn’t allow the coexistence of more than one version installed.

An example can be the SAP Gui because I had several experiences of customers needing to use different versions of this product due to various SAP applications requirements.

As a Microsoft consultant, I use Microsoft Application Virtualization (App-V) but other products exist that offer similar capabilities.

You can read here a comparison of Microsoft, Citrix and VMware Application Virtualization Technologies: http://searchvirtualdesktop.techtarget.com/feature/Application-virtualization-comparison-XenApp-vs-ThinApp-vs-App-V

Due the fact that several customers don’t know very well these kind of products, I would like to underline the limitations of this type of Technologies:

  • If a product doesn’t work on a given operating system (for example Windows 7) create a virtualized application doesn’t help. The minimum requirement for a product to be virtualized is that it’s installable and that it works on the target operating system.
  • You may have vendor support issues If you experience problems with a virtualized application and these problems are not repeatable on the same operating system but with the application installed insted than virtualized.
  • Several applications are not virtualizeble due to technology limitations (for example App-V cannot virtualize drivers or web applications) or vendor legal boundaries. (for example you can create an Internet Explorer 6 virtualized application and run it on Windows 8 but Microsoft doesn’t permit to virtualize Internet Explorer so you risk to face a lawsuit)

So how can I know how many of my applications are virtualizable?

The answer is that you need to know your applications (the application install drivers? Is it a web application? it works on the target operating system if I install it? Uses databases? Requests data or interact with other applications? The vendor permits to virtualize the application?) and also you must know in deep the limitations of the Application Virtualization technology.

IMHO the applicability of this kind of technology if very small and it makes sense in the following scenarios:

  • Same application but different versions coexistence (example: two different SAP Gui on the same PC)
  • VDI pooled environment

Let me explain the “VDI pooled environment” case:

A VDI pool is a number of virtual machines that are created from a Golden image. Normally, when a user perform a logon, a new virtual machine is cloned/created by the Golden image. At the user logoff, the virtual machine is cleaned so every programs that the user installed are not kept.

If you have two type of users that need different applications (for example Group 1 that need App 1 and Group 2 that need App 2), you have the choice to install both App1 and 2 into the Golden image (but you must prevent Group 2 to run App1 and vice-versa) or you must provide at runtime the correct app for the correct user every time they perform a logon.

In this context, a virtualized application can be helpful because doesn’t need a real installation but the app will be ready as soon as the virtualized app will be copied into the VDI machine.

So the user performs a login, receives a generic VDI machine, asks for the app that he needs to use and just waits the time that the process needs to copy the application virtualization package inside the VDI.

VDI-App-V

My first project with Windows To Go

I just finished a BYOD project based on Windows To Go technology for an italian customer.

Windows To Go is a technology that permit to run a Windows installation from an USB key.

Customer Opportunity

The technical need was that the customer wanted to supply a standard and managed Windows build to External Consultant in order to be sure that every security constrains are met when a PC is plugged into the customer network.

The business need was that the customer wanted to avoid as much as possible the costs related with hardware supplied to External consultant.

Technology Overview

In order to create a Windows To Go usb key you must first be sure that the usb key is certified

http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/devices/windowstogo.aspx

The creation process can use three different Technologies:

  • The creator included in Windows 8 installation (it’s useful only if you need to create a few number of usb keys)
  • The SCCM 2012 SP1 or higher version (it provides a self service capability)
  • Use powershell script (custom procedures)

Project Overview

My customer asks to use powershell because he’s not using SCCM and he need to create 2500 usb Keys.

The operating system used was Windows 8 RTM (now they are testing 8.1) and the usb key used was supplied by Kingston http://www.kingston.com/wtg/)

We leverage the customer custom internal portal in order to provide an easy WTG creation wizard.

http://technet.microsoft.com/en-us/library/jj721578.aspx

The steps that an user needs to perform in order to create his key are:

  • Log into the internal portal and start the WTG creation wizard
  • Answer about few questions related to which kind of products they need on top of the WTG istallation
  • Insert the usb key into the pc connected to the portal
  • Wait until the first part of creation has done
  • Insert usb key into his own hardware and perform boot from the key
  • Follow few more steps that will personalize the operating system (name, join to domain, bitlocker encryption)

The Windows 8 build used in a WTG context is not a “special” build… We used the same sysprepped .WIM file that we used to install Windows 8 to the internal hard drive of tablet and desktop machines.

The only difference is that during the deployment process a local policy named “SAN policy” is added.

This policy is useful to avoid the user, that is running the WTG environment, to view and access the phisical hard drive of his notebook. This is a best practice that wants to avoid accidental data leakage between Windows To Go and the host system and prevent problems with hibernation files.

More infromations about that: http://www.verboon.info/2012/12/how-to-access-data-from-the-local-disk-when-running-a-windows-to-go-workspace/

Lessons Learned

We didn’t had hardware to certify due the fact that every user was an External consultant with his own laptop. This was very problematic because we faced a lot of service ticket due to the lack of drivers (due the fact that the users were not local administrators of the machines, they were not able to install missing drivers by themself)

The other problem was about hardware requirements: Microsoft states that the minimum hardware requirement for Windows to go are a pc (Apple Mac not supported) that is certified for running Windows 7 or 8 and that has a BIOS that permit the boot from usb of an operating system.

Several External consultant used Mac and lot of others used old hardware not certified for Windows 7 or 8.

We had several tickets about users that were not able to boot the operating system from USB. This kind of tickets were all resolved installing a new version of BIOS.

We had only a problem with a PC that was certified for Windows 7 but the vendor didn’t provide a BIOS that permits to boot an operating system from USB.

We had several tickets about users that had lost the bitlocker pin and they asked to retrieve the recovery key (the customer chose to not implement MBAM or other Bitlocker management solutions so the answer was “reimage your USB key”… )

Conclusions

IMHO Windows To Go was not the best choice due to the impossibility to certify all the hardware machines.

It’s less expensive than a VDI solution and it can be used in a offline context but it doesn’t fit all scenarios.

IMHO in this context , Windows To Go was not the best choice due to the impossibility to certify all the hardware machines.

It’s less expensive than a VDI solution and it can be used offline but it doesn’t fit all scenarios.

It’s also important to understand that if an IT introduces a new service it must support it. The lack of Bitlocker support is not a good choice. MBAM is a simple product that provides also self service recovery. If you don’t want to use MBAM you can store the bitlocker recovery key in Active Directory for free… So why don’t do it?

BYOD needs to support the hardware and software owned by users or at least needs to provide a list of supported and certified hw/software in order to permit users to buy or install them.