NetFlow to CYA for BYOD

As the BYOD promise of an increase in productivity and improvement to the bottom line becomes more apparent, its adoption in enterprises is inevitable. But BYOD has not been all wine and roses and its biggest impact has been on enterprise security and bandwidth. Let’s look at some of the BYOD problems and how you can use NetFlow to counter them.

Vanishing Network Perimeter:

BYOD causes the network perimeter to disappear. By allowing remote access to enterprise resources, users connect to the enterprise network fromtheir personal devices when away from the office. Problems start when a device falls into the wrong hands and they download sensitive information even before the device is reported lost.

Walk-In with the Malware:

What happens after the user leaves the network? Sometime, somewhere users will connect over an unsecured public Wi-Fi where they are more susceptible to viruses and malware. Edward Felten’s classic comment,“Given a choice between dancing pigs and security, users will pick dancing pigs every time”, is sadly true. If a user picks up a virus or malware and walks into the office next day, it is likely that your firewalls and IDS will not stop those that are physically carried in. Once plugged into the network, the virus or malware spread at the access and distribution layers while your firewalls, ACLs and IDS/IPS are all expecting malicious traffic to come in through the WAN link.

Application Explosion:

The growth in mobile devices has caused an application explosion. At the last count, the top 3 mobile eco-systems combined had more than one million applications1. BYODhas removed the norm of having only business applications on a device. Users install anything they find interesting and the result of it is that your network sees an influx of new, unverified and sometimes unapproved applications, some of which are malware in disguise or some simply bandwidth hogs like mobile versions of file sharing and peer-to-peer apps.

Personal @ Work:

The consumerization of IT has played a part in removing the thick line between personal and work. With BYOD, there is a tendency to use the devices for personal purposes. Do some bandwidth analysis and what you will find are a countless number of tweets, social media apps, personal emails, VoIP calls and YouTube videos.. Add streaming HD videos to the list and your WAN bandwidth can explode.

CYA with NetFlow

NetFlow has over the years become the de facto standard for bandwidth monitoring and traffic analytics and now it is increasingly being used for security. Most access or distribution layer devices support flow export. NetFlow answers the Who, What, When and Where of traffic  by reporting on source and destination IP Addresses, applications, protocols, port numbers, ToS, and more.

NetFlow identifies VPN tunneling protocols like GRE or ESP as well as many remote connection applications. It can be used to watch for high volume remote downloads to make sure no one is downloading more than they should. You can also have your NetFlow reporting tool alert you if the traffic volume crosses a pre-defined threshold or identify any unknown endpoints connecting to your data center.

You can also look at the top conversations or top sources report from your NetFlow tool. Do you see an end point sendingpacketsover one port to multiple destinations? That can be an infected system doing a port scan. Is there excessive SMTP traffic?It could be a bot using your network to send out spam!

Bandwidth monitoring and NetFlow go hand-in-hand. With NetFlow, you can find how much load BYOD has added to your network bandwidth, what applications are behind it or who the top talkers are. Based on the actionable information NetFlow gives, you can tweak your QoS policies to either drop theexcess non-business traffic or set priority for business applications. With NetFlow monitoring software, you can get your applications and sources reports and also make sure the QoS changes you made are really working.

If you have started BYOD adoption, don’t forget to add NetFlow export and reporting to the list of ‘To Do’. Check out Configuring NetFlow on Cisco Routers to see just how easy it is to enable NetFlow reporting.


Author: Don Thomas Jacob, Technical Marketing Specialist and Head Geek

Don Thomas Jacob is a Technical Marketing Specialist and Head Geek at SolarWinds, an IT management software provider based in Austin, Texas. He worked as a tech support engineer; product blogger, product evangelist, and tech marketing lead for close to eight years until he joined SolarWinds in 2013. Don’s experience and interests lie in network performance monitoring solutions, flow-based monitoring technologies like NetFlow, sFlow and IPFIX, and Cisco’s offering for traffic analytics such as Flexible NetFlow, Cisco ASA NSEL, Cisco NBAR, Cisco QoS reporting, Cisco IPSLA, and Cisco Medianet and MediaTrace.

 

Reference:

  1. Adding up available apps for Apple, Android and Microsoft from http://news.cnet.com/8301-1035_3-57542502-94/google-ties-apple-with-700000-android-apps/

Jake Sorofman’s Prediction on Enterprise IT in 2011 – Cloud Adoption

Jake Sorofman is the Chief Marketing Officer of rPath. In this article, Jake speaks  about the Cloud, its deployment strategies and his predictions on how the year 2011 might look with regard to cloud adoptions in IT Enterprises.

Over to Jake’s Article –

If you prefer this information as an Audio, listen to this podcast Interview which Jake gave few days back –

CloudIf you were to analyze the hundreds of predictions for IT that will hit the blogosphere over the coming weeks, the truth for 2011 would probably emerge. That’s why I think this is an exercise worth continuing—not because you uniquely value my point of view or because I’ve cornered the market on vision—but because it contributes in a small but equally important way to our insights for 2011.

It’s also why I look forward to this time of year—to offering my predictions and, more importantly, reading those of others. So, as my contribution to the crowd, here are my IT predictions for 2011:

1. Private cloud proliferates – The second half of 2010 was all about the private cloud. The rise of the public cloud brought new clarity and focus for the CIO, who recognized that, without a transformation in its delivery models, IT organizations would be disrupted and perhaps disintermediated by the speed, flexibility and economy of public cloud services. In 2011, we’ll see widespread investment in private cloud projects, as IT leadership defines the reference architecture for next-generation IT delivery models.

2. Public cloud thrives – At the same time, we’ll see continued growth—explosive growth—in public cloud services, where affinity will continue to bind to small and mid-sized businesses and non-production enterprise workloads. We’ll also see more evidence of rogue workloads leaking to the public cloud outside of the reach of corporate policies. This will motivate IT leadership to define governance models for controlled usage of public cloud services.

3. Hybrid cloud emerges – Definition of such governance models will enable enterprise IT to begin experimenting with hybrid cloud models. Initially, this will look like a simple stratification of deployment environments based on lifecycle stage—for example, dev and test workloads only in public cloud. But such early experimentation will enable IT leaders to define the reference architecture for the dynamic data center of the future, where workloads can move fluidly between deployment environments. By enabling application portability, workloads become a liquid commodity and a marketplace emerges. IT can dynamically retarget workloads based on optimizations for price, policy or performance, and they achieve true leverage over service providers.

4. Ecosystem rules – And speaking of leverage … fear of leverage lost through expanding hegemony of virtualization and cloud infrastructure providers (read: VMware) will conspire with frustration over the pace of innovation—giving rise to a new class of smaller, independent providers that become important vendors in their own rights. Best of breed tools will become integrated ecosystem-led solutions that represent a foundation for making this transformation to delivering IT as a service.

5. Power is redistributed – IT leverage over service providers means better cost-economies and more innovation, as software and service providers are forced to differentiate and add deeper, more sustainable value to IT customers. This will fuel the transformation of IT delivery models as enabling technologies mature and cost is driven down. For providers, it will lead to new niche markets and specialized domains (think: industry-specific clouds, for example) as a basis for sustaining unique advantage under the threat of commoditization. We’ll see early signs of this dynamic in 2011, but it will take several years for it to fully manifest.

6. New models for IT leadership – New architectures that enable dynamic workload portability will change the ideals of the CIO from operationally focused to sourcing and portfolio focused. We’ll see some old-line CIOs cycle out in the face of change. And we’ll see new stars born on the basis of a new vision for IT, inspired—and not threatened—by the rise of public cloud services. The successful among them will find ways to define the “to-be” IT delivery model, while also looking after “as-is” realities. New expectations for IT will lead to new expectations for IT leadership to guide us through what is going to be a mandatory transformation.

About the Author – Jake Sorofman is the Chief Marketing Officer of rPath. Jake is a seasoned software marketing executive with a strong product strategy and communications background. Previously, he was SVP of marketing and business development for JustSystems, the largest ISV in Japan and a leader in XML technologies. Before that, Jake was VP of product marketing with Mercury Interactive (now part of HP Software), where he was responsible for the Systinet product line. He joined Mercury though Mercury’s $105 million acquisition of Systinet Corporation. Before Mercury, Jake led marketing for two WebSphere products at IBM Software Group, which he joined through the acquisition of Venetica. Prior to Venetica, Jake was director of product marketing with Documentum, Inc. (now part of EMC), which he joined through the acquisition of eRoom Technology.

Check out the other Guest Articles here

Virtual SAN Fragmentation – Diskeeper Corporation’s V-locity

Guest Post – The marriage of Storage Area Networks (SANs) and virtual machines is a match made in heaven. The entire idea of a SAN is to reduce unnecessary resource usage on production systems and to streamline storage so that it’s more easily accessible. Virtual machines take the entire concept one step further, adding the benefits of maximizing hardware resources and the capability to add servers without taking up additional space.

File fragmentation—since the origin of modern computing is a prime drain on system performance—has substantial effects on both technologies. In the case of SAN, gains made with network technology and drive speeds are totally dependent on the state of the files on the disk. If those files are fragmented, data being read and written will be slowed to the degree of the fragmentation, affecting all users and applications waiting for that data. The entire purpose of a SAN is defeated. Even performance measures such as thin provisioning are crippled: in a fragmented environment, drive space is wasted.

Virtual environments also suffer their own brand of trouble from fragmentation, due to the fact that a virtual environment has added steps to data storage and retrieval. When a file request occurs on a virtual server, the I/O request is relayed, at the least, from the guest system to the host system—which means multiple requests are occurring for each file request. When fragmentation is present, there are multiple I/O requests for each fragment, creating an enormous amount of unnecessary overhead on disk subsystems.

Robust technical challenges require robust solutions and Diskeeper Corporation’s V-locity virtual platform disk optimizer—developed for VMware ESX and Microsoft Hyper-V platforms—is designed specifically to relieve IT personnel from dealing with complex fragmentation scenarios in virtual environments.

“V-locity software is absolutely transparent on our virtual SAN systems; it just works,” said Richard Webb of Sustainable Evolution, Inc. of Lynnwood, Washington.

V-locity utilizes Diskeeper Corporation’s proprietary IntelliWrite fragmentation prevention technology, which makes it possible to prevent 85 percent of fragmentation before it ever happens. Fragmentation is addressed at both the host and virtual machine levels—so that performance is maximized all across the virtual platform. V-locity also has InvisiTasking® technology, which means that only otherwise idle resources are utilized in addressing fragmentation and handling other tasks associated with VMs.

“The V-locity product really takes care of the fragmentation on the host and VMs automatically, without the need of manual intersession or overhead of creating scripts and jobs,” Webb said. “The central reporting and configuration management really facilitates ease of management and metric transparency.”

When combining two of today’s most beneficial innovations—SAN and virtual machines—fragmentation is completely addressed with V-locity.

You can contact Colleen Toumayan, at this email address for more information.

Read other Guest Posts here – http://www.msigeek.com/category/guest-posts

Top tips for utilizing AutoCAD LT 2011 and Windows 7 – Seven for 7

Hi Folks, after a long gap we are back with the Guest Posts on this weblog. Today, we have Kate Morrical who talks about the Top tips for utilizing AutoCAD LT 2011 on the Windows 7 platform. She explains on how a user can leverage the features available in Windows 7 and get the best experience while working on AutoCAD LT 2011.  As the Technical Marketing Manager for AutoCAD LT, Kate works closely with the AutoCAD LT Product Development & Marketing teams and with AutoCAD LT users through discussion groups, her blog, and events such as Autodesk University and AUGI CAD Camps.

Kate’s thoughts on msigeek weblog – “MSIGeek.com is a great resource for learning more about making the most of MS technology, including design firms looking for the best ways to optimize the compatibility between Windows 7 and Autodesk products like AutoCAD LT 2011. Your How-To and Best Practices articles provide helpful, real-world ways to work smarter and faster. Thanks for putting all this valuable information in one place!”

Over to Kate’s article –

You know that the Windows 7 Professional operating system is designed to meet business needs by delivering better performance, helping you get more done faster, and safeguarding your work.  Here are seven tips for using features in Windows 7 to speed up everyday tasks in AutoCAD LT 2011.

1. Use thumbnail previews to navigate between open DWG files

Quickly locate and switch between open AutoCAD LT 2011 drawing files by hovering your cursor over the taskbar icon to display thumbnail images of each open drawing. Switch between drawings by clicking on thumbnails, or use the red X to quickly close a file from the thumbnail.

Use thumbnail previews to navigate between open DWG files

2. Locate recent files with jump lists

Right-click on a program icon in the taskbar to display a jump list of your ten most recently-opened files. Open an item on the list simply by clicking on it, or drag-and-drop files to attach them to e-mails or copy them to a different folder.  Use the pushpin icon to make sure that important files always stay on the list. Jump lists are also available for your frequently-used programs in the Start menu.

Locate recent files with jump lists

3. Pin your favorite programs for easy access

Pin AutoCAD LT and other programs you use on a regular basis to the taskbar with the option in the right-click menu,  and launch them with a single click. You can also store favorite programs on the Start menu. While your most frequently-used programs will show up there automatically, you can keep them there permanently by right-clicking on the program and selecting “Pin to Start Menu.”

Pin your favorite programs for easy access

4. Quickly resize program windows with Snap

Use Snap to display two programs side by side on your screen, without overlap, simply by dragging one window to the left of the screen and the other to the right.  Easily reference your email, spreadsheet, or other program while working in AutoCAD LT 2011. Drag a single program to the top of the screen to have it fill your entire display.

Quickly resize program windows with Snap

5. Find files faster with Instant Search

Search is faster in Windows 7—libraries and other popular file locations are indexed so results appear as soon as you type in the first few letters of your keyword, whether in the Start menu or in the search box available in every Windows Explorer window. To make your search even more efficient, matching files and folders are grouped by category, and keywords are highlighted to make the list even easier to scan. Filter your results by type, date, size, or author to further narrow your search.

6. Safeguard your work with Backup and Restore

No matter how much care you take with your files, accidents can happen—drives can fail, files can become corrupted, and “copy” can even become “delete.” That’s when you need Windows Backup to store copies of your important files on an external drive and update them periodically so they’re as current as possible. When you need to retrieve a file, the Restore function lets you select the entire backup file or specific files and folders. You can even specify whether to restore files to their original location or a new one.

7. Manage default printers with Location Aware Printing

When you run AutoCAD LT on a laptop, you can take your computer with you, but chances are you leave your printer behind. With Location Aware Printing, you can set a different default printer for every network you connect to. Then, when you change networks, Windows automatically sends documents to the correct printer.

Manage default printers with Location Aware Printing

About Kate Morrical – As the Technical Marketing Manager for AutoCAD LT, Kate works closely with the AutoCAD LT Product Development & Marketing teams and with AutoCAD LT users through discussion groups, her blog, and events such as Autodesk University and AUGI CAD Camps. She has over 10 years of experience with Autodesk products, starting with AutoCAD R14, and has been blogging about AutoCAD LT since April 2007. Kate is a licensed professional engineer in Maryland, and was employed as an engineer and CAD Manager for a 30-person office of a structural engineering firm before joining Autodesk. For the latest in AutoCAD LT news, tips and tricks check out Kate’s blog, LT Unlimited, at http://ltunlimited.typepad.com

Create a Minor Upgrade for an application using InstallShield

Upgrades are little complex compared to the new installer. This guest article from Bhuvana aims at providing the requirement for minor upgrade, the steps to create it and options to install the same. Minor upgrade is a type of Product upgrade that Windows Installer supports. A minor upgrade can be used to add new features and components but cannot reorganize the feature-component tree.

Requirement for Minor upgrade:

Add a new subfeature

If the new subfeature consists of new components only, you can use a minor upgrade. If the new subfeature consists of existing components, you must use a major upgrade.

Add a new component to a new feature

In general, a minor upgrade should not include a new top-level feature. However, new subfeatures of existing features are allowed. If you are adding a new subfeature for a minor upgrade, set two of the subfeature’s properties as follows so that they are installed correctly during a minor upgrade:
o    Remote Installation—Set this property to Favor Parent.
o    Required—Set this property to Yes.
The user interface of a minor upgrade does not usually show the feature tree; however, maintenance mode for the updated installation typically does expose the feature tree. If you want the new subfeature to be excluded from the feature tree so that end users cannot deselect it, set the subfeature’s Display property to Not Visible.

Add a new component to an existing feature

A new component can be added to an existing feature if the version of Windows Installer is 2.0 or later

Add, remove, or modify any of the following: files, registry keys, or shortcuts.

If the file, registry key, or shortcut is in more than one component and the component is shared by two or more features, a major upgrade must be used.

Codes Associated with the Minor Upgrade:

Package CodePart of the Summary Information Stream, the package code identifies a particular database. The package code is not a Windows Installer property. Any two .msi databases with identical package codes must have identical contents. So it is recommended to change the package code for each and a must for Minor Upgrade.

ProductVersion—This is a Windows Installer property that contains the product version. Note that Windows Installer uses only the first three fields of the ProductVersion property for version comparisons. For example, for a product version of 1.2.3.4, the 4 is ignored. (Note that this is true for comparisons of ProductVersion values, and not for file versions.)

Package code and Product Version needs to be changed for Minor Upgrade.

Steps to create Minor Upgrade:

  1. Change the Package code and Product Version to create a minor upgrade
  2. Add feature / component by following the guide lines in Section: Requirement for Minor upgrade
  3. Add Remove or Modify files, registry keys and shortcuts.
  4. Add minor upgrade item in upgrades view (this is optional).
  5. Build and use the installer for upgrade.

Running a Minor Upgrade:

With Setup.exe

If you build a release that includes Setup.exe, your latest installation will be minor upgrade enabled. Setup.exe can detect when a previous version of your application exists on a target machine. When Setup.exe detects a previous version, it will run the rest of your installation in minor upgrade mode.
If you have selected the option “Create installation launcher (setup.exe)” when you built the release and if you get an error as Figure1, while running the installer, then you will have to specify these parameters in the generated Setup.ini file:

[Startup]
CmdLine=REINSTALLMODE=vomus REINSTALL=ALL

Without Setup.exe

If you intend to distribute your installation without wrapping it in Setup.exe, there is a manual process that your end users must follow to start the installation. For this reason, you should consider using Setup.exe; however, you can achieve similar results without it. The Installer properties REINSTALL and REINSTALLMODE must be set from the command line to start an installation in upgrade mode. In all but the most advanced scenarios, the property REINSTALLMODE should be set to vomus and the property REINSTALL should be set to ALL. A typical command line can look like the following: msiexec.exe /i \product.msi REINSTALLMODE=voums REINSTALL=ALL

If the update contains features that you do not want to update, you should set REINSTALL to a comma-separated list of the features that you want to update, as in the following command: msiexec /i \product.msi REINSTALLMODE=voums REINSTALL=F1,F3,F5

The feature names you use in the REINSTALL property are case-sensitive.

If you try to install two msi packages with different package codes, but with the same product code, you will get an error message as shown in the below figure,
fig
To overwrite the existing product with a newer version, you should perform a small or minor update. This requires that you set the following properties on the msiexec command line: msiexec /i Yourapp.msi REINSTALLMODE=vomus REINSTALL=ALL

The important part is the “v” in the reinstall mode settings. It forces the use of the new msi file instead of the cached copy. Therefore it can’t be set inside the package. The rest of the REINSTALLMODE flags make sure that existing files get updated, new files get installed, registry entries are re-written and shortcuts are created. REINSTALL=ALL means that only those features, that were selected by the user during the install of the old version get updated. Unselected features should not be added.

Difference between Small and Minor update:
Small and minor updates are very similar. The only difference is that in a minor update the product version is increased (in any of the first thee fields), while a small update leaves the version number unchanged or increases only the fourth field of the number. You can update your product with a small or minor update package only if the product code is unchanged. To replace an existing application with a package that has a different product code, a major upgrade is required.

Bhuvana specializes in InstallShield & MSI Installers and her primary responsibility at work is “Build & Release” which includes creating Setups and Source Control Management. If you want to get in touch, her LinkedIn Profile is – Here. (PS: Do mention in the Linkedin request that, you read her article on msigeek. We do not want to give her un-necessary Spams )

Do comment on this article, if you have any inputs / suggestions for Minor upgrade!

Command Line Switches for MSI and MSP Installations

thumbHi Folks, Its time for yet another Guest Post; and we have Bhuvana writing for us. In this article she focuses on the command line arguments and the silent switches that can be used for msi and msp (un-installable patches). Bhuvana specializes in InstallShield & MSI Installers and her primary responsibility at work is “Build & Release” which includes creating Setups and Source Control Management.

She keeps all the details crisp in this table. I know that, this below chart will be as a printed one.. in your desks !!

Install / Uninstall Command Line Option Silent Mode
MSI – Installation  msiexec /i “<msi file name with path>” [TRANSFORMS=”<mst file name with path>”]  msiexec /i “<msi file name with path>” [TRANSFORMS=”<mst file name with path>”] /qn
MSI – UnInstallation  msiexec /x <ProductGUID> msiexec /x <ProductGUID> /qn
MSP – Installation Command line with Progress dialog:
msiexec /p “<msp file name with path>” /qb
msiexec /p “<msp file name with path>” /qn
Command line with UI:
msiexec /p “<msp file name with path>” REINSTALLMODE=oums REINSTALL=ALL
MSP – Uninstallation Command line with Progress dialog:
Msiexec /package <ProductGUID> MSIPATCHREMOVE=<PatchGUID> /qb
msiexec  /I <ProductGUID> MSIPATCHREMOVE=<PatchGUID> /qn
Note:

  1. Patch uninstallation does not work without /qb option. i.e. Patch can be uninstalled from command line only in silent mode. If you want to invoke the UI for uninstallation, go to Add / Remove Programs with Show Updates enabled.
  2. Msiexec /uninstall <PatchGUID> /package <ProductGUID> /passive
    The above command removes the entire base product but not the Patch alone.

Bhuvana’s Thought on Msigeek.com:
I came across MSIgeek blog through linkedin groups. Good to see lots of articles and FAQs on MSI at one stop. Some of the articles definitely helps to give a better insight into the concepts. So felt like contributing some article, which would help people like us, the Packaging specialists.

If you want to get in touch, her LinkedIn Profile is – Here. (PS: Do mention in the LinkedIn request that, you read her article on msigeek. We do not want to give her un-necessary Spams 🙂 )

Points to Consider While Migrating from Windows XP to Windows 7

In this article, Scott Drucker and Jeff Woeber speak on the important points which are to be considered while moving from Windows XP  to Windows 7. Continuing this article, They will also be writing a Step by Step process to do a Windows 7 Migration using WinINSTALL.

According to Microsoft’s Technet Website, “there is no Upgrade option available when installing Windows 7 on a computer running Windows XP. The task involves using Windows Easy Transfer to migrate files and settings from Windows XP to Windows 7 on the same computer. To do this you must first copy files to a removable media, such as an external hard drive or UFD, or to a network share. Then, you will install a fresh copy of Windows 7 on your existing hardware and then migrate your files back from the removable media or network location, onto your computer. When you are finished, you must install your software programs again, but your files and settings will have been copied from Windows XP.

windows-7-logoSince this is can end up being a multi-step process involving many trips to the desktop,  Scalable Software can offer you an alternative solution to performing your upgrades with a zero-touch process in mind.

Combining both Scalable Software’s Survey product and WinINSTALL Desktop Availability Suite, you will be able to determine first, what machines meet the minimum requirements for Windows 7 and then be able to target those machines for your Windows 7 Migration using WinINSTALL‘s zero-touch process.

Section A-Determine what machines meet windows 7 hardware requirements

Deploying a new operating system, such as Windows 7, is a balancing act. On one side of the scale are the functional benefits of the new system. On the other side are the time, cost, and effort of deployment; the inevitable compatibility issues; the ambiguous and error-prone deployment processes; and the lack of well-integrated, single-solution management tools. The deployment effort seems even more daunting when you consider these facts:

  • The majority of today’s business PCs do not support Windows 7’s minimum hardware requirements, which means they will need to be upgraded or completely replaced.
  • Upgrading an existing PC with increased memory or video capabilities involves a costly hands-on hardware upgrade process.
  • Hardware upgrades typically cost more than acquiring and deploying a completely new PC, so migrating to Windows 7 will most likely require purchasing and deploying new PC hardware.

It’s important to know which hardware assets currently deployed meet the recommended hardware requirements and what will it take to upgrade machines that do not meet the requirements.  Using an asset management tool such as Scalable Survey or WinINSTALL to determine what machines do not meet the requirements for Windows 7

Windows 7 recommended hardware requirements

*Windows XP Mode requires an additional 1 GB of RAM, an additional 15 GB of available hard disk space

32-bit 64-bit
Proc Speed 1 Ghz processor 1 Ghz processor
Memory (RAM) 1 GB of Ram 2 GB of RAM
Graphics Card Support DirectX 9 with 128 MB Support DirectX 9 with 128 MB
HDD free space 16 GB free space 16 GB of free spaced
Optical Drive DVD DVD

Below is an example of the Scalable’s Survey Migration Planning report for machines that do not meet the Windows 7 recommended requirements.  It’s important to know what machines meet the requirements.  It’s just as important to know what machines do not meet the recommended requirements and why. Using the below report an administrator can determine what machines can be upgraded and what machines should be replaced.

migration_plans

Section B-Targeting Windows XP workstations for Upgrade to Windows 7

So now that we know which machines are eligible for an upgrade to Windows 7, we can leverage WinINSTALL to target these machines into a single Search Group.  The benefit here, is that you can search for all Workstations that have Windows XP installed on them and then cross reference those machines with your list generated from Survey.

As you can see from the screenshot below, I have targeted workstations that have Windows XP Operating System installed on them.  From this list, I can use my Survey Migration Planning report to eliminate machines that I do not want to Upgrade.

survey

Section C-Determine a Windows 7 Deployment method

As you begin planning for a migration of this size, a cost effective implementation plan aimed at minimizing the labor required to deploy Windows 7, is always the end goal.  OS deployment tools such as Scalable Software’s WinINSTALL can be used for a Zero touch Windows 7 roll out.  WinINSTALL uses PXE to start an automated install of Windows 7.  WinINSTALL has the ability to implement custom Windows Imaging Format (WIM) along with Pre/Post processes such as hard drive preparation and all application distributions that need to be preformed.  WinINSTALL PXE OS Deployment is hardware independent.  All needed Plug and Play drivers can simply be added to the PXE server, where they are stored in a repository for distribution during the installation process.  The clients will only install drivers for its specific hardware loadset.  No post-install process or Sysprep is required.  Once a client has finished the WinINSTALL deployment, it will have the operating system, correct name, AD account, OU Membership, and SID.

PXE Client Reset templates can be created to customize installs for different:

  • Active Directory OU placement
  • Customized Application Load set
  • PC Profile and Application Setting Restoration
  • Post-Installation Utilities including running .bat files, scripts, or custom setup routines
  • Customizable DOD Level drive wiping options, including up to 32 write counts per hard drive
  • Support for optimizing screen resolution, refresh rate, and color depth
  • Support for both Windows 7 32-bit and 64-bit Operating System Installations
  • Support for setting local Administrators password, as well as adding local and domain accounts to workstation
  • WinINSTALL Agent deployment integration

Additionally, you will be able to implement default settings for:

  • Windows Sidebar
  • User Account Control (UAC)
  • Windows Defender and Firewall
  • Configuration and change control for new devices

Below is a chart showing how the PXE server, PXE Template, and PXE clients are connected:

pxe

If you are using a disk imaging solution (such as Norton Ghost™) to manage anything beyond operating system distribution, you probably will not realize true automated software distribution, patch management, or PC disaster recovery.  In fact, you may end up managing images instead of PCs.  Disk imaging software is frequently misused for software distribution, data backup, and patch management—tasks that it was not designed to perform.

Section D-Applications

IT administrators need to find out how currently deployed, homegrown, and packaged applications will run on Windows 7. In other words, will they behave correctly and adhere to Windows 7’s new security and rights management configurations? To gather this information, IT Administrators will have to communicate with ISVs and other application providers to understand how their Windows 7 support plans impact the migration cycle.

Windows XP mode (XPM) can be used as an option for applications that where not designed and do not function on Windows 7.  Windows XP Mode is a virtual machine package for Windows Virtual PC containing a pre-installed, licensed copy of Windows XP SP3 as its guest OS. Pre-installed integration components allow applications running within the virtualized environment to appear as if running directly on the host

Application packaging and deployment should be considered separate from OS deployment for an efficient Windows 7 Migration strategy.  This allows applications to be updated or replaced easily without changing the OS deployment method.  According to Gartner, in 2007 fewer than half of the average company’s applications will be MSI-packaged or automated distribution (Gartner, Managing PCs from Start to Finish, September 2006).  This leaves the task of application packaging up to the IT Administrator.  Using a reputable tool such as WinINSTALL can help you avoid packaging pitfalls. As IT costs rise and resources shrink, following best practices approaches like those listed here can help you streamline IT processes, increase desktop availability, and effectively manage the PC lifecycle.

Once it is determined what application can run natively in Windows 7 and what applications will need to be run in XPM, a labor efficient deployment method will be needed.  This is an area where a well-defined Windows 7 Migration strategy will greatly benefit the IT administrator.  Using a product such as “Scalable Software’s WinINSTALL Desktop Availability Suite, application deployment can be integrated into the Zero touch WinINSTALL 7 deployment.  WinINSTALL provides easy ways to package and edit applications so they can be deployed along with a new OS or to existing machines on a network.

app

Section E-Personality and User data

Personality and user data can not be overlooked.  In order to keep productivity maximized it is important to consider the end user experience.  Being able to migrate the Personality and User data to Windows 7, will provide your end users with the familiar and comfortable feel that they have become accustomed to in their working environment. This functionality will help to minimize any learning curves and allow the end user to stay as productive as possible.   Tools such as Scalable Software’s WinINSTALL Personality Transfer, can not only migrate an application’s persistent settings, but also migrate their user documents.

user

Section F-Putting all of the tools together

Once the IT administrator has determined what machines can be migrated to Windows 7, a procedure can be created.  A zero touch procedure should include:

  • Backup PC Personality and user data, including Application Persistent Settings
  • Prepare hard drives by performing DoD Level Wipes of the hard drives,  and creating new partitions
  • Deploy pre-configured Windows 7 WIM Image
  • Create AD Computer account; and join the computer to AD Domain, as well as an OU
  • Enable Remote Desktop connection
  • Turn On/Off features such as Windows Sidebar, Windows Defender, and User Account Control (UAC)
  • Enable/Disable the Windows Firewall and configure for custom Port Exclusions
  • Se the local Administrator Password and add new local or domain accounts to the workstation
  • Deploy the WinINSTALL
  • Deploy customized application loadset
  • Restore Personality and user data

Where possible a “Windows 7 Pilot group” is recommended.  Define a test group of key personal in the organization.  Use the complete migration process on this test group and allow them use the new Windows 7 loadset for a time period.  This will provide feedback and allow an IT Administrator to make adjustments in a controlled environment before rolling out Windows 7 Company wide.

Incentives to upgrade from XP to Windows 7

Continuing the guest post initiative on Msigeek, Today we have a guest speaking on a very important topic  “Incentives to upgrade from XP to Windows 7”. I’m sure; many of us have this question in our mind. Few are reluctant to ask, few understand the truth and few put their own minds, assume things and complain that Microsoft Windows does this always!! I am sure this article will prove noteworthy for all.

Well, let me introduce the author of this post. His name is Stephan Rose. He is a Senior Community Manager with Microsoft. His role spans in supporting IT pros all over the world in the use of the Windows client OS (XP, Vista and Windows 7). Before joining MS, Stephen spent many years as a technical trainer and consultant with various companies and universities. In addition, he spent several years as a Microsoft Most Valuable Professional (MVP). He blogs at http://blogs.technet.com/stephenrose/.

Over to Stephen’s Article…

Last week I sent out a Twitter via @MSSpringboard regarding some new features in Windows 7. I received the following response: ” …….. what exactly is the incentive for users to upgrade XP to 7? Is it purely gfx? I would honestly like to know what feature 7 offers that can’t be done either natively or via 3rd party software in XP.”

After writing my response, I realized that was a question a lot of people had; so when Vj asked if I would be interested in posting a guest spot on his blog (www.msigeek.com), I jumped at an opportunity to share this out with a larger audience.  Thank you for the opportunity and I welcome your feedback.

Here was my response: “Windows XP was released back in 2001. Mobility was not key factor as it is now. Malware, spyware and rootkits were also not an issue like they are today.

As we all know, many of our users did not move to Windows Vista for a number of reasons, so many corporations stayed with Windows XP and through much work, have made it an excellent operating system for their end users. Before joining Microsoft last year, I spent the last 10 years managing networks like this. I have been an MCSE and a MCT since the NT 4.0 days. I taught engineers in the classrooms and spent many a week freezing my butt of in server rooms installing Apache web servers, Groupwise, Lotus Notes Novel Netware and Microsoft OSes.

With Windows 7, what is great is there is no one “killer feature”. It is the culmination of many features (some large, some small) that makes Windows 7 a great operating system. Most end users don’t want to know how it works; they just “want it to work.”

When they are sitting in a Starbucks working connected to public internet, they fact they can click a link in a document that points to a corporate intranet sharepoint server and they are able to download a document without having to go through a long and involved RAS process due to the implementation of Direct Access . Seamless and transparent.

When a user walks into the office and has a 20 MB document download is seconds due to BranchCache makes that user more effective. When a user is prompted to encrypt a thumb drive so that any data on it is secure makes the job of a security manager easier.

When a user gets a faster boot up, more batter life, jump lists to access documents faster, quicker connectivity to wireless, built in drivers to WiFi cards, search connectors to find internal and external resources, when they can drag a window to the right and have it automatically resize, when it comes out of sleep quickly and is ready to go and home groups so that home users can stream video, share photos or print to printers at the other end of their house with needing to be technical are all wins for the end user..

Sure, you can do some of this with XP, plug-ins and such. Who has that kind of time? Do I want to sit and create an image with 30 different tools that constantly require updating, that may not be supported, that have additional costs that cannot be centrally managed, and were possibly written non-securely? Of course not. What IT pros would? Some would argue that they do not want one company doing all of that and controlling it. That diversity of product creates a better experience. If you buy an off the shelf computer that is a complete, ready to go experience that will do what an end user wants, some people will shun this experience and will choose to build their own for a more customized experience.

Will you get a better machine? Depends on your definition of better. More things to go wrong and no single coverage. You cannot return that machine and there are possible incompatibilities. Each person has their own yardstick.

We have had millions of downloads around the Beta and Release Candidate. Tons of great feedback and a lot of excitement around this launch. This is the first OS from Microsoft in a long time that requires less hard drive space, RAM and Processor power than its predecessor. People are very excited. We are trying to make the best OS for many different types of users from consumers and students to tech enthusiasts to developers and IT pros of all ages. We are always open to new ideas, thoughts and ways to make our operating systems better.

We encourage all users to download the Windows 7 Release Candidate from http://www.microsoft.com/springboard and try it for themselves for free and what you think.

Best Regards-
Stephen Rose

Create and Distribute MSI software packages using WinINSTALL

From past few days, there was a thought of implementing a guest post section on Msigeek. This was just to bring-in experts from different areas to showcase their expertise and share their knowledge/product with us!!

Well, Let me introduce the author of this post. His name is Scott Drucker and he has been working as a Senior Systems Engineer with Scalable Software. Scalable is a leading innovator in delivering cost-effective IT Asset Lifecycle Management solutions.

Scott has been building software packages with WinINSTALL for over 10 years now. Scott can be reached at sdrucker[at]scalable.com.

Over to Scott’s Article…

How to Create and Distribute MSI software packages using WinINSTALL

As an engineer, I find myself constantly evaluating software. I comb the internet trying to find products for whatever project I may be working on at that time. When it comes to the packaging of custom MSI files or editing of vendor supplied MSI files; I need a product that will give me maximum configurability with the least amount of headaches. Even before I began working for Scalable Software, I had used WinINSTALL to package minor applications for distribution with Active Directory and created transforms for our vendor supplied MSI files.

What I needed was a product that allowed me to do several things. First, I needed to be able to edit the tables of the MSI files directly; without having to use an external editor tool like ORCA. I also needed a product that would allow me to create shortcuts for the applications I created; push out registry keys when necessary; perform ASCII or INI file edits; push out already configured Services that would run with the credentials that I specify and also be able to edit existing MSI files by creating transforms or merge modules.

The snap-shot process was simple. The User Interface was a breeze to use compared to the other products on the market. I took a clean machine, performed a before snap-shot. Installed the setup.exe I wanted to make into an MSI. I customized the software the way I needed to, by creating shortcuts and a couple of TCP/IP connections for our emulation software. Then I ran the after snap-shot. I took a clean machine without the application installed, pushed it down to the machine and it installed like it was supposed. Creating the shortcuts and the TCP.IP connections.

WinINSTALL gave me the ability to perform all of these functions. Now I am not a scripting genius by any means, and for me WinINSTALL was perfect because its geared towards the Desktop Administrator and not the software developer. I looked at numerous products and compared each one to see which product would meet my needs. In the end, WinINSTALL was the wisest choice for me. I was able to take a vendor supplied MSI such as Office and create transforms for the installation, so that each group or department I pushed Office to, would get a different installation. Maybe some departments needed Higher Macro Security set and other departments needed certain options enabled that are out of the scope of a cookie cutter installation. With Adobe, I was able suppress the Eula agreement and disable the Update messages that plague users on a daily basis. I was also able to delete the Adobe Acrobat Reader icon from the Desktop, since in effect, this is a useless icon. WinINSTALL gave me that flexibility. It also allowed me to create Printer MSI installations and edit config files for existing applications not originally packaged with WinINSTALL.

Best of all, and well worth its weight in gold, was the ability to then distribute these applications to my end users. I was able to mass deploy Office 2003 to over 500 users which performed an Upgrade from Office 2000 and set the specific options that my users required.

So the benefit here, is that you can take a Suite product like WinINSTALL’s Desktop Availability Suite or Desktop Management Suite; create your packages with all the customizations necessary and then distribute them from one product. Scalable Software’s WinINSTALL Desktop Availability Suite combines the standard desktop management functions that administrators use for day to day asset management, software packaging and deployment, and patch management; while automating with a Zero-touch methodology, three of the most labor-intensive IT management tasks: PC Refresh, OS Migration, and PC Recovery.

If you already have a distribution process, you can download either the free version of Scalable’s MSI Packager or for your advanced MSI packaging needs, the MSI Packager Professional. You can find all of these products here

Scott’s Thoughts on MSigeek.com
“MSIGeek.com is a very informative site for any MSI user. You don’t need to be an expert to work with MSI’s, and MSIGeek’s How To’s and Best Practices sections, provide some valuable information to not only newbies but experienced end users. I myself, am very impressed with how well they have been covering the maturity of Windows 7. Way to go guys and keep the information coming!!”