I think the best way to begin is with a basic question: why is now the right time to start your Win 10 migration? In this article, I’ll explain why it is, and also give you my recommendations on software tools to use and the approach you should take to make migrating to Windows 10 as trouble-free as possible.
Remember how painful it was moving to XP and then subsequently how painful it was moving to Windows 7? Were you in one of the many organizations who left both migrations until the last minute, leaving you in a race against the clock to get off a legacy unsupported OS or be at the mercy of paying Microsoft a pretty penny for extended support? Why would you subject yourself to the same pain and pressure again?
Start now and give yourself more than enough time. Microsoft have made some major improvements to Windows 10, and although there were a few bumps along the way such as an inability to have total control over your Windows updates and lack of extensions with the new Edge browser, these issues have been (and are continuing) to get ironed out – Edge has several extensions available now with more to come. There’s also more control over updates in the Enterprise edition. Windows Server 2016 is now out, so there’s that desktop server pairing, plus available features such as Device Guard, Credential Guard, Windows Store for Business and App-V provide extra incentive.
If you have Windows 7 today, you’ll know it’s a challenge to use with new touchscreen displays. If you are using touchscreen devices that do not run Windows, you’ll know what a pain that can be as managing those devices requires a unique toolset and skillset that may be out of scope for many in-house IT teams, who are most comfortable managing Windows. Windows 10 is widely available on many great tablet devices and hybrids and can be managed using your everyday management products and it provides a rich touchscreen experience for end users.
It has been claimed that Windows 10 may be the last major Windows desktop OS release that will allow a view to manage updates in a more incremental fashion going forward. We have been seeing big updates such as the recent anniversary update adding the types of features you previously would have required a service pack or major OS upgrade to get.
This may mean your Win 10 migration could be one of the last clear cut open opportunities to build from the ground up. Now is a good time to ask what other changes make sense in your environment? Maybe a migration project is a good time to look at Office 365, VDI, profile management solutions, etc.
How to start your Win 10 migration
Gather a list of applications
Often unspoken and left way too late in the game are the apps! The thing is, it may take you a few days or even weeks to get your Windows 10 image in a steady state but once you do, it’s set. An image remains relatively static. You can use App-V and SCCM scheduled tasks together for an effective way to keep your image as bare as possible. You may slip Windows updates in periodically but if done right little will change and thus little time wasted on regression testing. Set it and forget it! However, the apps themselves are a lot more challenging.
There are a few steps required that you’ll be familiar with from previous migrations. You’ll need a list of your current applications. If you work in a well-managed environment in which users have restricted permissions and all applications on the systems are packaged and deployed by IT, you’re in good shape! You can simply take a data dump out of your deployment tool, possibly SCCM and then use that list as a starting point.
If your environment looks more like the Wild West, with users installing their own applications or techs installing applications without communicating to the desktop team, you’ll have more of a challenge. You can’t rely on a dump from a deployment tool.
There are several tools you can use to detect the applications on your user’s desktops. A great product for this is Lakeside Systrack which I will also mention further down this post. SysTrack can gather a list of the apps, provide basic app information such as product name, version and if the app is likely to work in App-V. It can also show the number of workstations the app is on, highlights multiple versions of the same app and gives you some great reports along the way.
Read Rory’s review of Lakeside Systrack.
Application Compatibility Toolkit
A free (but not so great) product is Microsoft’s Application Compatibility Toolkit. You can deploy what are called “collectors” to your organization’s workstations. These connectors will be configured to point to a SQL database and will log any applications detected as installed on the workstation by looking in programs and features, the uninstall registry hive and the Installer cache location. ACT has been around for a while now, and you can tell Microsoft have not put much effort into updating it for Windows 10. While previous versions had some info on app compatibility, you can’t rely on that information being available for Windows 10. If you are interested in using ACT for gathering your list of apps, I advise that you only use this to get a list of the apps. No more, no less.
As stated, Microsoft did not put a lot of effort into ACT for this release. I believe this is because of their new cloud analytics platform which can be used for getting software and hardware inventory. This is brand new and available to sign up for now.
Rationalizing your applications
Once you have your list of applications, it’s time to rationalize that list. Through natural progression, an organization accumulates duplicate applications that serve the same exact function e.g. five text editors, three video editing products, etc. You can save the organization money by reducing to a single product and consolidating on licensing. You also cut down on the number of applications supported by your desktop team and expedite your migration.
More than this, you may find you have applications in your environment that are still out on workstations and maybe still published via your portal that are no longer being used, but word never got back to the desktop team. Now’s your chance to get rid of them.
If you use a data gathering product such as ACT, you may even find applications installed by users or techs that you didn’t know were out there. If you see for example that 50+ users have iTunes installed but you never deployed it, this could be a question for security but also a question for the business. Why do they want it? What are they using it for? Should we provide it for them?
While I do love the data provided by SysTrack and to a lesser extent from ACT, I don’t like using those tools during the rationalization phase. It’s quite a manual, cumbersome and non-intuitive experience using those user interfaces to create a filtered list. ACT is particularly painful.
Select a suitable pilot group
Project managers or those work admin related roles are a good pilot. They are mostly non-technical, they don’t have an obvious workflow and usually only use a handful of apps. A great product for this is MigrationStudio. It lets you easily import your list and then acts as your project management solution for the remainder of the migration effort. The UI is tailor made for this work and makes life so much easier.
My personal strategy for rationalization is to first remove duplicate products, as mentioned. Look for multiple version of apps like Java and figure out their dependencies to see if they are all still required going forward. Basically, I trim the list. (If you feel you may have multiple version of Java out there but you are not sure if they are all in use or indeed what web apps need them, you could use a product called Browsium Proton to get this data.) This is simple to do in Migration Studio and unlike other products, the results easily outweigh the effort involved.
I then sort my list based on user count. The most widely used applications are the first apps I focus on packaging and testing on the new OS. Once I get through the apps with a large user count, I decide which department will be my pilot groups.
Project managers or those work admin related roles are a good pilot. They are mostly non-technical, they don’t have an obvious workflow and usually only use a handful of apps. They are usually very straight forward to get through. It’s a good validation of your Windows 10 image and a good test for internal web apps. The pool of project managers is also typically small, even in large organizations. If something is found and needs to change, it will cause less disruption with such a small group.
With all enterprise-wide apps packaged and tested, and the image validated by a small group, I would then look at IT groups. This is a lot more challenging, but if you have good communication among IT staff, this can be very beneficial as they give keen technical insight into their experience through the deployment and can find app compatibility issues that project managers may not see. These teams may also need Windows 10 before other non-technical teams get it in order to help support them.
Intelligent planning tools for rollout
At this point, if you’re just using Sharepoint and Excel spreadsheets, managing it all is becoming cumbersome. You’re probably also getting management dictating what group should go next. I suggest you use MigrationStudio to help decide who should go next! Based on the apps in use, Migration Studio can help map out which departments should go next by showing a prediction e.g. you can highlight your customer service team and run a predict, it will show you a breakdown of what percentage of your overall migration will be complete and what percentage of other departments will be complete by the fact they also use some of the same apps as the customer service team. It’s incredibly powerful and not susceptible to cajoling or error in the same way as a human.
You’re probably thinking: “That’s all well and good, Rory! You’re assuming I won’t hit any issues during the packaging of the applications. When moving to Windows 7 that was our biggest issue. We’d be making good progress with some apps but a widely used app wouldn’t work, or a critical app for a certain department didn’t work, so it messed up our deployment schedules and caused confusion and frustration.” Fair point, let’s discuss that!
Ensuring application compatibility
Without even getting into app compatibility against the OS, dealing with inconsistent vendor packages is just a pain in the arse! For some reason, it seems like a lot of organizations are now looking at MSI packaging as a way to improve their app support in Windows 10.
Addressing inconsistent packaging standards
You’ll find that no two apps are the same and that vendors don’t really follow any application packaging standards even with their own applications. If you crack open the MSIs on commonly deployed applications such as Flash and Google Chrome Enterprise edition, you’ll see that they aren’t actually using the MSI tables. They have pretty much just leveraged the MSI as a wrapper. The install is actually being completed by a custom action, which is a custom script embedded and run as part of the MSI install.
Microsoft created Windows Installer and yet they’re big culprits of non-standard installs. You’ll come across large SQL related applications that can’t be extracted and deployed as MSIs because somebody in their infinite wisdom embedded a Windows update and used their setup.exe to install a chain of MSIs and a few updates. Useless!
You’ll find that no two apps are the same! Vendors don’t really follow any standards when packaging their own applications. Then, of course, you’ll get straight up setup.exe installs, applications that need to be remediated for your environment or possibly due to compatibility issues with Windows 10. Microsoft is now making an effort to help bridge the gap in the out of hand Windows application package formats, with a product originally called Project Centennial that is now called Desktop Bridge. This is still in early development and the new AppX architecture, and the bridge are showing a lot of promise for standardizing the windows package architecture and helping developers get their Win32 apps into the Windows Store, but it’s certainly not ready for widespread enterprise use. I can’t see IT professionals deploying an organization’s apps in the Business Store as converted apps in the short term.
Read Rory’s review of Project Centennial.
Potential issues with 16/32-bit apps
One great thing about this Windows migration is the fact that in terms of application compatibility for the OS, it’s not as big of a leap as in previous releases. If your applications work on Windows 7 today, odds are they will work on Windows 10. You could possibly experience pain if your organization hasn’t yet implemented 64-bit and are choosing the Windows 10 rollout to do so. You may find 32-bit applications using drivers that won’t work on a 64-bit OS. You may find possible issues with shell extensions in a 32-bit app on the 64-bit OS. Poorly packaged applications with hard-coded paths to a non-standard location that was fine on Windows 7 32-bit and more. If you still have some 16-bit apps around, you’re going to have a bad time!
If you had Windows 7 64-bit across the board or even for some of your users, this migration should be much easier. However, you may still have issues with applications that have shell extensions that don’t work correctly on Windows 10.
If you currently have UAC disabled on Windows 7, it’s time to get a grip and enable it for Windows 10. This could make things more complicated, but that’s kind of on you. You kicked the can down the road, and now you’ve got to pick it up. If you have really old applications, UAC may mean doing some app compatibility acrobatics to get it to work. Check out my blog post on shims as an example, but it’s not impossible. UAC has many benefits, one obvious one is security, and another is when an admin such as yourself tries to run something that requires elevation, it will prompt you to elevate rather than just fail! You also won’t get a disappointing head shake from Microsoft and other vendors.
By far the biggest app compatibility challenge with Windows 10 will be your web apps. So many organizations are still hanging around on outdated and now unsupported versions of Internet Explorer. Don’t worry, a lot of effort has been put into tooling to help you through this! Enterprise mode in IE 11 has a high success rate. You may just use that and find almost all of your web apps will work in IE 11! Success.
For the few that do not, you’ll either need an updated web app, or you may need something else. You could go the route of publishing the web app in XenApp, RDSH, etc. running Server 2008 R2 or you could look at products such as Browsium, ThinApp or Turbo! Browsium Ion and Turbo.net which are really great products for this!
While the appcompat pain is significantly less when going from 7 or 8 to 10 than it was when going from XP to 7, you may encounter some compatibility issues. Either through a runtime issue, apps that refuse to install due to a vendor set restriction or possibly poor packaging practices when creating the package for deployment on Windows 7. Algiz Technology are experts when it comes to packaging and appcompat, reach out to us if you need help getting over the appcompat hump.
I have my image, list of apps and a compatibility report, what next!?
An app compatibility report is great for setting expectations and providing some guidance, but you should apply some human know-how that automation cannot provide! Just because an application can work as an App-V application, doesn’t mean it suits your organization to sequence that particular app. What is your end goal? Will you be rolling out a VDI?
Virtual Desktop Infrastructure
VDI was such a pain as recently as a couple of years ago, with limitations with traditional application virtualization that made the image management a nightmare. Roaming user data was no walk in the park either. The architecture of VMware Horizon left a lot to be desired, and Citrix XenDesktop 7.x was in its relative infancy and came with a lot of bugs. All of this has changed – XenDesktop has had time to mature, and the VMware VDI stack is also going from strength to strength with some key acquisitions. The problems from the past now have solutions!
If you’re planning to use VDI, you’ll definitely want to checkout LakeSide SysTrack. It provides great info on usage metrics of your users current desktops which can be critical when capacity planning for optimal performance. If you are a VMware shop, you’ll want to check out App Volumes and Immidio. If you are a Citrix shop, check out Unidesk and Norskale. These products are complete game changers!
A VDI project can be a great time to look at changing how you manage your user data and profiles. Excellent tools such as those by RES Software, Liquidware Labs and AppSense (now Ivanti) can revolutionize how you manage your desktop. I feel these vendors UEM products offer a richer feature set than Immidio and Norskale but they may not be needed for you.
Setting up pilot groups with your new Windows 10 image using virtual desktops can be a great way to iron out problems in your VDI environment, in your Windows 10 image and help you get ahead with your UEM setup.
On the topic of managing user data, thanks to FSLogix, roaming a user’s data from Office 365 is now simple, making the move to the cloud for one of your most critical applications achievable.
Get started right now!
Sure, dealing with incompatible web apps will suck but you can do it without the pressure of your previous migrations by getting ahead of this. Incompatible web apps should not stop you dead in your tracks. If all else fails, you can have an Ace up your sleeve by looking at products such as Turbo.net or Browsium.
Use tools like MigrationStudio, Browsium Proton and BDNA to build an excellent complete data source for your ongoing application lifecycle management. Your Windows 10 migration gives you the opportunity to make your software management more efficient than it’s ever been!
Read Rory’s review of BDNA Technopedia.
Moving away from traditional MSI or scripted installs will do you a world of good. Application virtualization and layering will provide a simpler packaging process and a more dynamic deployment method than those of yesteryear.
Improve your overall desktop experience, including login times by optimizing the policies in your environment. RES ONE, AppSense, ProfileUnity or most other UEM products allow you to apply policies and changes in a much more efficient fashion. No more crazy Group Policy sprawl resulting in 2 minute plus startup times. Get much more granular with how policies are applied (e.g. add a user policy as part of an app deployment or via a certain trigger event). Deliver shortcut-only applications without any packaging effort. Get control of when your proxy and drive mappings should apply (e.g. disable it when a user takes their laptop home and make it available when they come back on the corporate network). With one of these products, the world is your oyster!
Enjoy the adventure my friends!