A Windows branch upgrade strategy is a necessity for enterprises. With the short patch support life cycle for branches, not upgrading will result in significant security risk. This is going to require a new level of upgrade planning and execution.
Upgrade or be vulnerable
With Windows 10, the imperative to upgrade branches is critical to staying secure. In May 2016 at the WinHec 2016 conference, Microsoft clarified that branch upgrades would come out twice a year instead of the two-three that had been communicated earlier (see the slides from the presentation for details). There was also some clarity on the life cycle of a branch.
As you can see, the full lifecycle (excluding Insider Preview) is at least 18 months. Using this a foundation, enterprises should plan out their Windows 10 branch upgrade strategy.
With a constant stream of updates, enterprises will need to develop constant rollout processes which often will overlap. Here is a three step approach that can be applied to different rollout plans:
- Pilot on Current Branch: As branches are progressive in nature, rollouts should schedule the pilot phase to commence with the release of Current Branch. Current Branch will stabilize over time so pilot systems can detect issues that may affect production systems.
- Production on Current Branch for Business: When the branch is declared Current Branch for Business, it should be very stable and the pilot rollouts should have already identified branch compatibility issues that can be addressed before this phase begins.
- Grace period for problem upgrades: Enterprises should be done with upgrades before hitting the grace period and use this time to address problem upgrades only.
With this as a basic model, let’s explore a few examples on upgrade rollouts through the end of 2018. All examples are speculative on release timing and versioning. That said, we have seen two branch releases per year with 1511 and 1607. There appears to be a pattern to release in July for back to school and consumer sales. Whether the second release continues to be in November is yet to be seen, but this release does align with business computer releases that are common at the beginning of the year.
In this example, rollouts occur in 5-steps with most systems spending 4-6 months on any given branch. As you will see, there is a constant upgrade occurring.
This example has fewer phases which allows a consistent six months on any given branch.
3-step branch-skipping rollout
This example requires aggressive rollouts, but the resulting benefit is the ability to keep systems on the same branch for 12 months by skipping every other branch.
Too fast? Long-term servicing branch
If you find an 18-month lifecycle to be overwhelming for some or all of your systems, then you need long-term servicing branch (LTSB). Cost and some limitations will apply, but upgrades are in years versus months. The limitations are not trivial (enterprise edition only, high cost, reduced features) so be aware that LTSB my not be an option.
Here the key points to share with colleagues and the boss:
- From the availability of Current Branch, plan on a minimum life of ~18 months
- Once a branch reaches the end of the support life, no patches will be provided
- Plan on perpetually upgrading systems every 4-12 months when using a phased approach
- If the upgrade lifecycle is too fast, considerlong-term servicing branch
With branch explanations and strategies done, I will next explore a Windows 10 branch upgrade solution architecture.