Windows 10 Migration With Ivanti: Migraine Managed
Over 1,800 IT professionals with responsibility for corporate desktops and laptops took part in the survey and were questioned on the status of Windows 10 adoption, their future plans, experiences, concerns, and more.
Of those surveyed, 93 percent of organizations have Windows 10 installed, but only 37 percent have it rolled out in production to a fraction of end users (only 10 percent have Windows 10 fully in production). Despite this slow start, 78 percent are looking to be fully migrated to Windows 10 by 2019.
However, many concerns still persist for organizations looking to migrate to Windows 10; in fact, 88 percent of those polled reported having significant concerns about moving to Windows 10. Application compatibility worries, the need for user training, and the manual effort required to migrate users and their workspaces are the top concerns. And the larger the organization is, the higher these concerns are.
Those organizations that have already begun their migration are still faced with user-related issues, including user confusion with the new interface and users resisting migration because they see no benefit to them in moving to Windows 10. Because of worries such as application compatibility, user confusion, and user resistance, 80 percent of the IT professionals surveyed are delaying their migration to Windows 10 while they attempt to address those concerns.
Effortless Migration With Ivanti
Are your users ready to leave their happy, familiar Windows 7 workspace behind? Are you? Windows 10 migration is daunting, but Ivanti technology significantly reduces migration complexity. Adopting the steps below will enable you to control the process, reduce surprises, eliminate Stealth or Shadow IT, and provide users with a familiar workspace—on top of a shiny, new, powerful operating system.
Step 1 – Baseline Your Existing Environment
To gain foresight and plan a future Windows 10 workspace that’s secure, compliant, and delivers a great user experience, we recommend analyzing existing user workspaces to identify potential performance bottlenecks, productivity limitations, and security vulnerabilities.
Ivanti Insight is a virtual appliance that can be installed on your existing desktop and server estate to collect and analyze data regarding user experience and endpoint security. An unobtrusive agent is deployed to endpoints either via Active Directory, third-party tools such as Microsoft System Center, or using our centralized deployment mechanism, Ivanti Management Center.
The Insight Agent collects data relating to the user workspace experience and uploads the data periodically to the Insight Appliance. Endpoints are analyzed to record metrics, including logon times, resource utilization, and application usage or privileges required to access resources. Details on how and where users are currently storing their files are recorded as a first step in preparing to migrate user files and folders—another necessary and problematic element in a Windows 10 migration scenario.
Insight provides a simple way to baseline existing environments before moving to Windows 10. Organizations can identify potential performance issues and security or compliance vulnerabilities, and use the data to ensure optimum user experience post migration to drive user acceptance of Windows 10.
Step 2 – Centralize Management of Users’ Personal Settings
Ivanti Environment Manager decouples users’ personal settings from the workspace and manages this data independent of the device.
This provides centralized management of user settings while enabling user settings to be applied dynamically to any workspace, regardless of the delivery method or operating system.
This offers a far more efficient and robust alternative to roaming profiles and eases Windows 10 migrations, break/fix, Citrix-related migrations, desktop transformation projects, even on-premises to cloud projects.
Environment Manager makes use of a three-tier architecture for optimum performance, built-in failover, disaster recovery, and business continuity, to ensure unlimited scalability across distributed, geographic locations.
Environment Manager virtualizes users’ changes to application and operating system settings. It then compresses and stores both locally, for offline access, as well as centrally—either on-premises or in the cloud. This ensures that personalized settings can be streamed, on-demand, to any user workspace or operating system, irrespective of how the desktop or applications are delivered.
For Windows 10 migration projects, Environment Manager captures settings that already exist in legacy local or roaming profiles and delivers this personalization instantly on-demand to new Windows 10 workspaces. Delivery can include all elements of the profile or just selected application or operating system content.
By applying user settings on-demand, IT can cater to increasingly mobile users, moving users effortlessly between platforms and operating systems with no negative impact to the user experience. In fact, personalization delivered by Environment Manager is proven to speed up user logons and eliminate profile-related support calls, improving the user experience.
Additionally, while a typical Windows 10 roaming profile is 160MB, Environment Manager-stored user personalization data saved in the SQL database is around 10MB per user, reducing storage costs and freeing up disk space for other uses.
Delta changes to personalized settings are also saved in the SQL database, so if profile inconsistencies occur, personalization settings can be rolled back on a per-user, per-application basis to a known good point in time by the user or by IT, without affecting any other aspect of the user profile. This ensures the highest user productivity and eliminates profile-related support tickets.
Step 3 – Application Control and User Privileges
The threat of ransomware, unlicensed software, or non-productive applications being introduced to Windows 10 endpoints—either via the Windows Store or traditional means—can be eliminated using Ivanti Application Control.
Its unique Trusted Ownership model provides an easy-to-manage alternative to traditional whitelisting and blacklisting. This approach protects endpoints from zero-day threats and eradicates the problem of out-of-date reactive solutions such as antivirus software that needs to know about a threat before it can download and apply update definitions.
With Application Control, Trusted Ownership security is delivered out-of-the-box and works by examining the NTFS owner of an application. If an application or executable is introduced to the user workspace, Trusted Ownership considers that app or executable to be owned by the user that introduced it. ‘Trusted’ apps and executables are owned by a ‘Trusted Owner’, e.g. an administrator or software deployment system such as Microsoft System Center, and can be installed and run by the user. Apps and executables introduced or installed by ‘untrusted’ owners like standard users are instantly prevented from running. Additionally, applications or executable code attempted to be run or installed from network drives or removable media such as USB drives or CDs are also prevented automatically unless otherwise stated.
Traditional whitelisting and blacklisting technologies typically require ongoing maintenance when new service packs or upgrades are released, which can result in high IT support costs. In addition, these types of solutions are often bypassed by renaming an unknown or black-listed application to that of an application on the whitelist. Trusted Ownership alleviates the IT burden associated with application control solutions that require ongoing maintenance of whitelists when an application or OS component requires patching.
White and blacklist configurations can still be used in conjunction with Trusted Ownership to control known applications that pass the NTFS owner check. Applications that users should not have access to, such as administrator-owned tools like cmd.exe or ftp.exe, can be denied automatically. Alternatively, using whitelists in conjunction with digital hash checking can guarantee only known, trusted applications can execute on an endpoint.
Application access in Windows 10 environments can be tailored with security and compliance in mind, using Environment Manager’s context-aware policies. Access is dependent on the user, where they’re logging on from, when, and how. These rules are based on Groups, Users, Devices, Processes, or custom rules to target specific scenarios when users should or shouldn’t be allowed access to specific applications.
Due to these flexible application-control techniques, Ivanti Application Control is recognized by Microsoft for enforcing device-based software licensing. By governing which users or devices have permission to run named applications, limits can be placed on the number of application instances, the devices or users that can run the application, when users run a program, and for how long. This helps to reduce software license costs when migrating to Windows 10.
To enable regulatory compliance, Application Control’s privilege management capabilities allow IT to easily remove end users’ full administrative rights and provide them with elevated privileges for just the apps or tasks that they need.
Extended support for Windows 7 ends in 2020, which is right around the corner in “IT years.” However, some IT departments see Windows 10 migration as a project, but not a priority.
This is unfortunate. Windows 10 is substantially different from Windows 7 from an IT-architecture and user-interface perspective. Additionally, Windows 10’s new release cadence is going to challenge IT—and users—to keep up.
Even If budget hasn’t been allocated yet to a Windows 10 migration project, IT can build a migration model for their organization now to determine the cost in time, dollars, and effort involved in the move. IT can use the results to engage with executive management (they are end users, too), and at minimum, start the conversation. A proactive approach allows IT to make thoughtful decisions rather than hasty ones driven by necessity.
As part of the process, consider Microsoft’s faster release cadence and how IT will accommodate it. The new cadence will push IT to run multiple Windows versions in parallel, imposing a continuous state of migration. Windows 10 migration is a tough challenge, but one that can be overcome by starting now.
Having Migration Migraines?
Ivanti can help ease your pain!
Ease migration woes, improve the user experience, and ensure acceptance of Windows 10 migration projects with Ivanti solutions. Visit ivanti.com or email [email protected] for help.
Want a fuller picture of just how effortless migration can be when challenges are overcome with Ivanti? Check out our whitepaper, Painless User Migration with Ivanti.