In today’s business environment, where hackers are using increasingly sophisticated attacks to disrupt systems and steal corporate information, organizations need to take greater care than ever before when migrating to a new operating system. That’s especially true as organizations contemplate the move to Windows Vista, Microsoft’s first major operating system upgrade since the 2001 release of Windows XP for the desktop and the launch of Windows Server 2003 two years later.
Whether the migration is performed all at once, department by department, or one machine at a time as each PC reaches the end of its lifecycle, a similar migration process should be used. Following a Vista migration or deployment, all systems in the environment — new and old, Windows Vista / XP / 2000 / 98 or Linux — need to be well-protected and well-managed to ensure data on those systems is safe, the systems are highly available, and they do not become vulnerable to newly discovered exploits.
This article looks at how a successful migration strategy will keep conflicts and system disruptions in check, minimize user downtime and inconvenience, and avoid exposure to security threats. It then shows how Symantec’s Ghost Solution Suite can help with the principal stages of a Windows OS migration, including Windows Vista.
While Vista has security features designed to help protect new systems during deployment, enterprises will still need to proceed with caution. Specifically, they need to set security policies and have the best management tools for their PCs and servers, and then have a method to ensure that these policies and tools are utilized across the entire organization. While the built-in security features of Vista can help, more is needed.
As Yankee Group security analyst Andrew Jaquith observed last year:
“The new operating system will significantly improve the default security posture of Windows [and lead to a] substantial reduction in risk for most users. However, the Windows security problem will continue to be a permanent fact of life and Microsoft won't always be able to provide the mature enterprise management features enterprises want.”
Enterprises contemplating a move to Vista should also start planning immediately, as a recent Gartner Inc. study makes clear:
“To deploy Windows Vista in 2008, a significant amount of preparation work must be done. Deployments don’t just happen overnight. It will take many organizations about 18 months from the time Windows Vista ships to test applications, get independent software vendors (ISVs) to support applications, build images, and run pilots. Organizations that ignore Vista until 2008 will not be ready to deploy it until 2010.” (“CIO Update: A 2008 Windows Vista Deployment Begins with 18 Months of Preparation,” December 2006)
The first step is to take a complete inventory of all desktop hardware and software to determine the “Vista Ready” status of systems in the environment—preferably with the aid of inventory software. Inventory software serves two key purposes in planning a Vista migration. First, companies can check whether hardware and installed applications on systems to be migrated are suitable for Vista. For example, hardware items that need to be checked include PC processor type, memory, hard drive capacity, adapter cards, and peripherals. Equipment that does not meet Vista requirements can then be either upgraded or replaced. Second, IT can determine the list of software and security each user will require on his or her PC.
While inventory information can also be gathered by physically sending an IT staff member out to each individual PC, a more efficient approach is to automate this process using asset management and inventory software that can remotely collect this information over the network.
As new systems are deployed or migrated, the key to reducing operational costs is to eliminate duplication wherever possible. For example, minimize the overall number of tools required for migration as well as the number of system configurations. The fewer hardware and software combinations in your environment, the better.
In particular, companies should settle on a standard platform for different classes of workers. For instance, office workers may get a desktop PC with an OS, email, office productivity suite, and security software such as anti-virus and anti-spyware software. Mobile workers may get a laptop with similar software along with a personal firewall.
At the same time, a PC’s “personality” is critical to end-user productivity. This personality will consist of user data (e.g., Microsoft Word and Excel files), customized application settings (e.g., Microsoft Word dictionary), and Windows configuration settings (e.g., toolbar settings and shortcuts). If these customizations and data are lost, the result can be an increase in helpdesk calls, significant end-user frustration, and downtime -- all of which can cost an organization considerable time and money.
Moreover, industry analysts have estimated that more than 70% of a company’s data capital exists on end-user machines. That’s why comprehensive user migration -- encompassing user data, application settings, and Windows configuration settings unique to each user -- is a crucial factor in any OS migration.
The next step is to perform a targeted multicast. Multicasting provides the ability to deploy the new Vista image to hundreds of machines across an enterprise simultaneously.
Once the Vista image has been laid down on the target machines, previously captured user data, application settings, and Windows settings can be re-applied. Ensuring that each user’s personality from the former work environment is available on migrated systems helps end users get up and running as quickly as possible.
Today, the ongoing management of PCs is closely tied to security issues. In particular, combating viruses, spyware, and exploits that target newly discovered OS vulnerabilities requires that the software on all computers be kept up to date, systems be configured for maximum protection, and all security updates such as new virus and spyware signatures and application vendor patches be current. Over time, as new virus or spyware updates are released and vendor patches become available, a software distribution solution should be used to ensure that every computer, new and old, is updated regardless of the operating system. Such a system can also securely retire old systems by wiping hard drives clean, thus protecting confidential corporate data.
One of the keys to simplifying management of an OS migration is to use a solution that automates repetitive IT tasks that consume large amounts of time and budget.
The latest release of Symantec’s Ghost Solution Suite, version 2.0, has been specifically designed to support Vista and provide rapid and reliable Vista migration.
Ghost Solution Suite offers thorough hardware and software inventory capabilities, including built-in inventory filters for minimum Vista hardware specifications. These filters allow organizations to identify and target Vista Ready systems. Ghost Solution Suite’s multicasting with network bandwidth management technology helps to minimize network traffic and accelerates deployments, compared with standard operating system tools. Integrated user migration enables easy migration of users’ data, application settings, and Windows configuration settings, helping to minimize helpdesk calls and get users up and running rapidly following a migration. Once an organization has deployed Vista, Ghost Solution Suite helps configure, automate, and perform repetitive IT tasks, such as user migration, from a single, centralized management console.
When it comes to migration support, Microsoft best practices state that, wherever possible, duplication should be eliminated. Organizations are encouraged to automate as much of the process as possible and to minimize the number of tools used for a migration.
Ghost Solution Suite provides fewer and more integrated tools to improve upon Microsoft’s own best practices. From inventory to migration to management, Ghost Solution Suite simplifies all aspects of a Windows Vista migration.