So, you’re thinking about switching OS Deployment Solutions.
Congratulations! You’re in for a serious amount of work not only in choosing a new OS Deployment solution, but also in planning, configuring, organizing and executing the little monster. Sure, some deployment solutions are easier than others, yet all solutions require much more effort than you think. If you’re thinking, “what are you talking about? This stuff is easy…”, I probably can’t help you. You’ll figure it out, I’m sure.
First, ask yourself, “Why am I doing this?” Seriously, unless you’re hoping to solve a mission-critical problem with respect to OS deployment, it likely won’t be worth it, regardless of the foundation of your reasons; be they political, financial, technical, talent-level or fear based.
Be honest and go into the process knowing the actual reasons, it’ll help you most when you’re attempting to choose between the various offerings out there. Side note: If the reason is purely political, you probably need to suck it up and get it done and the rest of us out here in the Interwebs will feel appropriately bad for you. We know…
Second, in choosing a new OS deployment solution, you’ll need to know what your critical requirements are. What combination of features, available add-ons or plug-ins, integration within your environment, usability, security, delegation of responsibilities and learning curve (just to name a few) meet the needs of not only your organization, but also of your staff. Make a spreadsheet and fill it out or find one on the web, or if you have an extraordinary memory for really boring details, make one in your head! (I don’t recommend the latter…) Start by assuming that you’re a noob and go from there. The biggest mistakes professionals often make are assuming that we know how everything works.
Once chosen, planning begins. Prepare for a lot of time to be spent making sure that you know all of the technical limitations of your chosen solution. These limitations may cause you to scrap an iteration of your plan (or several iterations). If you’re considering the actual reasons that you chose the solution, you’ll scrap a few as you learn the caveats. Whatever time you set aside for planning, double it at least. Planning covers solution installation (with required, supporting network services such as WDS/PXE, multicasting switches, etc.), network infrastructure requirements and resources, target machine topography, technical staff training, and end-user training (where applicable), etc.
Note: Don’t assume you know the complete list of plug-ins from a few simple Google (or Bing) searches. These can be very helpful and save you loads of time!
“Planning without action is a daydream. Action without planning is a nightmare.”
– Japanese proverb
Next comes properly configuring your new deployment solution. There are undoubtedly systemic parameters that must be verified if not set, either within the solution or on the network resources that will support it (or both, likely). Organize the deployment methodologies. Determine which method or methods you’ll use, (e.g. PXE vs. bootable media, etc.) and exactly what hardware you’ll be deploying to, neatly organized into interlaced groupings. Don’t just consider the new hardware that you’ve got in your lab, but also consider the hardware that’s been deployed into your production environment, especially that ancient machine in accounting that has specialized software on it, developed by one guy in his basement, long dead, and “it just works, so we don’t touch it”. Perform the laborious task of discovering and researching the implications of EVERY parameter available in the solution, (assuming that you didn’t do so prior to making the choice), as these can often either save your butt or kick it.
Finally, execute the solution, preferably in a test lab or at least in a segregated environment at first, work out the bugs (hello, forums…), and then pull the proverbial trigger when you’re satisfied. If you were diligent, you’ll undoubtedly be a proud and happy camper, (after some beverages). If not, well… You know the drill.
- Choose an OS Deployment Solution that can handle Application package deployment as well.
- Choose a solution that can allow you to create small, specialized groups on which unique or at least highly customized OS images may be employed.
- Choose a solution that will meet the anticipated future growth needs of your organization.
- Train your staff on the solution! Train the hell out of them!
- “Open Source” usually means no organized support effort. Factor that in…
If you considered this post to be overly alarming and elect to ignore it, good luck. If you agree with its basic tenets or elect to take it with a grain of salt, that’s cool too. Either way, it likely has gotten you to consider a couple of things more seriously and my only hope is that it helps you in your decision somehow. You’re welcome and I’m sorry that there’s no Easy “button”…
There are a number of consultants and trainers available for ConfigMgr and MDT out there. But few are as qualified as the fine folks over at myITforum.com.
They are offering a "Mastering Windows 7 and 8 Deployment Using MDT 2012 and ConfigMgr 2012 SP1" training course in Minneapolis in July (for which there are a few seats left) and another class in New York in September.
(Excerpt from original post):
Build a real deployment solution using MDT 2012 and Configuration Manager 2012. This is the first deployment training where you pick the track to follow during four days!
- The primary track is using MDT2012 (update 1) and ConfigMgr 2012 SP1 to deploy operating systems, applications, and software updates.
- The second, optional track, is how to build a deployment solution based on MDT 2012 Lite Touch. We simply wanted to give you the best possible windows deployment training, no matter if you plan to use ConfigMgr 2012 SP1 or not.
During these four days you will learn how to
Plan and design for ConfigMgr 2012 SP1 infrastructure changes
· Upgrade from ConfigMgr 2007
· Upgrade from MDT 2010 to MDT 2012
· Create and deploy applications
· Configuring Software Updates
· Create and design reference images
· Create VB script wrappers for configuration items and applications
· Configure Security baselines for the Windows 7 & 8 images
· Master the driver injection features for OS deployment
· Integrate MDT 2012 with ConfigMgr 2012 SP1
· Extend OS deployment in ConfigMgr 2012 SP1 , with scripts, frontends, databases and web services.
· Configuring offline media
· Troubleshoot MDT 2012 and ConfigMgr 2012 SP1
· Troubleshoot your Windows deployments
· Bending the rules, understanding and customizing the rules (customsettings.ini)
· Enable Dynamic Deployments
Head over to the source at myITforum.com to sign up for the class.
With Windows Blue, otherwise known as Windows 8.1 (in some circles), there has been a large degree of hubbub lately over the impending release later this year of an updated version of the highly touted and questionably applicable Microsoft operating system from, Windows 8.
Falling on the heels of the fabulously successful adoption of Windows 7 OS by business, (largely due to Vista’s utter failure,) and with Windows XP finally in its death throes, Windows 8’s snazzy Metro (rebranded as "Modern UI Style" or “Windows Store App interface”) front end continues to prove to be a difficult sell to business customers. This is due to recent migrations to Windows 7, end user interface changes and typical application compatibility issues.
Why has business adoption of Windows 8 failed?
Training and change, I’d say. Let’s be honest. People don’t like change regardless of how many seminars they’re forced to attend that tell them anything from “Become one with the change” to “Too bad you don’t like it, get used to it”.
As for training, network administrators at large will attest to the fact that any change, as simple as icon placement on a desktop can effectively murder office productivity with demagoguery over the purported reasons for the change or the wisdom of its implementation or the chosen color of the icon or fear over the loss of a treasured program regarded as tantamount to an old friend. In the interest of mitigating said loss in productivity, successful organizations endeavor to provide training to at least reduce the impact of the irrationally feared change. Training serves two purposes, to assuage and inform. Enough has been said here on why the hearts and minds of users should be assuaged and I would assert that providing users with effective instruction on how to use a system should be pretty obvious.
So, what is Windows Blue?
Simply put, it is the next level of Windows development, encompassing everything from Desktop OS to server OS, to Office, Phone, Azure, etc. The Desktop OS in particular is designed to include support for smaller mobile devices and incorporate a method for purchasing applications from a store, (Windows Store), similar to iPhone or Android on the smart-phone side of the fence. Not to worry, apparently, side-loading of previously purchased applications will be possible.
Furthermore, Windows Blue will mark a departure from the traditional OS development cycle which incorporates updates, service packs and full releases of new products. It has been hinted that updating an OS will occur on a more regular basis and with greater efficacy, eliminating the release of large code changes in the form of service packs or new versions of operating systems; kind of like OSX or Linux.
What can we expect from Windows Blue?
Nobody knows yet. It could mean that new or updated features, (such as “boot to desktop” mode or the return of the “Start” button,) could be released faster and changes/bug fixes more effectively. Smaller, incremental updates could theoretically ease the transition of supporting technologies, e.g. applications and hardware improvements by not grouping the OS technology improvements and making them so impactive that entire OS migrations are required.
It has been rumored that the upgrade of Windows 8 to Windows Blue will be without cost, yet it is unclear how overall pricing will be handled in the absence of planned full OS releases. We’re predicting a subscription-based model, based on Microsoft’s foray into that realm with Windows 365.
Will there be a Windows 9?
In my humble opinion, it could go either way. If Windows Blue technology is sound and can be made appealing as well as profitable, perhaps not. However, If the resultant sales model proves to be too cumbersome, (and the product proves to be too expensive,) or if the updating process fails to be effective, (either in reality or in customer’s perceptions,) then look forward to Windows 9. We’ll have to wait and see.
Licensing desktop operating systems from Microsoft has always been, and is likely to always be, a bit of a challenge. For some reason Microsoft makes understanding licensing seem like a moving target, an elusive quarry that is difficult to see or understand — maybe like a cloaked Klingon Bird of Prey. (Bear with our Trekkie analogy.) That said, if we modulate the frequency of our inverse tachyon beam, we can brush away some of the confusion and, after actuating the universal translator, present a list of possibilities that are more actionable in English. Here it goes
What should you know about License Keys in advance?
A few key questions will get you on the right track:
What type of License Keys are you working with?
- OEM = OEM editions of the OS
- Volume License = Volume License Editions of the OS
- Available through various purchasing programs including Open, Select, or Enterprise
What volume of PCs are you planning on deploying/refreshing?
- Will you deploy en masse or in small sets over time?
Do you have time to visit every PC and activate it?
How much money do you have?
- Volume Licensing provides for reduced unit cost of licenses.
How do I decide which activation method to use?
If you have lots of free labor and did not purchase a Volume License agreement, you'll be choosing the brute-force method of activation.
If you have purchased Volume Licensing, have more than 25 client PCs, and don't mind installing a Microsoft Key Activation Service (KMS) in your network to facilitate activation with Microsoft for each client PC every 180 days, then you may choose the Key Management Service method.
If you've purchased Volume Licensing and have less than 25 client PCs, you may be best off choosing to use the Multiple Activation Key (MAK) method. In addition, if you've purchased more than 25 client PCs and just don't want a KMS validating every PC in your environment every 180 days, then stick with MAK.
Types of Windows activation
Activation varies depending on whether you are working with an OEM License or a Volume License.
OEM Licenses — Client
Brute Force Method: Buy PCs with OEM License Key directly associated and upon deployment of the same version of the operating system, apply the OEM license key in each PC's Sysprep answer file, or enter the key when prompted on each individual PC. This method can be very time-consuming in terms of pre-deployment configuration, and it's difficult to ensure you've entered the correct license key on each deployed PC. Plus, you have to manage the OEM License Keys after the fact.
New in Windows 8:
You can have the PC manufacturer activate the OEM version OS via OA3 before shipping it to you. What happens when you need to re-apply the OS, assuming it's the same version? According to Microsoft, OEM License Media cannot legally be used to re-image. At that point, you use Volume License media and activate with the specific OEM License Key for that machine.
Can I convert an OEM License Key to a Volume License Key?
Call the Activation Center. Better yet, call your Microsoft License Center to discuss purchasing a Volume Licensing Agreement. You'll be glad you did.
Volume Licenses — Client
Methods of licensing communication with Microsoft: There are two … well, sort of three.
Volume License — KMS:
- Customer-hosted KMS
- Microsoft-hosted activation service using MAK
- Token-based activation for client PCs disconnected from the Internet (This method uses Public Keys and Certificates to achieve activation.)
So, you've got more than 25 client PCs and you'd like to host a KMS in your environment to handle client activation with validation every 180 days?
The KMS does not require a dedicated server and can run on your AD server, for example. The KMS can run on almost any modern Microsoft OS. However, if it is hosted on any OS other than Windows 2008 R2, only PC versions of the Windows OS (not server operating systems) may be activated by this method.
Furthermore, although only one KMS is required, it is recommended to deploy multiple KMS hosts because periodic validation is entirely dependent upon the service.
Client PCs communicate with the KMS to Microsoft through TCP/IP and DNS. Volume License editions of Windows 7 and Windows 8 are, by default, configured to work with KMS and do not require Administrator privileges for activation. The KMS is subject to an activation threshold, which is irrelevant so long as more than 25 client PCs contact KMS for activation services and remain connected to the network. If your use falls below 25 PCs, you risk validation failure after 180 days, and client PCs that fail validation lose their activated status and will become hindered.
For more information on KMS, visit Microsoft
Volume License — MAK:
So, you've got more than 25 client PCs and you would not like to host a Key Management Service (KMS) in your environment; or you've got less than 25 Volume License client PCs?
Note: MAK may also be used to convert a KMS client to MAK.
Multiple Activation Key has two methods to choose from: Independent Activation
or Proxy Activation
Choose MAK Independent Activation
if the client PCs have Internet access. MAK is a one-time activation with Microsoft's hosted activation service after a MAK License Key is installed on the client PC.
Choose MAK Proxy Activation
if the client PCs do not have direct access to the Internet. MAK will act as a go-between to provide activation for multiple client PCs via one connection to Microsoft. MAK Proxy Activation is set up using the Volume Activation Management Tool (VAMT), which is available in either WAIK orWADK
. Client PCs receive a MAK key and transmit an identifier to the VAMT, which communicates to Microsoft and replies with a confirmation identifier, completing the activation process. VAMT is also capable of internally re-activating a client PC after reimaging because it stores the confirmations locally.
For more information about MAK, visit Microsoft
Windows activation is not as confusing as it seems
Separating activation methods from Windows 8 or Windows 7 purchasing options and Software Assurance benefits allows you to select the method that fits your needs. If you consider your activation preferences before purchasing, your preferences may affect your choice of licenses.
So, the bottom line is this: You should consult your Microsoft Licensing representative for specifics. Perhaps over a cup of Earl Grey (hot). Live long and prosper.
In the December issue of the Imaging Insights Newsletter, we predicted that the Microsoft Deployment Tool (MDT) would see an explosion of usage in 2013 as companies phase out XP and begin to adopt Windows 7/8. It’s still early in the year, but our prediction is proving accurate so far. Some administrators have already been using MDT for their system deployment and image creation, and with the recent enhancements that make it more reliable and easier to use, the free utility’s usefulness continues to grow.
New MDT features
Perhaps the most visible improvement to MDT is the new Monitoring node, which lets administrators view the progress of Lite-Touch deployments. This is great news for anyone whose processes don’t involve systems management frameworks, such as Systems Center Configuration Manager (SCCM). The monitored information updates every 10 seconds, and it includes the step that’s currently being performed and how long the deployment has taken so far.
There’s also good news for those who do use SCCM: MDT now fully integrates with SCCM 2012, resulting in a powerful combination for administrators who need more control over their enterprise-wide environment, and more granularity in systems checks and reporting. MDT also aids admins who support user-driven installations. With the new Build Your Own Pages functionality, end users have an easy, drag-and-drop tool to help them create wizards without coding.
The improved MDT also integrates boot images with the Microsoft Diagnostics and Recovery Toolset 7.0 (DaRT), giving administrators even more options when using a Light-Touch CD image to boot a system. MDT now supports the DaRT 8 Beta, too.
Other enhancements include improved image deployments when booting from VHD, support for PowerShell 3.0, full integration with System Center Orchestrator, and entirely revised Roles and Features logic that supports installation and removal.
Microsoft has continues to make improvements to MDT, showing a pretty good example to the industry of how enhancing a performance tool should be done. The UIU Support and Development team loves tools like MDT because it makes life a little easier for IT administrators. It’s that goal of simplifying the process that drives us in the first place.
Any other enhancements to MDT that have caught your eye? Plans to migrate to MDT?
About the UIU Blog
The UIU Blog is brought to you by Support, Development and Management at Big Bang LLC to provide industry news, product development and updates, support cases, release notes, and discussion of OS Deployment and the Universal Imaging Utility.
We would appreciate your comments and suggestions.
If you have a UIU Support issue, please email Support at email@example.com
or call us at 414.369.5020.