This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Some 500 million copies of XP were running before Microsoft declared the stalwart operating system dead, and doubtlessly many still soldier on. But without Microsoft XP updates, and with anti-virus and other vendors publicly declaring they will no longer support XP, companies that keep XP going do so at their own peril.
Network World readers know all about the security risks of running a static OS without anti-virus updates. Every computing platform is vulnerable to security attacks, and constantly needs OS patches, antivirus updates, configuration changes, etc., to thwart potential attacks. XP is already a popular target for hackers because it is so widely used. The lack of security updates will make XP look even more attractive to cyber attackers. XP systems on the Internet will be like drops of blood in shark infested waters.
Another concern is regulatory compliance. Financial institutions, for example, are under regulatory pressure to remain on the leading edge of cyber-attack prevention technology to minimize data security threats. So even if enterprises in regulated industries minimize risk by restricting network access, applications, etc., they may be out of compliance. Even without regard to cyber-attacks, some may find it difficult to comply with regulations when they are not able to upgrade their applications. It’s highly unlikely that software vendors will continue developing new or updated software for a dead platform.
+ ALSO ON NETWORK WORLD What you need to know about the end of Windows XP support +
This leads to another application problem that will arise for companies continuing to run XP: third parties will not support XP for long, and maintenance of custom in-house applications running on XP will be difficult. Finding qualified developers capable of updating XP custom applications will become increasingly challenging. The best technical people seldom elect to work with archaic systems.
Obviously, IT departments can’t just leave systems on Windows XP without putting their company in danger. The only responsible course of action for organizations is to migrate to a newer operating system as quickly as possible to ensure the continuous flow of business. This will eliminate the related range of risks to which those who take no remedial action will be automatically exposed.
Get your head around it
Many executives fail to realize the scale of migrating a global enterprise to a new operating system. Microsoft estimates that it takes a company 18 to 32 months to migrate, from initial planning through completion. In my work with enterprise IT customers, I see organizations struggle with four key issues: compatibility, automation, bandwidth and infrastructure.
Compatibility is fundamental. For starters, hardware needs to be capable of running Windows 7/8, and in some cases computers will have to be replaced or upgraded. An enterprise also may have hundreds or thousands of XP applications they need to upgrade or replace. Even applications that will run on Windows 7/8 may fail to install because they were packaged for XP installation. These applications don’t need to be upgraded, but do need to be re-packaged in Windows 7/8-friendly installers. Tools are available to help with this process.
Automation may not be needed in a small company, which can upgrade a handful of computers manually. Since Microsoft does not provide an in-place upgrade from XP to Windows 7/8, the process involves storing user data and settings on external media and then restoring after the new OS is up and running. It’s not particularly difficult, just an extra step.
However, for a large company with hundreds or thousands of computers to migrate, automation is critical. This will typically involve creating a standard OS image, which includes the OS plus applications that need to be installed. This is accompanied by a set of logic for installing the OS correctly on different computers. The unattended installation can be handled by a variety of technologies, with Microsoft System Center Configuration Manager (SCCM) being the best known.
Bandwidth is an easy thing to overlook for operating systems deployment, but it’s a huge factor for companies with offices all over the world. Merely applying a service pack in large organizations is a serious and complex undertaking. For example, the Windows 7 Service Pack 1 involves the transmission and processing of one gigabyte of information for each computer to be upgraded.
If a company has 20,000 computers and needs to send the service pack to each, that’s 20 terabytes of traffic. Of course, files aren’t moved over the WAN to each PC, they are moved to a local cache of some kind at each operating location’s WAN, and served to PCs from there. OS image files can be up to 20GB or more, and they require regular updating when applications, drivers, etc., are updated. So, even just populating or repopulating this image is a WAN bandwidth challenge.
Infrastructure isn’t something people usually consider when they think of migrating computer operating systems. But beside WAN bandwidth and possibly technology to efficiently use that bandwidth, Preboot Execution Environment (PXE) points are required to install new operating systems on computers. These have to be placed on each network segment, unless you’re willing to change router configurations (IP helpers, DHCP scope options).
This is also true with state migration points (SMP), the storage space to save users’ data and settings before overwriting XP and to apply after installing Windows 7/8. SMPs need to be on the same LAN as the PC being updated to prevent traffic flooding the WAN. Some technologies such as peer-to-peer PXE and virtual SMP can prevent the need to deploy physical servers at sites, by enabling these functions on local clients without perceptibly impacting their performance.
Get it done
If you work in an enterprise that has not yet begun the OS migration process, here is a high-level overview of what needs to happen:
- Hardware inventory.
- Software inventory and compatibility testing.
- Unattended OSD technology selection.
- PXE point/SMP server placement and router changes—or software alternative.
- Image preparation and testing.
- Content pre-staging (OS images, etc).
- Migration, scheduled in staggered groups of systems—not all at once.
Creating and executing a repeatable unattended build process that works on all machines across the organization can be an unwieldy project. The details depend on the IT policies and complexities of each individual organization. It is a multidisciplinary effort, and involves people, approval processes, control elements, accountability issues, and organizational politics. The selection of tools and infrastructure design coupled with an automation strategy are critical factors to success. Beyond that, it’s all about good old-fashioned planning and execution.
Kumar was the lead program manager with Microsoft's Systems Management Server 2003 team, and worked closely on its development, making him an expert on SCCM network environments. He was also lead program manager with the Windows NT Networking team. He has received five patents related to his work on SMS 2003 at Microsoft and has written more than 50 publications, including a book on Windows programming. While at Microsoft, Kumar also authored the Thinkweek paper for Bill Gates that became Project Greenwich, now known as Microsoft Office Communications Server / Lync.