Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8)
 

Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8)

on

  • 240 views

We ran the "Windows Accelerate IT Pro Bootcamp" one day hands-on workshop in early June 2014. These eight modules were designed to get IT managers, project managers, sysadmin and devops up to speed ...

We ran the "Windows Accelerate IT Pro Bootcamp" one day hands-on workshop in early June 2014. These eight modules were designed to get IT managers, project managers, sysadmin and devops up to speed with the new Windows 8.1 and Office 2013. The bootcamp focused on how to move off earlier versions of Windows and Office to a modern desktop and tablet platforms with the latest security and mobility technologies.

Keep an eye in our SlideShare feed for all eight modules:

Windows Accelerate IT Pro Bootcamp: Introduction (Module 1 of 8)
Windows Accelerate IT Pro Bootcamp: Platform Delivery (Module 2 of 8)
Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: UE-V (Module 5 of 8)
Windows Accelerate IT Pro Bootcamp: App-V (Module 6 of 8)
Windows Accelerate IT Pro Bootcamp: Devices (Module 7 of 8)
Windows Accelerate IT Pro Bootcamp: Closing (Module 8 of 8)

For other events (Intergen or Microsoft Community) check our events page at http://www.intergen.co.nz/upcoming-events/

Statistics

Views

Total Views
240
Views on SlideShare
240
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • With Windows 8 we redefined workforce mobility by introducing a new feature called Windows To Go that enables enterprises to provide users a managed corporate environment on a USB drive that they can operate from multiple managed or unmanaged PCs <br /> Key Messages – <br /> Windows 8.1 supports ultra mobile work styles of users through a bootable USB that turns almost any PC into a secure Windows corporate PC. <br /> It provides full fidelity of a desktop that includes support to touch first Windows 8 experiences, virtualization technologies such as App-V, UE-V, RDS, user state virtualization (folder redirection, offline files, roaming user profile), secure connection via DirectAccess, Data encryption with BitLocker, and same management tools like System Center that organizations will use to deploy and manage Windows 8.1. <br /> Talk Track <br /> In a standard PC – users boot from the PC’s internal hard drive, they log into their Windows environment and are provisioned with corporate applications as physical apps or virtual apps (with technologies like App-V). Users can store the data locally on the internal hard drive or IT can centralize it with User State virtualization technologies like Folder Redirection. <br /> <br /> With Windows To Go, now IT gets a new deployment model for corporate environment to users, IT can provide a managed corporate image on a bootable USB drive that users can boot from any compatible PC (*Any PC with Windows 7 logo or higher). Users can get their applications, data and personalized Windows environment the same way as a standard PC. <br /> <br /> Users can work across multiple PCs – whether managed or unmanaged making them more mobile and productive. They get a familiar, consistent and rich Windows 8.1 experience even when they are operating from an external USB drive. They can work from their USB drive just like a standard PC – even when not connected to a network. Windows to go is easy to use as it doesn’t require the user to have any special skills to operate the USB drive. Local data on the drive is secure as Windows To Go supports drive encryption with Windows BitLocker; and it separates itself from the host PC’s internal hard drive to avoid any accidental data disclosure. The organization can use the same tools (like System Center) to deploy and manage Windows To Go as they will use for Windows 8.1. <br /> <br />
  • Note to presenter (1): this slide is optional; instead recommend doing Windows To Go demo – the demo can be found under http://windows8ready under the Commercial Tab – there is a section within the ‘Windows 8 Commercial demo’ document on the Windows To Go demo <br /> <br /> Note to presenter (2): Windows To Go is a feature of Windows 8 / 8.1 Enterprise and it requires and active Windows SA agreement. Flexible SA licensing allows companies to use Windows To Go for all of the scenarios discussed above. More information on licensing at http://www.microsoft.com/licensing/about-licensing/windows8.aspx#tab=2 <br /> --------------------- <br /> Windows To Go enables new mobility scenarios as well as other important enterprise usage. For example, <br /> <br /> BYOD: Embrace “Bring Your Own PC” while minimizing infrastructure costs <br /> Any Software Assurance for Windows or Windows VDA licensed device is able to run Windows To Go from anywhere (for primary device) <br /> Any device licensed with the companion device add-on for Software Assurance for Windows may run Windows To Go from anywhere (for secondary device) <br /> <br /> Travel Light: People travel light without sacrificing productivity <br /> The primary user of any Software Assurance for Windows or Windows VDA licensed device may run Windows To Go from a personally owned or third-party owned PC from home or on the road (without additional license requirement) under roaming rights <br /> <br /> Contractors: Get contingent staff up and running faster without compromising security <br /> Any Software Assurance for Windows or Windows VDA licensed device is able to run Windows To Go from anywhere <br /> <br /> Shared PC: Enable free seating even when people roam across mobile workstations <br /> Any Software Assurance for Windows or Windows VDA licensed device is able to run Windows To Go from anywhere <br /> <br /> Up and Running on Windows 8: Help end user test, trial, evaluate and take advantage of Windows 8 before it is installed on their PC. <br /> Any Software Assurance for Windows or Windows VDA licensed device is able to run Windows To Go from anywhere
  • Users travel light without sacrificing productivity. <br /> Enable employees to access their corporate environment securely from any work or personal computer capable of running Windows 8 / 8.1, whether they are outside the office at home or travelling; users get a familiar rich and consistent Windows 8 / 8.1 Experience from any PC they operate their Windows To Go from. Users can now pursue their unique work styles by travelling light and carry their work environment on a USB drive. Users can continue to be productive from a home PC even when they do not have access to their primary workplace due to an unplanned business disruption at work - natural disasters, power outage etc. <br /> <br /> Craig typically works from his corporate office location, on his laptop provided by his company that is covered by Software Assurance for Windows. However, since he is very active and likes to walk or ride his bike to work there are many times when he would rather not take his laptop with him everywhere he travels on a given work day. **click** <br /> <br /> For example, if he is attending a meeting in a branch office where they offer free seating locations complete with computers, he knows he can take his Windows To Go drive with him and use it on any machine covered by Software Assurance for Windows in those locations. **click** <br /> <br /> Additionally, he may head out to the nearest coffee house for a jolt of java or to the library to do some primary research. During these time, Craig prefers to bring his personal device with him. Since Craig’s primary device at work is covered with Software Assurance for Windows, he has roaming rights to use Windows To Go on other devices outside of work. **click** <br /> <br /> Finally, when Craig heads home for the day, similar to if he is working at the library, he has roaming rights that allow him to use Windows To Go on his home PCs without any additional license requirements. **click** <br /> <br /> Continuance of Operations: In a perfect world, nothing ever goes wrong. Snow storms never occur because temperatures miraculously stay above freezing. Hurricanes and tropical storms stay off shore and never touch the mainland. Hardware, computers and devices work great indefinitely. Of course, things are not always perfect. Weather does not always cooperate. Devices do run into problems. In these instances, when we cannot get access to our computers in the office, or cannot use our primary devices, Windows To Go provides a great back up or continuance of operations solution. <br /> <br /> In the event of a natural disaster, unplanned office closing, or primary device failure (USB or computer), employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer or a backup computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working again and remain productive. This is a valid stand alone scenario, or used in conjunction with the other common scenarios, as a back up for primary devices. <br /> <br /> <br /> <br />
  • Embrace “Bring Your Own PC” while minimizing infrastructure costs <br /> Provide organizations the ability to allow employees use their own PC of choice to securely access the corporate environment. It enables organizations to pursue BYOD programs while controlling infrastructure costs related to backend server infrastructure and avoiding the requirement of having a high bandwidth network connection to access virtualization technologies. Windows To Go is secure as it prevents accidental data leakage through separation from the host PCs internal hard drive and can be fully encrypted with native Windows drive encryption technologies – BitLocker. <br /> <br /> Get contingent staff up and running faster without compromising security <br /> Provide organizations the ability to enable contractors to use their own company owned PC to securely access the corporate environment. The contractor is given a Windows To Go with a managed Enterprise image for the duration of their contract. <br /> <br /> In both of these scenarios, licensing is very similar. **click** <br /> <br /> Non-corporate owned devices that will be used to run Windows To Go in the office, may be covered with Windows VDA or Software Assurance for Windows (requires a qualifying OS for SA). Windows VDA provides redistribution rights every 90 days, therefore if one contractor leaves and another one is hired, the Windows VDA rights may be reassigned to the new contractor’s devices **click** <br /> <br /> If BYOD full-time employees or contingent staff require the use of secondary devices for Windows To Go at the office, Windows Companion Subscription License allows the primary user of a VDA or SA covered device to run Windows To Go from secondary devices (up to four). When these employees or contingent staff go home, they have roaming use rights to continue to use Windows To Go on devices outside of the office because their primary device is covered by VDA or SA **click** <br /> <br /> <br /> <br />
  • Enable shared PCs even when users roam across mobile workstations <br /> Enable organizations to reduce hardware costs by allowing users to access the corporate environment from a pool of managed host machines. Users can pick any host that is available and boot into their work environment using the Windows To Go – Example Army, Police personnel where users are required to travel light and use mobile workstations. Users get a secure and personalized experience even when they switch PCs without the risk of leaving confidential data on the host PC. <br /> <br /> Free seating implies a few things: **click** <br /> <br /> Many locations where an employee may need to use Windows To Go **click** <br /> <br /> And a pool of shared computers that will be used for Windows To Go **click** <br /> <br /> From a licensing perspective, a user may use Windows To Go on any PC within the organization that is covered by Software Assurance for Windows. <br /> <br /> Note: For each licensed device with SA and/or VDA, you may create and store an instance of the software on up to two USB drives. Example: Acme Inc has 2000 PCs covered with Windows SA. Their call center makes up 500 of those PCs, shared by 1500 agents. Acme is licensed to create 4000 (2 x 2000) Windows To Go sticks which can be used to provide the 1500 agents with their desktop image, and still have room to support a larger scale deployment of Windows To Go. <br /> <br /> Additional notes: <br /> 1. Users must be the primary user on a device covered by Windows Softawre Assurance (SA) for Windows or Windows VDA to have roaming rights to use Windows To Go outside of the office.
  • Lets review Key Windows To capabilities – we will deep dive into the capabilities that make Windows To Go Secure, easy to use and manageable. <br />
  • Provides drive encryption with Windows BitLocker : Native Windows encryption technology – BitLocker, provides data encryption for Windows To Go; thus allowing IT to maintain security requirements. <br /> <br /> In Windows 8, BitLocker added support for a password key protector for OS volumes. This means that you can use a password to secure your Windows To Go and you will be prompted to enter this password every time you use the Windows To Go. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. <br /> <br /> Other Windows 8 / 8.1 security feature like Trusted Boot protect the Windows boot process, while anti-malware software protects Windows To Go just like standard Windows 8 / 8.1 PCs. <br /> <br />
  • Prevents accidental data leakage through separation from the host PCs internal hard drive : Provides OS separation by making the host PC’s internal hard drive unavailable when booted into the Windows To Go workspace, reducing the risk of accidental data disclosure. <br /> <br /> Windows 8 . 8.1 makes any storage devices offline by default that are internal to the machine. If the computer was booted from an external drive, then external storage drives are accessible and internal storage drives are not accessible. To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go. <br /> <br /> We recommend that you use the NoDefaultDriveLetter attribute on the USB drive to help prevent accidental data leakage. NoDefaultDriveLetter will prevent the internal operating system from assigning a drive letter when a user inserts it into the computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. <br /> <br /> Windows 8 has introduced a new SAN policy that by default makes any storage devices offline that are internal to the machine. An IT Pro can effectively control it by group policy - There are 3 options: <br /> Online the host when booted into Windows To Go <br /> Offline the host (recommended) when booted into Windows To Go Offline all host storage even drives plugged in after Windows To Go boots up <br />   <br /> If the user has admin rights then they can override any of the above.
  • Enable Windows 8 . 8.1 PCs to boot from USB easily: “The Windows To Go Startup Options” in Windows 8 / 8.1 allows host Windows 8 PCs to recognize that a Windows To Go is connected to the PC at boot , thus automatically booting from the USB when present rather than the host’s main hard drive <br /> <br /> With Windows 8 or Windows 8.1 installed on the host computer: <br /> From the start menu, user can search for “Windows To Go startup options” and select “Yes, to boot from Windows To Go when it is present”. This will cause the host PC to always boot from USB drive first before looking for the internal hard drive. If users want to use the Windows To Go drive, they can simply shut down the computer, plug in the Windows To Go drive and turn on the computer. To boot to the host operating system, user can shut down the Windows To Go operating system, unplug the Windows To Go drive and turn on the computer. <br /> <br /> The Windows To Go start up options is only available on PCs with Windows 8 or Windows 8.1 installed on the host computer. With other PCs (example Windows 7 or Windows Vista) – users would need to enable their PCs to boot from USB. <br /> <br /> With Windows 7 or other Operating System installed on the host computer: <br /> Early during boot time (usually when you see the manufacturer’s logo), user needs to go into the firmware/BIOS setup utility (this differs from machine to machine but is usually with one of the function keys, e.g. F12, F2, F1, Esc, etc. Once user have entered firmware setup check that boot from USB is enabled. Then change the boot order to boot from USB drives first (Bring the USB option to 1 in the priority order). Alternatively, if computer supports it, user can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis. <br />
  • Provides high performance and broad hardware eco-system support: Windows To Go provides full native hardware access to the host machine, giving users a full fidelity desktop experience and access to rich applications. Windows OS supports a wide range of hardware and peripheral devices due to its large hardware partner ecosystem, Windows To Go provides users with the same hardware support. <br /> <br /> **Windows 8: Store is disabled by default. Apps licensed through the store are linked to hardware for licensing. Since Windows To Go is designed to roam to different host PCs access to the store is disabled. You can enable the store if your Windows To Go workspaces won’t be roaming to multiple PC hosts. <br /> <br /> <br /> **Windows 8.1: Store is enabled by default. Windows To Go with Windows 8.1 Enterprise has the Windows Store enabled by default. User can access the Windows Store, install apps, update inbox apps on their Windows To Go drives, while still being able to roam across PCs.
  • Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is subsequently booted on that host computer it will be able to identify the host computer and load the correct set of drivers automatically.
  • Windows To Go is Resilient to resume user state incase of unintended removal of the USB device from the host PC: Windows To Go identifies when the USB has been removed from the host computer and automatically resumes the workspace state when the USB is put back on within 60 seconds. <br /> <br /> If the Windows To Go is removed when its running, the system will freeze and the user will have 60 seconds to put the USB drive back into the same port on the host computer; once reinserted Windows To Go will resume from where it was left off, otherwise the computer will turn off after 60 seconds. <br /> <br />
  • Internal disks are offline. To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system the Windows To Go drive will not be listed in Windows Explorer. Trusted Platform Module (TPM) isn’t used. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. <br /> Hibernate is disabled by default. To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings. Windows Recovery Environment isn’t available. In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows. Refreshing or resetting a Windows To Go workspace is not supported. Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled.
  • USB 3.0 drives are required for optimal performance of Windows To Go, the product team is working with certain USB Drive manufacturers like Kingston, Supertalent etc. to build drives optimized for Windows To Go. A list of recommended USB drives/SKUs is available on TechNet: http://technet.microsoft.com/library/hh831833.aspx#wtg_hardware <br /> <br /> The size constraints are the same as a full Windows Environment. To ensure that users have enough space for Windows, data, and applications, we recommend USB drives that at least are 32 GB in size. <br /> <br /> Additional drive details: The controller is the storage controller and communicates between the bridge and the flash, it also dictates how data is written to the flash device.  The Bridge is another controller which communicates between the storage controller and USB device.  For Windows To Go, the storage controller dictates drive performance and the bridge dictates boot compatibility.  We are working with the bridge vendors to update their firmware to ensure a great boot experience across a large variety of hardware. <br /> <br /> Flash usually refers to the type of memory.  Inexpensive USB drives have flash memory that you can store data to and don’t usually have a storage controller in them, they may also have inexpensive memory.  WTG is running on a USB SSD (solid state drive), requiring a fixed bit. If the fixed bit isn’t set the drive cannot be partitioned.  Windows requires 2 partitions for setup/installation. <br /> <br /> High Performance and Endurance <br /> <br /> Performance necessary for running Windows - For Windows To Go the most important performance characteristic is Random write speed and the latency requirement – no IO can be more than 1/2 second. <br />   <br /> High endurance under typical Windows workloads – Windows To Go drive will be warrantied for 2 years under normal usage.    <br />
  • Note to presenter: this slide is optional and highlights the importance of using only drives certified for use with Windows To Go. <br /> <br /> ----- <br /> In order to provide a seamless mobile Windows 8.1 experience, Microsoft only supports certified Windows To Go drives. To become certified, a USB drive must pass a battery of certification tests, as well as undergo self-hosting across a variety of PCs to test-drive for high performance compatibility with Windows 8 and Windows To Go. Additionally, certified drives must: <br /> Be built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly. <br /> Have been tuned to ensure they boot and run on hardware certified for use with either Windows 7 or or higher Windows operating systems <br /> Be built to last. Certified drives are backed with manufacturer warranties and should continue operating under normal usage. <br /> <br /> For up to date listing of Windows To Go certified drives visit: <br /> Windows To Go Enterprise Page <br /> Windows To Go Feature Overview <br /> <br /> The Windows To Go certified drive ecosystem continues to grow and evolve. It currently includes drives ranging in size from 32GB to 500GB, with certain drive manufacturers offering additional security capabilities such as hardware based encryption and remote kill.
  • To enable authorized employees to self-provision a single instance or an evaluation copy of the Windows 8.1 Enterprise image of Windows To Go. The creator tool can be pointed to a custom WIM file or standard Media provided by IT to the user to create a Windows To Go drive. With a few simple steps users can get up and running with the corporate environment on a compatible USB drive. <br />
  • Windows To Go can be deployed using standard Windows deployment tools like DISM and ImageX. The prerequisites for deploying Windows To Go are: WTG recommended devices to provision, a Windows 8.1 Client image, and a host PC that can do the provisioning. <br /> <br /> Additionally, a user self-provisioning model is available for Windows 8 only with System Center 2012 Configuration Manager SP1, or for Windows 8 and Windows 8.1 with System Center 2012 R2 Configuration Manager.
  • A user self-provisioning model is available for Windows 8 only with System Center 2012 Configuration Manager SP1, or for Windows 8 and Windows 8.1 with System Center 2012 R2 Configuration Manager. <br />
  • Simplify deployment and management of Windows To Go with existing infrastructure: Windows To Go can be deployed and managed like a traditional desktop using standard Windows enterprise software distributions tools like System Center Configuration Manager or third party. <br /> <br /> IT can configure computer and user settings with Group Policy just like a standard PC. <br /> <br /> There are three group policies specific to WTG that has been introduced in Win 8 - <br />   <br /> Allow Windows To Go to sleep mode : if enabled - Windows To Go workspace can use stand by states to make the PC sleep, by default or when disabled - Windows To Go workspace will not go into sleep <br /> Allow Windows To Go To Hibernate : if enabled – Windows To Go workspace can hibernate the PC, by default or when disabled - Windows To Go will not hibernate <br /> Windows To Go default startup options : if enabled host PC will always boot from USB first and user would not be able to make change in the Windows To Go startup option , if disabled host PC will not be configured to boot from USB first and user will not be able to change the setting in the Windows To Go startup option unless they are admins; by default windows to go start up options will be disabled and user would need to be admin to enable it.   <br /> <br /> IT can enable Direct Access on Windows To Go just like a standard PC, allowing users to stay connected to their corporate resources through an encrypted tunnel. <br /> <br /> IT can continue to leverage Microsoft Desktop Virtualization technologies like App-V, User State Virtualization (Folder Redirection, Roaming User profiles, Offline Files) and Server hosted Desktops (VDI, RDS Session Virtualization) on Windows To Go to improve user flexibility and simplify management and delivery of corporate resources to users for IT.
  • Summary of how Windows To Go works – <br /> IT provisions corporate environment (using standard Windows 8 deployment tools) to users on a compatible USB drive. Alternatively authorized users can use self-provisioning tools like creator tool for creation of a single instance drive. <br /> IT manages Windows To Go like a traditional desktop using standard Windows enterprise software distributions tools like System Center Configuration Manager or third party. <br /> IT activates Windows To Go through volume activation (KMS server/ Ad based activation).KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis (typically 6 months) <br /> User are now ready to operate Windows To Go from multiple managed or unmanaged PCs.
  • Makes users more mobile <br /> Users travel light without sacrificing productivity. <br /> Embrace “Bring Your Own PC” <br /> Get contingent staff up and running faster <br /> Enable free seating <br /> Easy To Use <br /> Enables Windows 8 and Windows 8.1 PCs to boot from USB easily <br /> Resilient to resume user state incase of unintended removal <br /> High performance and broad hardware eco-system support <br /> Secure & Manageable <br /> Protects corporate data <br /> Supports Bitlocker drive encryption <br /> Separates from the host PC internal hard drive <br /> Deploy and manage with existing infrastructure <br /> <br /> <br />
  • Introducing Windows 8.1 Enterprise <br /> Windows 8.1 Enterprise features include all the capabilities that customers get with Windows 8.1, plus premium features designed to provide the mobile productivity, security, manageability and virtualization needs of today’s businesses. Here’s an overview of some of the key features that will be available exclusively to Windows 8 Enterprise customers (and note this is not an exhaustive list): <br /> Windows To Go is a fully manageable corporate Windows 8.1 desktop on a bootable external USB stick. This will allow IT organizations to support the “Bring Your Own PC” trend and businesses can give contingent staff access to the corporate environment without compromising security. <br /> DirectAccess allows remote users to seamlessly access resources inside a corporate network without having to launch a separate VPN and helps IT administrators keep remote users’ PCs in compliance by applying the latest policies, software updates, is easier to deploy, and it can be implemented with the existing IPv4 infrastructure. <br /> BranchCache allows people’ PCs to cache files, websites, and other content from central servers, so content is not repeatedly downloaded across the wide area network (WAN). When used with Windows Server 2012, Windows 8 brings several improvements to BranchCache to streamline the deployment process, optimize bandwidth over WAN connections and ensure better security and scalability. <br /> AppLocker can help mitigate issues by restricting the files and apps that people or groups are allowed to run. <br /> VDI enhancements: Enhancements in Microsoft RemoteFX and Windows Server 2012, provide people with a rich desktop experience with the ability to play 3D graphics, use USB peripherals and use touch-enabled devices across any type of network (LAN or WAN) for VDI scenarios. <br /> New Windows App Deployment: Domain joined PCs and tablets running Windows 8 Enterprise will automatically be enabled to side-load internal WinRT apps. <br /> <br /> In addition to these features, customers will get improvements to the fundamentals, including end-to-end security and better manageability. Businesses will also benefit from the immersive, personalized experience Windows 8.1 has to offer and the business tablets that will mean businesses no longer have to choose between the functionality of a tablet or the productivity of a PC. <br /> <br /> Microsoft Desktop Optimization Pack <br /> In addition to Windows 8.1 Enterprise, Software Assurance customers also have the ability to subscribe to MDOP. MDOP helps enterprise customers take advantage of desktop virtualization, manage Windows features, and restore user productivity after a system issue. We have recently released User Experience Virtualization (UE-V), which allows individuals to change their device and keep their experience without reconfiguring applications or settings in Windows 7 or Windows 8. We also just released App-V 5.0 which allows virtually any application to be available anywhere and DaRT which enables you to restore your user productivity quickly. UE-V, App-V, and DaRT are part of the MDOP 2012 release which became available on November 1 2012. <br /> <br /> Enhancing the Windows Benefits in Software Assurance <br /> As we reimagine Windows 8, we’re also enhancing our Software Assurance (SA) benefits to meet the needs of today’s workforce. I know you all see firsthand how technology has influenced the way people work and how employees need to stay connected to their data, apps and other people from anywhere, at any time, from a range of devices. We will be making improvements to Software Assurance for Windows that provides business customers with better ways to enable these flexible work styles. <br /> <br /> So let’s take a look at some of the details of the new licensing benefits. After Windows 8 Enterprise becomes available, Software Assurance customers will have the following new use rights: <br /> Windows To Go Use Rights: Windows To Go will allow companies to support Bring Your Own PC scenarios and will give employees who need to work from home more secure access to their full corporate environment. With Windows To Go use rights under Software Assurance, an employee will be able to use Windows To Go on any PC licensed with SA for Windows or Windows VDA. We will also update the existing SA for Windows and VDA roaming rights to include Windows To Go (WTG) rights for working from home or on the road. <br /> Companion Device Licensing: <br /> Windows RT Virtual Desktop Access (VDA) Rights: When used as a companion device by the primary user of a Software Assurance for Windows licensed PC, company owned Windows RT devices will automatically receive extended VDA rights. These rights will provide access to a full VDI image running in the datacenter which will make Windows RT a great complementary tablet option for business customers. <br /> Windows Companion Subscription License (CSL), an optional Add-On to SA for Windows or VDA, that enables BYOD scenarios. For customers who want to provide full flexibility for their employees to access their Windows desktop across devices, the Windows CSL Add-On will allow the user of an SA or VDA licensed device to access their desktop from up to four additional devices through either VDI or WTG from anywhere, on or off premise. The CSL provides a simpler, more cost-effective option with greater flexibility instead of separately licensing each device with VDA. <br /> Simpler: With a single-user based license, each device will not need to be separately licensed with VDA or SA <br /> More Cost Effective: Final pricing has not been announced but will cost less than a single VDA license <br /> Greater Flexibility: The Windows CSL Covers any employee owned device and/or any corp-owned non-x86 device (regardless of the OS they are running) and provides access through either VDI or WTG <br />  Mobile Device Management <br /> Cloud-based mobile device management using Windows Intune (optional add-on for EA customers) <br />

Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8) Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8) Presentation Transcript

  • Module 3: Windows To Go Overview Name Title The CA Accelerate 1:M IT Pro Boot Camp
  • ` BYOD goes mainstream changing security landscape enabling mobility critical for success anywhere, anytime expectations
  • ` * Any device certified for use with Windows 7, Windows 8, or Windows 8.1, regardless of the OS running on the host machine. Software Assurance (SA) for Windows required . 01100111 11010011 11001001 10001001 Booting from Internal hard drive FIREWALL App-V UE-V Folder Re-Direct 01100111 11010011 11001001 10001001 Booting from External USB drive App-V UE-V Folder Re-Direct App-V UE-V Folder Re-Direct BitLocker Windows To Go, Your Portable Workspace A consistent Windows 8.1 experience on any device with Windows To Go
  • ` Mobility for the Enterprise Windows To Go: Windows in your back pocket Contractors Bring Your Own Device (at work) Travel Light / Work from Home Shared PCs Up and Running on Windows 8
  • ` Travel Light: At work, at home, on the road Corporate Office Home Branch Office Library/Coffee house Software Assurance (SA) for Windows Covered under SA roaming rights* (no additional license required) Software Assurance (SA) for Windows *Roaming rights provide the primary user of an SA covered device rights to run Windows To Go or VDI from non-corp devices while off premise. Covered under SA roaming rights* (no additional license required)
  • ` Bring Your Own Device; Employees and Contingent Staff Work Location Primary Device Secondary Device Windows VDA or Software Assurance (SA) for Windows Companion Subscription License (CSL)* *Windows CSL provides the primary user of an SA or VDA covered device rights to run Windows To Go or VDI from secondary non-corp owned devices.
  • ` Shared PCs Software Assurance (SA) for Windows Multiple Users Single or Multiple Locations Shared PCs
  • ` Windows in your back pocket Secure ManageableEasy To Use
  • ` Protecting corporate data Supports BitLocker drive encryption New Password Key Protector Pre-OS password to unlock Windows To Go Trusted Platform Module (TPM) is not used MDOP 2013 and MBAM Protection with Trusted Boot Protects Windows boot process and anti-malware software Protection with Windows Can take advantage of all Windows security offerings, just like a laptop For example, remote connectivity solutions still enforce the same security requirements
  • ` Secure: Prevents data leakage Separation from host PCs internal hard drive Makes the host’s internal hard drive offline External Storage Devices are still accessible Utilizes SAN policy Can be controlled by Group Policy Host PC’s internal Hard Drive not visible
  • ` Booting from USB Allows host PCs to automatically boot from USB Available on Windows 8 and Windows 8.1 hosts Search for “Windows To Go Startup options” Select “Yes” USB boot “hotkeys” Configure BIOS to boot from USB
  • ` Full Fidelity Experience Full native hardware access on the host machine Same peripheral support as Windows 8.1 Touch enabled, mouse and keyboard aware Windows Store is disabled by default For users that don’t roam, GP can enable the store Enterprise sideloading of LOB metro-style apps works regardless Windows Store is enabled by default Enterprise sideloading of LOB metro-style apps continues to work
  • ` Easy to Use: Redefine Mobility On a new PC drivers are installed on first boot Identifies computer from characteristics of machine firmware Stores configuration to boot faster on previously used PCs Can be configured to boot on both UEFI and Legacy BIOS Both sets of boot components are placed on a system partition Doesn’t solve architecture incompatibility
  • ` Easy To Use: Resilient to unintended removal  Resumes workspace when USB is put back on within 60 seconds  Protects data by enforcing system shut down after 60 seconds User removes USB during a running session USB Boot disc removal is detected by the USB stack USB Drive is returned to host PC within 60 seconds The system freezes, the stack waits 60 seconds for the USB drive to return System will resume System is turned off Yes No
  • ` Differences Between Windows To Go and Windows Windows Recovery environment is not available Refresh or Reset your PC is not available Hibernate is disabled by default Don’t insert the Windows To Go drive into a running PC Always shut down Windows and wait for shutdown to complete before removing a Windows To Go drive Supported on PCs certified for use with Windows 7, 8, and 8.1 regardless of the OS on the machine
  • ` Windows To Go Certified Drives  Certified drives are optimized to meet the necessary requirements for booting and running Windows from a USB drive:  Built for high random read / write speeds  Support thousands of random access I/O per second  Provide wear-leveling features improving drive longevity  Tuned to ensure they boot and run on hardware certified for use with Windows 7, Windows 8, and Windows 8.1  Only certified and optimized drives are supported
  • ` Manufacturer Storage size Kingston® DataTraveler® Workspace www.kingston.com/wtg 32, 64, 128 GB Manufacturer Storage size Super Talent RC4 www.supertalent.com/wtg 32, 64, 128, 256 GB Imation IronKey® Workspace W300 www.imation.com/wtg 32, 64, 128 GB Imation IronKey® Workspace W500 www.imation.com/wtg 32, 64, 128 GB Super Talent Express RC8 www.supertalent.com/wtg 32, 64, 128 GB SPYRUS Portable Workplace™ www.spyruswtg.com 32, 64, 128 GB WD My Passport Enterprise www.wd.com/wtg 500 GB SPYRUS Secure Portable Workplace™ www.spyruswtg.com 32, 64, 128 GB Windows To Go Certified Drives Optimized for booting and running Windows 8 and Windows 8.1 Enterprise on hardware certified for use with Windows 7 or higher Windows operating systems. *Microsoft only supports certified drives.
  • ` Evaluation: Self Provision with the Creator Tool Provision single drive with an Enterprise Image only Select Drive Select Image Enable BitLocker Can be custom WIM or pointed at media Need admin access Can enable BitLocker
  • Deployment
  • ` Deployment Scenarios IT scripts the creation of drives Users pick up Windows To Go stick from central location Users boot at work to join domain and enable BitLocker Windows To Go is ready to use System Center 2012 Configuration Manager SP1 System Center 2012 R2 Configuration Manager
  • ` IT Provisioning for Central Deployment Uses PowerShell scripts to provision from Windows 8.1 Provision from Windows 7 with cmd scripts Can use same tools and image for laptops and Windows To Go Advanced options like BitLocker at deployment time or Offline Domain Join User receives device from IT admin First boot of the device may occur at home if DirectAccess and Offline Domain Join is utilized Run Windows To Go device for necessary scenarios
  • ` Duplication: IT Provisioning Specialized USB duplication hardware All drives are identical - user specialization occurs as separate step Certified drive partners offer duplication services Use PowerShell’s multiple process capabilities Parallel provisioning of all drives attached to a machine Allows for unique drive creation (e.g. using Offline Domain Join)
  • ` Deployment: User Self Provisioning System Center Configuration Manager Uses existing Windows 8.1 deployment model for Windows To Go Creates prestaged media Creates a package with self service tool (provided) Deploys the Windows To Go package to the appropriate users Browse the ConfigMgr Application Catalog Receives a UI that walks through basic inputs Reboots on CorpNet and completes the provisioning process
  • ` Manageability Group Policies introduced specific to Windows To Go Power Policy (hibernate and sleep) Store Policy Windows To Go startup options Inventory software and hardware Deploy applications and software updates Settings compliance System Center 2012 Configuration Manager SP1 for Windows 8 only deployments System Center Configuration Manager R2 for Windows 8 / 8.1 deployments
  • ` How Windows To Go works: Putting it all together Certified USB Drive
  • ` Summary Provides more Mobility Easy To Use Secure & Manageable
  • Work from Many Devices with Flexible Use Rights Access to Windows 8.1 Enterprise Virtualize, Manage, Restore with MDOP Software Assurance for Windows DirectAccess Connected to corporate networks, seamlessly and more securely BranchCache Users in the branch office can download documents and apps faster AppLocker Specify what software is allowed to run on a user's PCs Virtual Desktop Infrastructure (VDI) Improved end-user experience Windows To Go Creator Create a corporate Windows 8.1 environment on a USB stick Windows To Go Use Rights Access from any SA/VDA licensed device Use WTG on personal PC at work* or at home Microsoft Advanced Group Policy Management (AGPM) Checkpoint your policy rollout, minimize downtime Microsoft Diagnostics and Recovery Toolset (DaRT) Restore user productivity quickly Microsoft User Experience Virtualization (UE-V) Change your device, keep your experience Microsoft Application Virtualization (App-V) Virtually any application, anywhere Microsoft Enterprise Desktop Virtualization (MED-V) Enable your Windows XP-based apps on Windows 7 * Companion Subscription License Required Enterprise Sideloading Deploy Windows 8 apps from outside of the Windows Store Microsoft BitLocker Administration and Monitoring (MBAM) Simplified BitLocker management Companion Subscription License VDA/WTG right can be extended to up to 4 companion devices under add-on for SA Virtual Desktop Access (VDA) Enable users to access virtual instances of Windows in a variety of user scenarios Free VDA rights for Windows RT companion devices Enterprise Sideloading Deploy Windows 8 apps from outside of the Windows Store on Windows RT and Pro SA foundational use rights, technology, support Start screen control Control Start screen configurations for different groups using Group Policy NEW