Windows as a Service David das Neves Premier Field Engineer What is the aim of IT What is the current situation in IT How can ITPerformance be measured ID: 809082
Download The PPT/PDF document "Modern IT Digital Transformation" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Modern IT
Digital TransformationWindows as a Service
David das Neves
Premier Field Engineer
Slide2What is the aim of IT?What is the current
situation in IT?
Slide3How can IT-Performance be measured?
Stability
Change
Slide4Why is it so important to transform your team's capabilities?
Puppet: 2017 State of DevOps: What Every CIO Should Know
Slide5Digital Transformation Approach
Engage Your Customers
Empower Your Employees
Optimize Your Operations
Transform Your Products
Slide6Windows as a Service- what really matters
Slide7Windows Servicing ChannelsComparing use cases
General-purpose devices
For information workers, front-line task workers
New releases deliver improvements for security and productivity, as well as support for the latest hardware capabilities
Special-purpose devices
For limited use cases, where absolutely no changes can be tolerated
Examples include industrial and medical control devices
IoT-like devices, often shipped preconfigured from a value-added reseller (VAR)
Windows Semi-Annual Channel (SAC)
Windows Long Term
Servicing
Channel (LTSC)
Slide8Windows 10 Enterprise
Long-Term Servicing Channel
Provided for two different audiences
Windows 10 IoT Enterprise LTSC
For VARs, system builders, and OEMs building special-purpose devices (limited use license)
Windows 10 Enterprise LTSC
For enterprise organizations with similar special-purpose IoT-like needs (unrestricted use license)
Releases expected every 2-3 years
Silicon support policy applies (new Windows release needed to support new processor generations)
Next release expected in H2/2018
Designed when absolutely no feature changes can be tolerated for the life of the device
10-year servicing and support lifecycles, with no new features for the entire duration
Self-updating features and those driven by cloud services are removed: Microsoft Edge, Cortana, Store, and all in-box apps
Not intended for information worker devices
Slide9Windows as a service
Terminology
Quality Updates
A single cumulative update each month with no new features
Security fixes, reliability fixes, bug fixes, etc.
Supersedes the previous month’s update
Try them out with Security Update Validation Program (SUVP), other
Feature Updates
Twice per year with new capabilities
18 months of servicing and support for each feature update release
Very reliable, with built-in rollback capabilities
Simple deployment using in-place upgrade,
driven by existing tools
Try them out with Insider Preview
Changes made for older Windows releases as well,
to adopt learnings from Windows 10
Slide102018
2019
Staying Current
Key things to know about Windows as a Service
Windows 10 1709
Windows 10 1803
Windows 10 1809
Predictable releases, twice per year
Semi-Annual Channel
2020
Windows 10 1903
About six months between releases
Slide11Windows 10 1903
Windows 10 1809
Windows 10 1803
Windows 10 1709
2018
2019
Staying Current
Key things to know about Windows as a Service
2020
Each supported for 18 months
From the date of release
18 months for each release
Slide12Office 365
ProPlus
1808
Windows 10 1809
Windows 10 1803
Windows 10 1709
2018
2019
Staying Current
Key things to know about Windows as a Service
2020
Aligned with Office
For simpler deployment planning
Office 365
ProPlus
1708
Office 365
ProPlus
1802
Slide132017
2018
Staying Current
Key things to know about Windows as a Service
Windows 10 1709
Windows 10 1803
Windows 10 1809
Supported by ConfigMgr Current Branch
2019
Windows 10 1703
ConfigMgr 1702
ConfigMgr 1706
ConfigMgr 1710
ConfigMgr 1802
ConfigMgr 1806
ConfigMgr 1810
About four months between ConfigMgr releases
Slide14Windows 10Two releases per year (March, September)18 month lifecycle from release date
Prepare for broad deployment in July/January at the latestNEW: extra 12 month servicing (not support) extensions available (6 months free for 1607, 1703 and 1709 Enterprise) Test on release, deploy when ready
Do not wait for the “semi-annual” promotion
Slide15Office 365 ProPlusTwo releases per year
Two major channels, aligned with Windows 10 releasesChannels usually release around 4 weeks prior to Windows 10
Slide16SCCM3 releases per year (March, July, November)18 month lifecycle
Current Branch supports Windows 10 releases on day 1CB-1 does NOT support new Windows 10 releases and receives security updates only
Slide17Better together – the cycles aligned
2018
2019
2020
2
3
4
5
6
7
8
9
10
11
12
1
2
3
4
5678910111212345Windows 10 1709Windows 10 1803Windows 10 1809Windows 10 1903Windows 10 1909Windows 10 2003Office 365 ProPlus1708Office 365 ProPlus 1802Office 365 ProPlus 1808SCCMNote: Windows and SCCM release dates are estimates based on past releases and documented release cycles and may not reflect accurate actual release dates. Semi-Annual Channel (SA)SASASASASemi-Annual Channel (Targeted) (SA-T)SA-TSA-TSA-TSA-Tsupp. servicing (free)supp. servicing (paid)supp. servicing (paid)SASA-TSASA-TSA
Slide18Reasons
Slide19What is most important to stay secure?
Slide20Product Release
Threat sophistication
Time
Capability
Protection Gap
Staying Secure with Windows 10
Attackers take advantage of periods between releases
Stay ahead of the attackers with continual Windows 10 improvements
Slide21Supporting Hardware Innovation with Windows 10
Hardware is changing rapidly
Integration
Performance
Battery life
Software is a key piece
Power management
Performance tweaks
New hardware features to leverage
Windows 10 is enhanced with each feature update release
Slide22Improving Productivity with Windows 10
Continual improvements: New features twice per year, adding value and improving productivity
Minimized end-user disruption by having less change with each release
Slide23Identifying a tool to use
Slide24Windows Update
Windows Server Update Services
Windows Update for Business
Identifying a tool to use
Cloud
Feature updates installed as they are released (subject to throttling)
Delivery optimization for peer-to-peer distribution
Only option for Windows 10 Home
Cloud
Feature updates can be deferred (and paused if needed)
Builds on top of Windows Update
Uses Windows Update for content
Driver and Firmware Updates via Windows Update
On-
Prem
Feature updates are deployed when you approve them
Content distributed from WSUS servers
BranchCache to reduce bandwidth
System Center Configuration Manager
On-PremChoice of task sequence-based feature updates or Windows 10 servicing capabilitiesContent distributed from ConfigMgr DPsBranchCache or ConfigMgr peer caching to reduce bandwidth
Slide25Windows Update for Business
Servicing from the cloudBuilt on top of Windows Update for global scale
Implemented through additional policies configurable via Group Policy, Intune (or other MDM services), Configuration Manager
Controls for deferring feature updates, quality updates
“Active Hours” to specify when users are likely away
Windows Analytics for compliance reporting
Slide26System Center Configuration Manager
Windows 10 ServicingDefine servicing plans to indicate the schedule for deploying to devices
Servicing plans are executed automatically for each feature update
Reduces size of updates via use of ESD files
Task Sequence Servicing
For additional control over the feature update deployment process
Slide27Distribute content using peer-to-peer
Eliminate bottlenecks by moving traffic to the edges of the network
Multiple tools available:
BranchCache (with WSUS, ConfigMgr)
Delivery Optimization (with WU, WU for Business)
ConfigMgr Peer Caching (ConfigMgr current branch)
Third-party alternate content providers (ConfigMgr)
90% or more of the traffic can be shifted
Simple to implement, great for large and small offices
Data Center Server
Router
Switches
Wireless Access Point
Data Center Server
Router
Switches
Wireless Access Point
Without peer-to-peer
With peer-to-peer
Slide28Transitioning to Modern IT
Slide29How to empower users to be productive, while protecting the massive amounts of data flowing through your mobile ecosystem?
USER EXPECTATIONS
CORPORATE CHALLENGES
Work from anywhere
Easy access to familiar apps
Easy Collaborate and
share with partners
Protect corporate data and resources
Manage access to company resources
Simplify Management
The mobile productivity challenge
Slide30Paths to Modern Management
Big Switch Transition
Group by Group Transition
Iterative (Co-management)
Many workloads need to be modernized at the same time
Doesn't address the needs of the full organization
Iteratively move workloads to modern
Cloud-first
A new organization starting with modern workplace
Slide31AD/AAD connect
Adopt Windows 10
Adopt Office 365/
ProPlus
Imaging to Signature Image
Win 10
GPO to MDM Policy
Kerberos to Modern
Auth
Win32 to Modern Apps
ConfigMgr
Content Delivery to Cloud Content Delivery
Today
WSUS to
WUfB
Adopt & Connect
Transition to Modern
Bridging to Modern Management
Modernizing with a co-management bridge
Slide32WaaSMind Change
Slide33Release Thinking / Waterfall Model
Slide34Agile Model
Slide35Do you really know what WaaS is?
Slide36WaaS Cycle
2
1
3
4
Slide37Slide38Slide39Slide40Slide41Key Points
Slide42Procedural Approaches
Slide43Pilot
Broad
2017
2018
2019
Windows as a Service
Skipping possible?
2020
18 months for each release
Windows 10 1709
Plan & Prepare
Windows 10 1803
Windows 10 1809
Windows 10 1703
Upgrade Machine
Nearly no time buffer
Slide44Pilot
Broad
2017
2018
2019
Windows as a Service
Automation?
2020
18 months for each release
Windows 10 1709
Plan & Prepare
Windows 10 1803
Windows 10 1809
Windows 10 1703
Broad +10d
Broad +10d
Broad +10d
Broad +10d
Slide45Windows as a ServiceAutomation?
Slide46WaaS – Granular View for one Release
Phase
Broad Deploy
Plan & Prepare
Buffer for Upgrade / Compliance Cleanup
Insider
Preview
State
6 months
18 months
Windows 10 1803
Semi Annual Channel (Targeted)
Semi Annual Channel
approx. 4 months
approx. 14 months
Targeted Deploy
OS Release
Ready for Broad Deployment
Slide47Plan & Prepare = Insider Preview = IP = 6 monthsTargeted Deploy =
Semi Annual Channel (Targeted) = SACT = approx. 4 months
Broad Deploy =
Semi Annual Channel
=
SAC = approx. 14 monthsSACT + SAC = the time this OS Release is supported = 18 Months Buffer for Upgrade = Compliance Cleanup = approx. 4 months
Legend and Facts
Slide48IT Test User
IT Validators
Project Team
IT Department
App Holder
App Test User
Project Team
Uncompliant Broad Users
Broad Deployment
Knowledge-Management
Preparation
Upgrade
Testing
Validation of
new Features
Feature Closings
Setting Infrastructure Requirements
Proactive
LoB TestingUpgrade TestingLoB TestingADMX / GPOs SCCM – TSIntegrate & validate new FeaturesFeedback ManagementWaaS – Granular View for one ReleasePhasePlan & PrepareInsider PreviewSemi Annual Channel (Targeted)Semi Annual ChannelUpgradeCompliance CleanupReinstallStateUserWorkflowBroad UsersTargeted Production UsersIT Service DeskPilot DeploymentTargeting all Apps, OUs, network segments and HW variationsFeedback ManagementUpgradeSpecial MachinesFirst uncompliant Broad UsersBroad Use Close to UpgradeUpgrading first Machines to next releaseReactive Testing & ProductionTargeted Deploy Broad Deploy6 monthsapprox. 4 monthsapprox. 14 monthsProactive TestingState
Slide49WaaS – Taking Every Release
Phase
Plan & Prepare
Devices
Upgrade
Reactive Testing & Production
Targeted
Broad
Proactive Testing
State
Insider
Preview
SACT
SAC
Version
6 months
approx. 4 months
approx. 14 months
70 - 90%< 10%0%25% - 100%1 – 5%5 – 25%
Slide50WaaS – Taking Every Release
Insider
Preview
SACT
SAC
Version
6 months
approx. 4 months
approx. 14 months
1709
1803
1809
Slide51WaaS – Taking Every Release
Insider
Preview
SACT
SAC
Version
6 months
approx. 4 months
approx. 14 months
Upgrade
Reactive Testing & Production
Proactive Testing
Upgrade
Reactive Testing & Production
Proactive Testing
Upgrade
Reactive Testing & Production
Proactive Testing
170918031809Process StepsProcess StepsProcess Steps
Slide52MODERN ≠ Traditional
MODERN
Devices
MODERN
Management
MODERN
Security
MODERN
Company
MODERN
IT
MODERN
Working
Slide53The Race for Performance
Slide54Moving from Project to Process
Slide55How it should look like
No more big, disruptive deployment projects
Easy, automated deployment process
Exceptional application compatibility
Slide56How the real world looks like
Average deployment time:
every
5
years
Calculation for 5 years:
10 deployments
Break-even:
10% effort
for each deployment
Best study:
25% effort
for each deployment
+150%
Slide57DevOps Report – High Performers vs. Low Performers
IT performance
metrics
2017
Deployment frequency46x more frequentLead time for changes440x faster
Mean time to recover (MTTR)
96x faster
Change failure rate
5x lower (1/5 as likely)
Puppet: DevOps Report 2017
Slide58Decentralized Testing Approach
Feedback
Slide59Decentralized Testing
Approach with Key User
Feedback
Slide60Moving to Agile
0%
0%
100%
Slide61Moving to Agile
50%
30%
20%
Slide62Moving to Agile
20%
70%
10%
Slide63How to win
this
race
Slide64How to win this race
Slide65How to win
this race
Slide66Organizational Structures & Architecture
Slide67Modern Project Structure
Information
Control
Slide68Transforming Organizational Structures
Hierarchy
Network
Slide69Modern Project
Structure
Information
Control
Slide70Agile
Servicing Cycle
Preparation
and Build
Technical Build
Adoption Plan
Security Settings
Evaluation
Ring Deployment: IT, Business Pilot, General
Adoption and Change Management
Feedback, ad hoc fixing
Evaluation
Design
document
You need this first!
Deploy
Improve
Teach
Build your release package
Learn - and go into the next cycle!You need an Agile Servicing Cycle
Slide71Going through the Design Cycle
Strategy and Design Cycle
Specification
Package
Architecture & Design
Technical
Specifications
Security Design
Adoption Program
Process
Design
Strategy and
Requirements / Analysis
Adoption
Maturity
Vision & Value
Operational & Technical
Maturity
Security, Legal, Compliance
GovernanceDependenciesOrganisational DesignApplication Servicing and Lifecycle ModelWorkers‘ CouncilNaturally, these tasks take much longer than one Windows release cycleResult of the cycle
Slide72Ring Deployment: IT, Business Pilot, General
Agile
Servicing
Cycle
Preparation
and Build
Technical Build
Adoption Plan
Security Settings
Evaluation
Adoption and Change Management
Feedback, ad hoc fixing
Evaluation
Strategy and Design Cycle
Architecture & Design
Technical
Specifications
Security Design
Adoption Program
Process DesignStrategy and Requirements / AnalysisAdoption MaturityVision & ValueOperational & Technical MaturitySecurity, Legal, ComplianceGovernanceDependenciesOrganisational DesignApplication Servicing and Lifecycle ModelWorkers‘ CouncilThe full pictureFeedbackHandoverSpecificationPackageRing Deployment: IT, Business Pilot, GeneralPick the new specifications (if there are any)Provide feedback and improve the architecture
Slide73Windows
as a Service
is an
Enabler
and
Enforcer
for
the
Modern Company
.
Outline
The Modern Company
empowers
your
employees
and
optimizes your operations.
Slide74Windows 10 Link List
http://aka.ms/w10links
Windows as a service documentation
http://aka.ms/WaaS
http://aka.ms/WaaSITPro
Windows as a service overview video
http://aka.ms/WaasVideo
Windows Analytics and Ready for Windows
http://aka.ms/WinAnalytics
http://www.readyforwindows.com
Resources
Slide75Improving Processes
Slide76Recurring Procedural Steps
Slide77Recurring Procedural Steps – Demo
Slide78Retrieving Procedural Steps
Fine-tuning
Slide79Gantt Chart Demo
Insider
Preview
Semi Annual Channel (Targeted)
Semi Annual Channel
State
6 months
approx. 4 months
approx. 14 months
Slide80Critical Path Method
Insider
Preview
Semi Annual Channel (Targeted)
Semi Annual Channel
State
6 months
approx. 4 months
approx. 14 months
A
1
10
1
10
DUR 10
Drag 10
C
11
201165DUR 10TF 45B11351135DUR 25Drag 25E51655165DUR 15Drag 15F66706610DUR 5Drag 5D36503650DUR 15Drag 15DurationDelay AmountTotal FloatEarliest Start & FinishLatest Start & FinishTaskLegend:
Slide81TimeTrigger
Plan & Prepare
Targeted Deploy
Broad Deploy
Collection
OS Release
Ready for Broad
Compliance Cleanup
IP
SACT+10
SACT+40
SACT+70
SACT+100
SAC+40
SAC+100
SAC+150
C1
C2
C3
C4C5C6C7C8UpgradeReactive Testing & ProductionProactive TestingAutomation of Servicing with Rings
Slide82Plan & Prepare
Proactive Testing
Plan & Prepare - Insider Preview (for Business)
Validating
Inplace
Upgrade
Validating
new
Features
Inspect
new
Features
Validating
LoB
Apps
Validate Feature ClosingsIP - FastCInspect new FeaturesRelease Preview
Slide83Targeted Deploy
SACT +2
SACT+15
SACT+30
SACT+40
SACT+70
SACT +90
SACT +110
C1
C2
C3
C4
C5
C6
C7
C8
Reactive Testing & Production
Proactive Testing
Targeted Deploy - SACT
Validating Inplace UpgradeStarting Test Rings for Reactive TestingTest Rings for Reactive TestingRevalidating LoB AppsBuilding GPOsIT Dept.UAT for Test GroupSACT +100
Slide84Broad Deploy
SAC+10
SAC+40
SAC +70
SAC+170
SAC+210
SAC+100
SAC+120
SAC+140
C1
C2
C3
C9
C10
C6
C7
C8
Compliance Cleanup
Reactive Testing & Production
Broad Deploy - SACSAC+250SAC +270C11C12CleanupSAC+330SAC +360C13C14UpgradeReinstallSensitive MachinesVIPs
Slide85Plan & Prepare
Targeted Deploy
Broad Deploy
Ring Count
OS Release
Ready for Broad
Automated Selection
Semi-manual Selection
Manual Selection
Planning Ring Counts
2
3 - 16
3 - 30
Cleanup
2 - 4
Auto
Slide86Pilot
Broad
2017
2018
2019
Windows as a Service
Longterm
Roadmap
2020
Windows 10 1709
Plan & Prepare
Windows 10 1803
Windows 10 1809
Windows 10 1703
Windows Hello for Business
AD Schema 2016 / Server 2016
Device Guard enforced
CA Authority
Slide87Summary
Slide88Overview
Keep It Simple and
Split the Workload
Slide89Differentiating Compatibility Approaches
Pre-WaaS
WaaS
Continuously targetting the
next
Windows 10 Version
No to little
Experience from the Field
Same Processes
won´t
work
like in previous migrations
Developing Tools which
will
lead to this goal
Target a
specific
Windows 10 Version
Huge Experience from the FieldSame Processes will work like in previous migrationsKnown Tools which will lead to this goal
Slide90Pre-WaaS
Single Process in a defined Timeline
Slide91WaaSRepeating Process in small Timeframes
Slide92Pre-WaaSGetting on the Train – W10
Slide93Necessary Steps High Level
Win32 / UWP / Web - Applications
Inventory
Slide94Inventory
Slide95Inventory - Application
Slide96Inventory - Categorization
Slide97Inventory – Testing (WaaS)
Slide98ToolsOverview and some Walkthroughs
Slide99Remediate
Application Compatibility Toolkit
Deploy
Enterprise Site List
Group Policy
See Windows 10 Deployment Workshop
Test
Rationalize
Discover
Prioritize
Microsoft Assessment & Planning Toolkit
Enterprise Site Discovery
Windows 10 Setup Compatibility Scan
IE 11 Enterprise Mode
3
rd
Party Tools
Dedicated Resource
ISV
Service ProviderUser and/or Administrator3rd Party Tools3rd Party ToolsSystem Center Configuration ManagerWMI QueryF12 Developer ToolsUpgrade ReadinessWin32 / UWP ApplicationsWeb Applications
Slide100Setup Compatibility ScanSETUP.EXE /Auto Upgrade /Quiet /NoReboot /DynamicUpdate Disable /Compat ScanOnly0xC1900210
- No issues found0xC190020E - Insufficient free disk space0xC1900208
- Compatibility issues found (hard block)
0xC1900204
- Migration choice (auto upgrade) not available
(probably the wrong SKU or architecture)· 0xC1900200 - Does not meet system requirements for Windows 10Deploy via SCCM to gather informationTake also a look at the log files C:\Windows\Panther\Setup*
Slide101Upgrade Readiness
Slide102Microsoft IdeaGive IT Professionals the same powerful technology that enables Microsoft to upgrade hundreds of millions of consumer machines to Windows 10
Offered as solution in Microsoft Operations Management Suite (OMS)
No additional costs for Upgrade Readiness usage
Slide103Architecture
Slide104Upgrade Readiness Service Dashboard
Slide105Migration benefitsReadiness data directly integrated into SCCM 1610 ff.Can be used to dynamically target Windows 10 Servicing Tasks
Slide106DemoUpgrade Readiness
Slide107