One of the fundamentals of MS licensing has been changed. It’s always been the case that:
“the only way to get Windows Enterprise is to buy Pro + SA”
Well not anymore!
As of March 2014, there is a standalone Windows 8.1 Enterprise SKU available via Volume Licensing.
This means organizations who can’t/won’t enter into an agreement with Software Assurance can now benefit from things such as:
Windows To Go
Other SA benefits are not effected so things such as:
New Version Rights
etc. are still only available with SA.
What else has changed?
It is now ONLY possible to attached SA to the Enterprise Upgrade SKU.
This takes away one relatively common practise. Organizations would often buy machines with Windows Pro OEM and then attach Windows SA within 90 days. This is no longer possible as SA can be attached only to Enterprise – and that won’t come pre-loaded on machines.
If you bought the OEM devices before July 1st 2014, you still have the 90 days to purchase SA. Once that date passes, it will no longer be possible.
Windows 7 is excellent on it’s own, full of great new features, but when combined with Windows Server 2008 R2-it really comes in to it’s own. Things such as Direct Access, Branch Cache and Network Access Protection help make things easier, faster, more secure and better than ever before!
Direct Access is Microsoft’s answer to the pain that is VPN’s. They are often tricky to set up, tricky to use with failed connections etc and can waste a lot of time and money in helpdesk calls and lost productivity; so this is where Direct Access comes in. Once PC’s have connected to the corporate network once, they’ll be able to do it anytime, from anywhere:
This means users will receive the latest updates wherever they log on…home, the airport, a hotel-anywhere! Making mobile working a more secure propostion for users and admins…
For more details, see my dedicated post here and there is a great Solution Design Technet article here.
This new feature is designed for remote office and works by caching information on local servers rather than retrieving it from HQ each time. I’ve just seen that the information can be cached on client computers and this is knows as “distributed cache mode”.This decreases network traffic and, at the same time, helps increase users productivity.
Branch cache retention policies can be set by IT be it based on cache size, length of time cached etc. Technet has a great Early Adopters guide that’s full of information and can be found here.
To benefit from all these features, you need to run both Windows 7 AND Windows Server 2008 R2:
Direct Access is a new feature in Windows 7, a new feature that allows users to securely access corporate servers from outside the network…without a VPN. This was perhaps the most eye-catching feature for me and could well change the way that people work all over the world but it is something of a big claim. Pretty much any system admin that I’ve mentioned this to has said “Oh yeah-I’d like to see that? How does it work?” with a heavy dose of cynicism but now I can tell them…well show them a white paper at least!
VPN’s or Virtual Private Networks are used by almost everyone who need to access corporate servers, info etc from outside the network so at home, on the road, from the hotel, wherever…and they’re not the easiest things in the world-for both users and admins. The backend needed to set them up and maintain them can be costly and tricky to manage and I’m sure that VPN problems must be in the Top 5 HelpDesk calls at most companies. We’re constantly visited by account managers and reps from a huge array of manufacturers and nearly every single has to call HQ to get access to emails etc via their VPN…but with the advent of Windows 7 and Windows Server 2008 R2-that could all be over.
“DirectAccess establishes bi-directional connectivity with the user’s enterprise network every time the user’s DirectAccess-enabled portable computer is connected to the Internet, even before the user logs on”
“Clients establish an IPsec tunnel for the IPv6 traffic to the DirectAccess server, which acts as a gateway to the intranet. Clients can connect even if they are behind a firewall.”
DirectAccess requires the following:
·One or more DirectAccess servers running Windows Server 2008 R2 with two network adapters: one that is connected directly to the Internet, and a second that is connected to the intranet.
·On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that is connected to the Internet.
·DirectAccess clients running Windows 7.
·At least one domain controller and Domain Name System (DNS) server running Windows Server 2008 or Windows Server 2008 R2. When smart card-based authentication is required for end-to-end protection, you must use Active Directory Domain Services (AD DS) in Windows Server 2008 R2.
·A public key infrastructure (PKI) to issue computer certificates, smart card certificates, and, for NAP, health certificates. For more information, see http://www.microsoft.com/pki.
A number of Windows 7 features have been announced today (28/10/08) at the Microsoft PDC 2008. The vast majority of the features we saw today were for the consumer but fear not, Microsoft promise there are numerous Enterprise related additions too! These include:
Federated Search: Deliver a consistent experience finding file across PCs, networks, and Microsoft Office SharePoint Server systems.
DirectAccess: To link users to corporate resources from the road without a virtual private network.
BranchCache: To make it faster to open files and Web pages from a branch office.
Bitlocker ToGo: Data protection for removable devices.
Refined Universal Access Control: To give fewer prompts for users and more flexibility for IT.
PowerShell and group policy management.
Client virtualization: With virtual desktop infrastructure enhancements, to improve memory utilization and user experience.
Device Center: To provide a single place to access all connected and wireless devices with Device Stage, to see status and run common tasks from a single window.
HomeGroup: To make it easier to share media, documents, and printers across multiple PCs in offices without a domain.
“DirectAccess in Windows 7 and Windows Server 2008 R2 enhances the productivity of mobile workers by connecting them seamlessly and more securely to their corporate network any time they have Internet access—without the need to VPN.”
Anything that means we don’t need to use VPN’s is brilliant! I find they rarely work as well as end users need them to and they can make a System Admin’s life difficult, so removing VPN’s could be enough to make the detractors forget all about Vista!
“With DirectAccess, IT administrators can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on.”
“To keep data safer as it travels public networks, DirectAccess uses IPv6-over-IPsec to encrypt communications transmitted across the Internet. DirectAccess can use split-tunnel routing, which reduces unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server (running Windows Server 2008 R2)…”
Bitlocker To Go:
With all the lost data flying around these days, BitLocker To Go extends the proven BitLocker technology to removable USB devices, securing them with a passphrase. “In addition to having control over passphrase length and complexity, IT administrators can require users to apply BitLocker protection to removable drives before being able to write to them”.
Administrators can still allow unsecured USB devices to be used in a Read-Only mode and policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.
A related addition is AppLocker which is “a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops.” It uses “publisher rules” that are based on digital signatures so, with correctly structured rules, you can deploy updates etc without having to create new rules.
Virtual Desktop Infrastructire (VDI) in Windows 7 is closer to the experience of a local PC now with support for Aero, video viewing in Media Player 11 and multiple monitor configurations. New microphone support enables remote desktops running WIndows 7 Enterprise to provide VOIP & speech recognition functionality. Last, but by no means least, is Easy Print which allows users to print to local printers without installing drivers on the server.
The guys over at ActiveWin have got a great, in-depth review of the Windows 7, M3 Preview which contains any number of screenshots and a whole host of info. Some of the bits that caught my eye were:
Location Aware Printing:
In Windows 7, you no longer need to select the printer to match your location. When you change network locations, such as taking your work laptop home for the evening, the default printer setting can change to reflect the best printer for that new location. When you print at work, Windows 7 will print to your work printer. When you print at home, Windows 7 will automatically select and use your home printer.
Media Player 12 will ship with Windows 7 and according to ActiveWin: “this new version features radical changes to its menu structure, with some menus positioned on the left and right sides of the interface…and features two thick toolbars of controls, the second one focusing on traditional features such as Organization, Sharing, Playlist and Search…Common media formats supported include WMV, WMA, MPEG-4, AAC and AVC/H.264.”
Ultra Wideband (UWB) and Wireless USB (WUSB):
UWB and WUSB are new technologies that provide wireless alternatives to USB cables. Support for UWB and WUSB in Windows 7 lets you take advantage of new wireless devices and wireless USB hubs.
Libraries also seem like a really cool multimedia feature. I’m forever duplicating files as I can’t find where I saved them, creating numerous folders in different places all with the same names and finally just keeping stuff on my desktop so I don’t lose it. None of this leads to a brilliant user experience at home or at work and this is where Windows 7 libraries come in.
“With Libraries, you can not only organize, but view and manage files that that are stored in more than once place. This reduces the need to view files even when they are stored in different folders. Libraries are so powerful that they even span different disk drives and/or PCs on your home network. There are a range of options for organizing and browsing, by type, date taken or genre depending on the file type.”
On top of this, there is the already well known addition of touch and multi touch capabilities to Windows 7. If you’ve got a touchscreen monitor, or more likely a Tablet PC, you can open things from the Start Menu etc by pressing them. MultiTouch will let you zoom in and out on images by moving 2 fingers together/apart as needed and more..
Another new feature of Windows 7 will be the ability to re-order applications on the taskbar…I think this is awesome! This is one of those little things that has annoyed me for years and will finally be gone. I have a certain order that I like my applications to be in and I always have Outlook as the first program. However at the minute if I have to re-start Outlook it ends up buried on my Taskbar between to IE windows or something..and then it takes me a little while each time I need to go back Outlook.
I’ve asked around the office and this addition is met with unanimous approval!
Something else I’ve just seen on pcworld.com is that you can schedule desktop background changes with WIndows 7, I think that’s quite a neat touch!
Over at ZDNet, Ed Bott has got a great gallery of Windows 7 Screenshots which you can find here. Below is a shot of the desktop which shows another new feature, that gadgets are no longer confined to that bar on the right hand side..now they can reside anywhere on the desktop 🙂