Creating a Volume Activation Plan

Members of the Infrastructure Remediation, Computer Imaging System, and Deployment feature teams participate in the implementation of a volume activation plan. Each team has responsibility for aspects of this plan, including setup and management of a KMS, creation of images with appropriate product keys, and deployment of activated systems. The completed volume activation system is turned over to IT Operations at the end of the project.

On This Page

Volume Activation Options Volume Activation Options
Planning an Activation Infrastructure Planning an Activation Infrastructure

Volume Activation Options

This section describes each activation method and provides information to help organizations decide which method best suits their systems’ requirements.

Note   Retail editions of Windows Vista are activated with individual activation keys. Retail product activation is supported by the BDD 2007 Lite Touch Installation (LTI) deployment process.

Original Equipment Manufacturer

Microsoft original equipment manufacturer (OEM) partners use a hardware security module (HSM), software, and an ID parameter that the OEM chooses to generate a public key, which Microsoft uses to create a unique OEM signing certificate. The certificate, along with special BIOS tables and product keys specific to the OEM and its particular product, is used to activate an installed version of the Windows Vista operating system and tie it to an OEM’s specific hardware.

Advantages of OEM activation include permanent activation, activation without connecting to any activation provider, and the ability for OEMs to use custom media images. (The recovery media is also activated.) Drawbacks for the customer are the need to maintain recovery media specific to each OEM system configuration versus having a generic image to use across all hardware.

Organizations can also provide system images created from volume-licensed media for OEM imaging; however, these systems must be activated using KMS or MAK.

Multiple Activation Key

MAK activation uses a technology similar to that in use with MSDN® Universal and Microsoft Action Pack subscriptions. Each product key can activate a specific number of systems. If the use of volume-licensed media is not controlled, excessive activations result in a depletion of the activation pool. MAKs are activation keys; they are not used to install Windows but rather to activate it after installation. Use MAKs to activate any volume edition of the Windows Vista operating system.

The MAK is obtained from the Microsoft Licensing Web site or sites and is used to activate each system under MAK management. As each system contacts Microsoft’s activation servers, the activation pool is reduced. Activation can be performed online over the Internet or by telephone. Check the number of remaining activations online and request additional activations to make up for re-imaged or stolen systems.

Advantages of MAK activation include the ability to automate key assignment and activation (MAK activation can be transparent to the end user), availability of online reports regarding key utilization, and no requirement to periodically renew activation. Drawbacks include the need to request additional keys when the number of activations passes the preset limit, the need to manage the installation of MAKs (the installation of MAKs can be automated through BDD 2007), the requirement for reactivation when significant hardware changes occur, and the potential need to manually activate systems using a telephone when no Internet connection is available.

Key Management Service

With the initial setup of one or more KMS hosts, the KMS activation infrastructure is self-maintaining, relatively problem-free, and transparent to the end user. Team members can install KMS hosts on Windows Vista systems or on systems with servers running Microsoft Windows Server® Code Name “Longhorn.” KMS can scale to hundreds of thousands of KMS clients per server. Most organizations can operate just two redundant KMS hosts for their entire infrastructure.

Note   To support organizations not yet testing Windows Server “Longhorn,” Microsoft is evaluating options to allow KMS to run on Microsoft Windows Server 2003. The final version of this guide will contain updated information.

KMS hosts can automatically advertise their presence through the use of Domain Name System (DNS) service (SRV) resource records. Organizations using Dynamic DNS enjoy automatic registration and resolution of KMS hosts with no administrative intervention. Microsoft DNS and Berkeley Internet Name Domain (BIND) version 8.x and later support Dynamic DNS and SRV resource records. In organizations using Dynamic DNS server permissions, the DNS administrator may have to modify server permissions to allow automatic registration of the KMS SRV resource records in DNS. This requirement should be familiar to these organizations because similar accommodations must be made for Microsoft Active Directory® directory service SRV resource publishing.

Note   Site DNS administrators should be assigned to the Infrastructure Remediation feature team to help ensure proper setup and operation of DNS related to KMS publishing and management.

KMS usage is targeted to managed environments where at least 25 physical computers regularly connect to the organization’s network. Windows Vista computers activate themselves only after verifying that the required threshold of computers has been met. A KMS requires a minimum of 25 Windows Vista physical clients or five Windows Server “Longhorn” physical clients before each operating system type can activate itself after contacting the KMS. (The count of systems running Windows Server “Longhorn” is subject to change as the product nears final release.)

Note   Systems operating in virtual machine (VM) environments can be activated using KMS but do not contribute to the count of activated systems.

Systems activated with KMS periodically renew their activations with the KMS host. If those systems are unable to connect to a KMS host for more than 180 days, they enter a 30-day grace period, after which they enter RFM until a connection can be made with a KMS host, or until a MAK is installed and the system is activated online or by telephone. This feature prevents systems that have been removed from the organization from functioning indefinitely without adequate license coverage.

Note   By default, KMS clients that have not yet been activated attempt to contact a KMS host every two hours. When activated, they attempt to renew their activation every seven days, by default.

Advantages of KMS activation include automatic activation with little or no IT intervention, use of a single product key to activate and reactivate all systems, no Internet connection requirement (after the KMS host has been activated), low network bandwidth use, and reporting through use of an available MOM pack. Drawbacks include the requirement to set up the KMS infrastructure and the potential manual effort that may be required if dynamic DNS is not available.

If dynamic DNS is not available (because of server limitations or DNS security settings), the SRV, A, and AAAA resource records for the KMS must be manually created in DNS as appropriate. If the organization’s DNS does not support SRV records, administrators must register the host name or address of the KMS host (or hosts) on the Windows Vista reference systems prior to imaging. This requirement can make maintenance more difficult when KMS locations change, requiring changes to the reference image and to active systems.

Note   Some efficiency may still be achieved by using a single host name for manual KMS registration and then by using the round-robin capabilities of DNS to load-balance two or more KMS hosts from the same host name.

Table 1 helps clarify the major attributes of each method of activation. Read the table footnotes for additional information about certain attributes.

Table 1. Volume Activation Option Advantages and Disadvantages

  

OEM activation

MAK activation

KMS activation

Advantages

 

 

 

Permanent activation

             SE_VABullet01

             SE_VABullet02

 

Automation

             SE_VABullet01

             SE_VABullet01

             SE_VABullet01

Reporting

 

             SE_VABullet01

             SE_VABullet01

Tolerates hardware changes

             SE_VABullet01

 

             SE_VABullet03

Disadvantages

 

 

 

Requires key management

 

             SE_VABullet01

 

Requires KMS infrastructure

 

 

             SE_VABullet01

Requires external communication

 

             SE_VABullet01

             SE_VABullet04

Locked to hardware

             SE_VABullet01

 

 

1This advantage does not hold true if hardware falls out of tolerance.

2Replacing the system drive causes KMS-activated clients to fall out of tolerance.

3Microsoft must activate the computer running KMS before KMS client computers can activate themselves.

Windows XP Windows Product Activation

There have been no changes regarding the WPA features of Windows XP. Windows XP OEM and volume-licensed media require a product key during installation but do not require activation. Windows XP retail media require a product key during installation and must be activated following installation. Activation can be done over the Internet or with a telephone call to the Microsoft WPA activation hotline.

BDD 2007 supports application of product keys during installation of Windows XP in LTI and Zero Touch Installation (ZTI) scenarios. See “Appendix E: BDD Automation” for more information on the use of BDD 2007 to install Windows XP images.

Planning an Activation Infrastructure

This section can be used to help plan the activation infrastructure. Using the knowledge of how each activation method works and knowing the limitations of each are important parts of the planning process. The next step is to understand how volume activation can be applied to the environment.

Analyzing Activation Options

Certain activation options make more sense than others when the patterns of network connectivity and system usage are analyzed. Clients that are out of the office for months at a time will not be able to use KMS activation, while MAK activation may be unnecessarily complex for environments where 400 static desktops could be activated using a single KMS host.

Network Connectivity

Evaluate the following questions regarding network connectivity:

  • Does the target system have access to the network where a KMS structure is to be deployed?

  • How many clients will be activated?

  • Will systems be activated over a slow wide area network (WAN) link? Repetitive KMS activations, even though they are small, can cumulatively impact network performance.

  • Do the organization's DNS servers support SRV resource records and dynamic DNS updates?

  • If MAK is being considered, do all clients have individual Internet connectivity to contact the Microsoft clearinghouse?

If the environment can support connectivity requirements for KMS, it is the simplest to configure and manage. It may not serve all purposes and can be supplemented by MAK or even retail or OEM activations where required.

Computer Connection Patterns

Keep the following questions in mind while evaluating computer usage patterns:

  • How often will clients connect to the activation infrastructure? KMS clients must renew their activations at least every 180 days.

  • Do clients have limited access to the Internet? KMS or MAK proxy activation may be required to activate clients in these environments.

  • Are systems on a high-security, isolated (air gap) network? Systems with no access to the IT infrastructure can be activated using manual MAK proxy activation or can use retail or OEM activation.

Other Activation Questions

In addition to the above questions, teams should consider the following points as they determine which solution to use:

  • Are clients KMS-eligible? Clients without the correct ACPI_SLIC BIOS marker cannot be activated using KMS. These systems must use OEM or MAK activation.

  • Are the systems in the environment using OEM-activation? If systems are already activated by the OEM, activation is not required at this time. If the organization uses volume licensing, however, consider establishing the KMS infrastructure to support re-imaging over time using volume-licensed media.

Mapping Clients to Activation Options

After the above questions have been answered, teams can map systems in certain groups to the appropriate activation option. Create a worksheet similar to Table 2. List each activation option applicable to the environment, and count the number of systems that will use each option. This step allows better visualization of the activation infrastructure.

Table 2. Mapping Clients to Activation Options

Criteria

Type of Activation

# of Computers

Total number of computers to be activated

 

100,000

Number of computers that will not connect at least once every 180 days

MAK

-3000

Number of computers in target environments that have less than 25 clients

MAK

-1000

Number of clients that will regularly connect to the network

KMS

-95,000

Number of clients in disconnected environments, where number of clients is greater than 25 and no Internet connectivity

KMS

-250

Number of clients in disconnected environments, where number of clients is less than 25 and no Internet connectivity

MAK

-750

Remaining client count should be zero

 

0

*The total number of systems listed should equal the total number known to exist in the environment.

Plan Monitoring and Reporting

It is critical to establish monitoring and reporting for KMS and MAK. For MAKs, be sure to include monitoring the number of MAK activations used by viewing the Microsoft licensing Web sites. If the environment can support the requirements for KMS (25 computers for Windows Vista activation), deploy a KMS so that computers will not run in RFM.

Refer to the following sections to set up reporting in the environment for Volume Activation 2.0:

  • “MOM Pack for KMS Activation” (may be available in Q1 2007). Provides KMS Management and sample reports for KMS activation.

    Note   Activation reporting through various system management tools will be available soon.

  • “KMS Event Log Entries.” Provides information about common KMS event log entries.

Plan Support

Create support scripts for the following scenarios to address common Volume Activation 2.0 issues:

  • Steps to convert from KMS to MAK. For more information, see the section “Install MAK Clients” in the Volume Activation 2.0 Step-By-Step Guide at http://go.microsoft.com/fwlink/?LinkId=76704.

  • Steps to convert from MAK to KMS. For more information, see the section “Convert a client using MAK Activation to use KMS Activation” in the Volume Activation 2.0 Step-By-Step Guide at http://go.microsoft.com/fwlink/?LinkId=76704.

  • Troubleshooting activation issues. For more information, see “Appendix B: Troubleshooting Volume Activation,” later in this guide.

  • Recovery from RFM. For more information, see “Resolving RFM” later in this guide.

Additional items to consider are:

  • Training to bring support staff up to date on Volume Activation 2.0.

  • Escalation management to ensure issues are raised to trained personnel.

Download

Get the Microsoft Solution Accelerator for Business Desktop Deployment 2007

Update Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions