Chapter 4: Infrastructure


Infrastructure is where the finalized requirements are transformed to working technology. The final bits that comprise the configuration of the IT environment are defined by infrastructure work. This is where the new features of Windows Vista are used to best meet business requirements. What will ultimately become the company's operational architecture is planned and built through infrastructure engineering activities.


Ray Chow, Woodgrove's Infrastructure Manager, has had multiple conversations with his business representatives. He is having a difficult time settling on a minimum number of build images that will meet the requests from the business. If he moves forward and implements everything the business is asking for, he will undoubtedly find IT operations and support in a mutiny with all the resulting complexity. The situation is clear: Only a few desktop images can be cost-effectively managed.

Microsoft offers exciting new infrastructure technology in Windows Vista. The Windows Vista features listed in Table 4.1 will help build a strong solid infrastructure for the corporation to depend and rely on.

Table 4.1. Windows Vista Features and Design Considerations


Design Considerations

User Account Control

  • Aspect: Users run in standard mode
  • Benefit: Increase security, decrease support issues
  • Active Directory considerations
  • Group Policy
  • Application Compatibility
  • Application Packaging
  • Development standards

Encrypted File System (EFS)

  • Aspect: Encryption of NTFS files
  • Benefit: Control access to data
  • System Performance
  • Backup and Restore
  • Key Recovery

BitLocker Drive Encryption

  • Aspect: Pre-OS boot protection
  • Benefit: Protects OS from compromise
  • Schema extensions
  • Hardware standards
  • Security and privacy guidelines

Windows Vista Firewall

  • Aspect: First line of defense
  • Benefit: Block malware
  • Group Policy
  • Centralized management

Automated Password Reset

  • Aspect: Access control
  • Benefit: Improve overall security
  • Help desk processes and automation

Automated Patch Distribution (administrator controlled)

  • Aspect: Up-to-date software and configurations
  • Benefit: Improve manageability
  • Security
  • Service level management

Automated Software Distribution

  • Aspect: Approved software on the right computers
  • Benefit: Improve manageability
  • Security
  • Service level management

Desktop Imaging (pre-deployment and ongoing Configuration Management)

  • Aspect: Image reduction
  • Benefit: Improve manageability
  • Minimize number and size of images
  • Applications, drivers, language packs as additional layers

Desktop OS Release Management (that is, Automation Type)

  • Aspect: Utilize automation
  • Benefit: Degree of automation matched to requirements
  • Lite Touch Installation
  • Zero Touch Installation

The Infrastructure Role contains shared responsibilities for a number of different roles, people, processes, and technologies. Responsibilities include organizing and managing IT policies and procedures, methodologies, and standards for IT-related infrastructure and devices, as well as cost-management techniques. These responsibilities help address the changes that need to be made in the enterprise architecture to meet the requirements of the business.

Key responsibilities of the Infrastructure Role for standardized and controlled Windows Vista-based computers include:

  • Plan and manage an up-to-date IT infrastructure.
  • Develop and document policies and procedures.
  • Manage strategy for operations and support.
  • Define how costs related to the desktop life cycle are measured and tracked.
  • Manage computer builds, standard images, and software installations.

Key related capabilities required of the Infrastructure Role include:

  • Provide a service to other IT groups in design, selection, and procurement of infrastructure solutions.
  • Understand naming standards and requirements.
  • Understand breadth and depth of infrastructure tools and management systems for selection and support.

NoteMicrosoft provides guidance for improving your organization through Infrastructure Optimization resources. Infrastructure Optimization is a gauge for IT and provides a logical roadmap to move from reactive to proactive IT service management.

Find more information at

Build and Design Images

From his earlier work in defining policy, standards, and IT alignment, Ray establishes usage profiles that meet business needs while consolidating functionality. Ray illustrates the mapping of business usage scenarios with the particular build images and high-level configurations within an architectural plan. He now sets out to develop the build images.

Managing the minimum number of images and a limited set of hardware configurations has been proven to not only reduce costs, but also to increase operational efficiencies with respect to application availability. Therefore, it is essential that organizations engage in projects that effectively reduce the number of managed images within the environment as well as set standards for current and future hardware purchases. Reduction in image count can be achieved through the gathering of business requirements and architectural planning. Since each new image in the organization has shown to significantly raise both the annual operational and support costs to the organization, the IT desktop engineering teams should ensure that only the necessary number of applications and OS and hardware configurations are considered for inclusion within each distinct image. For more information, see PC _TCO_Best Practices.pdf at

The most important activities involved in managing IT desktop images include:

  • Directly focus the service level management initial discussions to determine which applications to include in a supported application image.
  • Gather relevant business requirements and group same or similar requirements into a single core image.
  • Manage, review, and update the images with latest maintenance updates and configuration items on a periodic basis.
  • Put a service strategy plan in place for future applications to be added to the supported images.

Build and Design Image Process

Figure 4.1. Build image process

Follow the steps in the following sections to develop build images.

Step 1: Architect Baseline Images

First, the Infrastructure team should construct a thin core Windows Vista OS image. Two separate images, one each for the x64 and x86 architectures, will be needed. All other applications, language packs, and other non-essential files should be held until step 2 when role-based application packages are designed.


  • Architect thin core OS images.
  • Architect build images with efficient and effective construction, delivery, and support in mind.

Success Criteria:

  • Architecture document detailing baseline build images with information regarding construction, delivery, and support.


  • Initial and on-going for review and improvement.

Step 2: Establish Business Usage Profiles

Business usage profiles help the IT pro understand what core functionality to provide by consolidating sets of business group requirements. One example is the division of requirements (including risk/functionality/management/cost balance) between desktop and laptop users, which can produce two divergent sets of application and configuration needs. These requirements would yield two separate role-based application packages that would be applied on top of the organization's base thin OS image. Separating the role-based application requirements from the core OS image will allow for both greater consumption of the base image and more efficient ongoing maintenance of the role-based application package.


  • Determine consolidated business usage profiles for use in creating role-based application packages.

Success Criteria:

  • A documented set of business usage profiles prioritized and mapped to specific business groups.


  • Initial and on-going for review and improvement.

Step 3: Review Business Usage Profiles and Images

Conduct reviews on the architecture to ensure that the images are current and aligned to the ever-changing business requirements. When publishing the architecture, the IT organization should also publish a servicing model that outlines scheduled reviews of the architecture against agreed upon changing business requirements. This servicing model should include items such as maintenance windows, tasks, and activities needed to keep the service available and up-to-date.


  • Improve and update business usage profiles and supporting build images.

Success Criteria:

  • Maintain organizational functional requirements while keeping down costs.


  • On-going as business usage changes, which may result in build image changes.

Step 4: Build Design Images in Test Environment

The following steps show how to integrate the right features into the images for deployment. This process helps to define the critical business needs while making appropriate trade-offs with business requirements and application/hardware functionality. It will ensure that the images deployed deliver to expectations.

Figure 4.2. Steps to build the images in a test environment

Step A: Establish Hardware Standards and Targets

Define hardware groups to meet business usage. Hardware groups should reflect both a minimum and recommended level of hardware based on the organization's purchasing agreements. Work closely with the Service Management team.


  • Establish hardware guidelines to define a hardware upgrade for Windows Vista.

Success Criteria:

  • A consolidated guideline published to show the existing hardware within the organization (baseline) and minimum and recommended thresholds for a Windows Vista upgrade.


  • Initial and then repeated based on organization's hardware refresh cycle.

Step B: Build Base OS Configuration Including Security Components

The image creation process is often a step-by-step progression of evolving images. This is the base build that will be used to evolve from OS to final deployment image. This is done for each business usage profile and is then tested against the various hardware standards. Work closely with the Security team.


  • Create a base build image of the OS and primary security components that can be used to evolve image creation. Use Business Desktop Deployment (BDD) 2007 from Microsoft for recommendations on imaging. See Microsoft Solution Accelerator for BBD 2007 at

Success Criteria:

  • A base build image that has successfully been tested against the hardware minimum and recommended standards.


  • Initial for each business usage profile and hardware standard as needed.

NoteWindows Vista is more flexible in handling various hardware components than prior versions. Start by trying a single base Windows Vista image across various hardware combinations. This method should help eliminate guesswork and produce the Windows Vista base image efficiently.

Core OS Application Configuration

If your organization needs a common configuration at this level, make those changes. Work closely with the Service Management team.


  • Create a stand-alone Windows Vista image with basic security settings and core functionality.

Success Criteria:

  • The stand-alone Windows Vista image meets the organization's security and core functionality requirements.


  • Initial for each business usage profile and hardware standard as needed.

Step C: Group Policy Connection and Implementation

Using the stand-alone build image constructed in the previous steps, the next step is to connect to the network and test that Group Policy runs successfully. Work closely with the Operations team.


  • Connect to the network and apply Group Policy.

Success Criteria:

  • Image can be joined to the network and have Group Policy applied.


  • Per set of build images.

Step D: Install and Configure Core Applications

Install and configure the build image with core applications, such as security applications, that are common throughout the organization. Work closely with the Services and Operations teams.


  • A role-based application package that has evolved to include core common applications.

Success Criteria:

  • A build image that has core applications installed and configured and tested.


  • Per set of build images.

Step E: Final Combined Image Testing

Test the final build image with core OS and application configurations through implementation. Include network connection and Group Policy impact requirements. Include planned application deployment mechanisms. Work closely with the Security, Services, and Operations teams.


  • Test for functionality and performance of the build image within the test environment to successfully deliver a final build image that meets business usage requirements.

Success Criteria:

  • A build image (per role-based application package) that meets the business functional and performance requirements and that can be safely and efficiently deployed within the organization.


  • Per build image business usage/hardware (per role-based application package).

Step F: Document Infrastructure Plan and Publish for Team Discussion

Ensure the image building efforts are understood outside the image team. Pay particular attention to assumptions, configuration, and deployment procedures. Work closely with Security, Services, Release, and Support teams.


  • Communicate the assumptions, reasoning, and mechanics of the image configurations and planned deployment procedures of the images.
  • Map images to business usage profiles.

Success Criteria:

  • Image information is shared with the IT teams.


  • One document with all sets of build images.

For more information on key steps to take in image building, see the following:



Ray works to define two primary groups of hardware types within the Enterprise Client and mobile Secure Data build profiles: existing and new. Because Woodgrove Bank already tracks its hardware, Ray is able to target those business groups that can support Windows Vista with their existing hardware. He compares that to a minimum support hardware profile he has developed using published requirements from Microsoft.

Knowing that the Microsoft base recommendation is for providing OS support and does not address additional capacity requirements generated by applications, Ray chooses to use the Microsoft minimum hardware requirements as the starting point for Woodgrove. He develops this as a hardware-standard level for the existing hardware group. For the new hardware group, Ray establishes a higher performing hardware standard using the Microsoft Windows Vista Hardware Compatibility List (HCL),available at

Each group of hardware must be tested for base OS functionality and performance levels. Pay particular attention to driver support.

The following tables provide hardware standards groups and business profile targets for Woodgrove Bank's minimum and suggested levels.

Table 4.2. Level I: Existing Hardware Meeting Woodgrove Bank's Minimum Requirements for Windows Vista

Existing Enterprise Client Computers

Existing Mobile Client Computers

  • 1 GHz 32-bit (x86) processor
  • 1 GB of system memory
  • 40-GB hard drive with at least 15 GB of available space
  • Support for DirectX 9 graphics with:
    • WDDM Driver
    • 128 MB of graphics memory
    • Pixel Shader 2.0 in hardware (optional)
    • 32 bits per pixel
  • DVD-ROM drive

(Not Windows Aero Capable)

  • DirectX9 Capable GPU

  • 1 GHz 32-bit (x86) processor

  • 1 GB of system memory
  • 40-GB hard drive with at least 15 GB of available space
  • Support for DirectX 9 graphics with:
    • WDDM Driver
    • 128 MB of graphics memory
    • Pixel Shader 2.0 in hardware (optional)
    • 32 bits per pixel
  • DVD-ROM drive

(Not Windows Aero Capable)

  • DirectX9 Capable GPU

Table 4.3 Level II: New Hardware Meeting Woodgrove Bank's Suggested Windows Vista Hardware Requirements

New Enterprise Client Computers

New Mobile Client Computers

  • 2.33 GHz 32-bit (x86) processor
  • 2 GB of system memory
  • 60-GB hard drive with at least 20 GB of available space
  • Support for DirectX 9 graphics with:
    • WDDM Driver
    • 128 MB of graphics memory
    • Pixel Shader 2.0 in hardware (optional)
    • 32 bits per pixel
  • DVD-ROM drive

  • 2.33 GHz 32-bit (x86) processor

  • 2 GB of system memory
  • 60-GB hard drive with at least 20 GB of available space
  • Support for DirectX 9 graphics with:
    • WDDM Driver
    • 128 MB of graphics memory
    • Pixel Shader 2.0 in hardware (optional)
    • 32 bits per pixel
  • DVD-ROM drive
  • USB Flash Drive and a system with a TPM 1.2 chip (to support BitLocker Drive Encryption)

Steps in Image Creation

For each build target (Existing: Secure Data and EC; New: Secure Data and EC), follow the steps described in the following sections.

Step 1: Base OS Configuration (Including Security Components)

Use the guidance provided in the Microsoft Business Desktop Deployment Accelerator to build the base OS installation. Make sure that at the end of the build, prior to imaging it, you have a clean working installation of Windows Vista that is fairly basic in security. Work with the Security team to determine this minimum in security settings. Image this build level as a Base OS Build Image.

Step 2: Core OS Application Configuration

On top of the base OS configuration, configure any other core applications needed. Image this build level as a Base OS + Core OS Applications Build Image. At this point, the build image is a deployable desktop image with base OS functionality and core OS applications configured. If this image was deployed to a desktop at this point, the end user would have a stand-alone Windows Vista implementation with basic security settings and core functionality.

NoteWindows Vista includes several new technologies that will affect your organization's deployment of the desktop. In particular, pay attention to the new User Access Control (UAC) in your application compatiblity testing. Also, there are extensive new enhancements found in the overall security features of Windows Vista such as firewall and disk encryption (for example, BitLocker data encryption). And finally, Windows Vista includes virtualization of the registry that benefits application compatilbity efforts.

Many of these new features can be controlled through enhancements in the use of Group Policy by Windows Vista.

Step 3: Group Policy Connection and Implementation

With the image at the stand-alone level, it is important to test the network connection. Network connectivity is key to connecting and implementing Group Policy. Next, test the Base OS + Core OS Applications Build Image to ensure connectivity and Group Policy implementation. Microsoft has added over 700 new policy settings in Windows Vista to increase the ability to manage the desktop, security, and networking. For more information, please refer to Chapter 6: Operationsin this solution accelerator.

Step 4: Test Core Applications (Common Applications)

There is a common layer of core security that needs to be tested in the new system application programming interface (API) environment of Windows Vista; this environment exposes layers of the Windows Vista OS differently than prior versions of Windows. Traditionally low-level applications such as antivirus and firewall software are candidates for special care and compatibility testing.

Step 5: Final Stage of Combined Build Image Testing

Run the final combined build images through functionality and performance testing. Track failure rates and issues. Clean up the final build images to work within the lab environment.

Step 6: Finish Infrastructure Documentation and Publish for Team Discussion

Document the configurations and deployment procedures for the final build images. Review and refine documentation with input from other IT teams.

Technical Guidance

Windows Vista Hardware Compatibility List:

Hardware certified to work with Windows Vista.

Windows Vista Enterprise Hardware Planning Guidance:

Information to help select the right computers to make the transition to Windows Vista.

Microsoft Infrastructure Optimization:

Guidance for IT organizations in evolving from a reactive to proactive IT service management environment.


Ray carefully develops the business usage profiles with the Services team and then creates build images and supporting documentation. He works with Kevin Cook, the Security Manager, and Linda Mitchell, the Desktop Configuration Manager, to establish Group Policy settings. They decide to limit the build images to the operating system. All approved applications will be published to users for installation through the Program and Features in Control Panel.


Applications are distributed independently of the build images, so the basic usage patterns of managed Enterprise Client (EC) users within the corporate domain and mobile users will need to be recognized separately. Primary differences between the two build images include the level of security settings delivered via Group Policy, hardware and driver concerns, and network connectivity behavior. For more information, please refer to Chapter 6: Operations and Chapter 3: Securityin this solution accelerator.

NoteMicrosoft Business Desktop Deployment 2007(BDD 2007) Solution Accelerator represents a complete solution to address all phases of image management and deployment. Beyond the specific processes and tools contained in BDD, end-to-end operations suites such as System Center 2007 provide the work flow and technology that will help ensure success in the long run.

For more information, see Business Desktop Deployment 2007 at

Application Compatibility


Ray has a collection of build images mapped to the business usage profiles that have been tested for functionality and performance against established hardware specification levels. The images have been validated through internal testing IT peer review. The build images are ready for the next development level: the application compatibility testing of individual applications to be published to the user's Program and Features component within Windows Vista.

Core operating system functionality is a supporting platform for applications in order to enable business users to perform their jobs effectively and efficiently. Application support and compatibility is a vital part of delivering business functionality to the organization's end users.

Windows Vista includes significant changes and enhancements to core functionality and security. These changes affect both end users' overall experience with the new OS and the way legacy applications interact with the OS. Microsoft provides tools and resources for developers to create new applications that meet the stronger operating requirements of Windows Vista. A balance is struck between ensuring the new OS platform's ability to enable future innovative application development and providing backwards compatibility to older applications. Windows Vista handles this balance by including the latest development tools from Microsoft found in .NET Framework 3.0, along with Group Policy and interface and security enhancements. Windows Vista also provides backward compatibility options through registry virtualization and developer guidance.

NoteRegistry virtualization is an application compatibility technology that enables registry write operations that have global impact to be redirected to per-user locations. This redirection is transparent to applications reading from or writing to the registry. It is supported starting with Windows Vista.

This form of virtualization is an interim application compatibility technology; Microsoft intends to remove it from future versions of the Windows operating system as more applications are made compatible with Windows Vista. Therefore, it is important that your application does not become dependent on the behavior of registry virtualization in the system

See Registry virtualization (

Steps for ensuring application compatibility include:

Microsoft provides extensive support for handling compatibility through the Application Compatibility Feature Guide, which is available at

Within the guide, you will find information regarding such common compatibility problem categories as:

  • Setup and installation
  • Kernel-mode drivers
  • Permissions
  • Heap management
  • Firewall
  • Internet Explorer

The following is a list of specific application compatibility areas to address in Windows Vista:

  • Windows Vista User Account Control (UAC). UAC limits the inherent rights and permissions associated with user and administrator accounts in Windows Vista.
  • Windows Resource Protection (WRP). WRP protects critical operating system files and registry keys by restricting access to the TrustedInstallerservice. This ensures that only the TrustedInstaller service is allowed complete access for making critical core service changes.
  • X64 platform changes. There are changes to the support of unsigned 64-bit drivers (they are no longer supported) and how the folder paths are changed for Program Files folders for 32-bit and 64-bit applications.
  • New APIs and deprecated components. Some older components have been removed from Windows Vista. These range from changes to API calls to removal of support components. Likely areas of impact include printer drivers, Services for Macintosh (not included), Direct3D Retained Mode (not included), Network Dynamic Data Exchange (NetDDE not included), and FrontPage server extensions (not included).
  • Help and Support Center. Compiled Help (.chm) files are no longer supported.
  • Assistance Platform Client. This is a new Help engine that is not compatible with previous versions of Windows.
  • Windows Vista Display Driver Model. A new driver model for display drivers that supports features such as the new glassinterface (Aero). However, compatibility issues may be encountered with Microsoft DirectX game compatibility, mobile functionality, and certain accessibility applications such as screen magnification utilities.
  • Safe Exception Handling. Adequate error checking can be handled by exception routines in the application itself. Some older applications relied on certain functions with the OS to validate parameters.
  • Fast User Switching (FUS). FUS is now available to members of domains. Therefore, applications need to be able to handle multiple user sessions and terminal server scenarios.
  • CriticalSection Code Changes. CriticalSection code has been changed with Windows Vista.
  • OS Version Check. Applications may function incorrectly when checking for specific OS versions.

Recommended reading that provides in-depth coverage of Windows Vista application compatibility includes:

Note Microsoft SoftGrid� Application Virtualization: Microsoft SoftGrid Application Virtualization is a virtualization solution that delivers applications that are never installed and are user-available on demand. SoftGrid provides easily integrated applications that can be managed centrally. SoftGrid, along with Terminal Server, is a possible solution for an organization's application compatibility needs.****More information is available at

Technical Guidance

Application Compatibility Feature Team Guide:

The Application Compatibility Feature Team Guide is part of the Microsoft Solution Accelerator for Business Desktop Deployment (BDD) mentioned throughout this document. The focus is to guide the reader through the application compatibility tasks and checkpoints in a desktop deployment.

Application Compatibility, Enterprise Guidance:

This is a central location to find enterprise guidance for application compatibility.

The Windows Vista and Windows "Longhorn" Server Developer Story: Application Compatibility Cookbook

This is fairly technical in-depth discussion of some of the new and extended features of Windows Vista. The target audience includes developers and other technology experts and managers.

Role-based Application Packages


With the build images ready, Ray now concentrates on providing applications needed by the Woodgrove Bank business users. He puts together a master list of software applications that are used by the end users. From this list, he assigns importance based on how necessary the applications are to keep the business running and the number of users affected.

He now has a listing of core applications per build image and business group with prioritization for each. Ray investigates the list to check update and upgrade availability for these applications to meet Windows Vista requirements.

Discuss with your business colleagues how to handle software subscription and integration costs, tracking, and licensing approaches. The goal is to provide a core set of integrated applications that can be installed by the business groups as a basic service. Any additional software packages can be requested for an added fee by the business groups. If the additional software package hasn't yet been integrated and deployed by IT and integration is needed, the cost for integration is higher. Each delivered service is handled by a service level agreement (SLA).

For the list of software applications to be integrated, work with your IT teammates in installing and testing applications with the base build images. Testing is handled with core, high-priority, and consolidated applications and then one-off integration efforts for individual applications. The Microsoft application compatibility resources are a prime source for information for the teams.

NoteMicrosoft recommends that when purchasing commercial applications, you look for Windows Vista Logo applications. The Windows Vista Logo program ensures that applications have undergone Microsoft compatibility tests for ease-of-use, better performance, and enhanced security. For more information on the Windows Vista Logo Program, see

Document your application delivery process and have it validated by your colleagues.

The Windows Vista Security Guide shows how User Access Control (UAC) will affect build images. Chapter 4 of the guide provides the following steps for conducting application compatibility testing:

  • Find out how to control UAC, Windows Firewall, and Defender through the use of Group Policy (see Appendix A: Security Group Policy Settingsfound with the Windows Vista Security Guide).
  • Check the Application Compatibility section of BDD 2007 and the Microsoft Web site for more on the subject.
  • Work with the Microsoft Application Compatibility Toolkit (ACT) to analyze the application portfolio and work through compatibility issues.


Ray provided a set of prioritized applications that has been tested for functionality, performance, and overall compatibility. These applications are published for deployment through the Windows Vista Program and Features.

References, Tools, and Techniques

Execution, Deployment, and Operations****

  • BDD 2007: Computer Imaging System Feature Team Guide and BDD Workbench. Microsoft recommends using BBD for imaging the operating systems and the enterprise applications that are part of a standard desktop. The solution is modular. It allows you to separately manage each system component. The advantage is that when changes occurand they willyou don't have to re-engineer the entire process. The solution also provides the tools and scripts to install, configure, and customize the Windows platform and incorporate updated service packs. The process is a good starting point for building systems that are extensible.
  • BDD 2007: Application Compatibility Feature Team Guide. Before you move from your current version of the Windows operating system to Windows Vista, you must test your applications to ensure that they are compatible with the new operating system. Your organization might have up to several thousand applications installed across distributed networks. Compatibility problems with one or many of these applications can mean costly work stoppages. By testing applications and solving compatibility problems beforehand, you save time and money for your organization.

    For more information, see

  • Automated Patch Management. For more information, see
  • Edge-Firewall with Lock-Down Configuration. For more information, see
  • Windows Vista Firewall Enabled on Laptops. For more information, see

Business Conversations (On-Going Topics)

  • Limit New Hardware Systems to Those Supported by IT. To keep the hardware baseline consistent and effectively managed by IT, limit hardware acquisitions by the organizations to those approved by IT. This requires that IT needs to be responsive to hardware refresh needs and communication. Besides adding control of the baseline for IT, by channeling hardware acquisition to one approving group within an organization, the organization has greater leverage in purchases from vendors.****
  • Defined Set of Standard Basic Images. Costs are driven down by clearly defining a standard set of basic images that provide functionality throughout the organization.
  • Application Compatibility Testing. Application compatibility testing is of major importance in both the early and operational stages of an environment. Initial application compatibility testing ensures that nothing is broken when putting new images into place. Operational application compatibility testing ensures that the environment will safely grow in functionality as the organization evolves.