Should I Deploy Windows Vista SP1 and Windows Server 2008 Concurrently?

Why it actually may make sense to consolidate the adoption of Windows Vista SP1 and Windows Server operating systems in your infrastructure

“Branch office in a box” scenario
Many IT organizations are responsible for branch operations, where the servers and desktops are distributed over a wide geographical area. Physical constraints make the deployment of new IT infrastructure much more challenging and the lack of local resources often delay implementation of necessary upgrades. In a concurrent deployment scenario, using Microsoft Deployment tools, the central IT organization can plan, test and roll-out upgraded server and desktop operating systems without visiting the physical location—essentially upgrading the entire branch operation in one contained process!

“Oh good grief, I’ve just come to terms with deploying Windows Vista, and now you’re suggesting I take on deploying Windows Server 2008 at the same time?”

Actually, perhaps yes, if you are already in the planning process, it could be a good thing to collaborate across teams on this effort. While there are aspects of concurrent deployment that add to the complexity of the effort, so many of the processes and tools are common that it is generally more efficient to proceed though testing, piloting and rolling out Windows Vista SP1 and Windows Server 2008 together. In this piece we will explain the potential benefits of this approach, but first we would like to explain how Windows Vista and Windows Server 2008 work better together in your infrastructure.

Windows Vista SP1 and Windows Server 2008—Better Together

Windows Vista and Windows Server 2008 have a common heritage—they originated as part of the same development effort at Microsoft (code name: Longhorn), and share much of the same code base. The intention was to create a seamless IT infrastructure that spanned PC operating systems and the back-up support servers to facilitate streamlined management and better interoperability. While Microsoft strives to provide backward compatibility and new capabilities on existing platforms, major advances often require a new architecture that is only possible with a ground-up development effort.

With the release of Windows Vista SP1 (Windows Server 2008 launches with the SP1 code improvements), Microsoft brings its most advanced operating system technologies to both the desktop environment and back-end services.

With Windows Vista and Windows Server 2008, the result of this integrated development program is a number of improvements for IT Professionals that include benefits in security and manageability, overall system performance, and streamlined planning and deployment. So let’s examine this further.

Improved security and manageability

Deploying Windows Vista SP1 and Windows Server 2008 concurrently will enable advanced management and security functionality to provide tighter control and increase automation. The integration of Group Policy management tools, centralized monitoring and reporting, along with new technologies for network security and compliance management help to mature the IT infrastructure towards a more dynamic and protected state.

Improved system-wide performance

Concurrent deployment enables more integrated system architecture and delivers system-wide performance improvements, including accelerated network file sharing, optimized bandwidth use to ensure appropriate Quality of Service (QoS) for critical applications and functions, and improved search performance, especially across departmental resources. In addition to better performance, power consumption can be reduced through Group Policy management and dynamic throttling based on workload.

More efficient Planning and Deployment

Concurrent deployment is a more efficient approach for IT Pros, leveraging common tools and minimizing duplicated tasks. Several new tools have been released that take into account that IT Pros will likely be facing large-scale deployments for both desktops and servers, integrating the planning, testing, piloting and rollout— making the task more manageable.

Adopting both Windows Vista SP1 and Windows Server 2008 will provide greater control to IT Pros to ensure security protocols are enforced, while making infrastructure management... well, more manageable. Following are some of the key technologies enabled in this environment.

Management and Security Advantages

Network Access Protection (NAP) is a platform that provides policy enforcement components to help ensure that computers connecting to or communicating on a network meet administrator-defined requirements for system health. With NAP, developers and administrators can create solutions for validating computers that connect to their networks, provide needed updates or access to needed health update resources, and limit the access or communication of noncompliant computers. The restricted network contains resources needed to update computers so that they meet the health requirements for unlimited network access and normal communication. Windows Vista SP1 expands the ability to remediate non-compliant PCs to include updates from Windows Update or Microsoft Update.

The following illustration shows the basic architecture of an environment using NAP: Expanded and integrated Group Policy in Microsoft Windows Vista and Windows Server 2008 provides an infrastructure for centralized configuration management of the operating system and applications that run on the operating system. Group Policy is improved with a greater number and coverage of policy settings and extensions, better network awareness and reliability, and easier administration. Predefined Group Policy templates are available for Windows Vista (Windows Vista Security Guide) and Windows Server 2008 (Windows Server 2008 Security Guide) to reduce the time needed for identifying important settings and implementing Group Policy management.

Using Windows Server 2008, administrators can use Group Policies to configure wired and wireless settings, including IEEE 802.11 wireless support for native Wi-Fi architecture, added support for wired 802.1X policies, user interface improvements for wireless connections, enhancements in wireless auto configuration, WPA2 support, 802.11 wireless diagnostics, and integration with Network Access Protection when using 802.1X authentication, and TCP/IP stack enhancements for wireless environments.

In addition, for IT organizations employing the Microsoft Desktop Optimization Pack (MDOP), the Advanced Group Policy Management feature extends change-management functionality, including role-based delegation and offline editing of Group Policy Objects.

Compliance management is augmented and integrated between servers and desktops. Rights Management Service safeguards sensitive information online and offline, behind and outside the firewall, and is native to Windows Vista.

With Centralized event monitoring and reporting, Client PCs can monitor specific events and forward to Windows Server 2008 for centralized reporting. Event subscription allows IT administrators to be alerted when certain events occur on client PCs so that they can take immediate corrective action. In addition, Advanced Auditing in Server 2008 provides a more robust view of data and event changes, along with a trail of previous values. Auditing can also be enhanced through the use of Desktop Error Monitoring available through the Microsoft Desktop Optimization Pack.

Bitlocker Drive Encryption provides a common technology for encrypting servers and desktop/laptop computers, defined through Group Policy for greater task automation. Encryption protects the OS volume on the hard drive, along with early boot components to protect from hacking from another OS booted on the disk. In Windows Vista SP1, administrators can encrypt local drive volumes beyond the C drive. On computers with Trusted Platform Module (TPM) 1.2, Bitlocker helps ensure data is accessible only if boot components are unaltered and encrypted disk is located in the original computer.
Further, Windows Vista SP1 enables authentication through a combination of a start-up key stored on a USB storage device with a user-generated PIN.

Single Worldwide Service Model—Windows Vista and Windows Server 2008 were developed from the same codebase. Derived from this will be a single servicing model, easing application compatibility testing and service pack updating. IT administrators will be able to use a single update for both client and server operating systems, across multiple languages.
In an environment based on Windows Server 2008 and desktops running Windows Vista SP1, several technologies work together to optimize overall system performance:

Single update covers client PCs and Servers, across multiple languages

Improved System-Wide Performance

Network architecture advances to optimize bandwidth utilization.

  • The Next Generation TCP/IP Stack with native IPv6 support across all client and server services creates a more scalable and reliable network, while the next generation of platform networking only available in Windows Vista and the Windows Server 2008 stack makes network communication much faster and more efficient. The extensibility of the new TCP/IP stack provides the flexibility to adopt new networking standards and address customer needs well into the future
  • Windows Vista renders print jobs locally, reducing demand on the print server, allowing print servers to scale to more clients
  • Windows Vista caches copies of server files, reducing traffic. Synchronization uses differential copy to further reduce network bandwidth use
  • Server Message Block (SMB) 2.0 technology, incorporated into both Windows Vista and Windows Server 2008, improves file-sharing performance over high-latency links by compounding operations and reducing the number of ‘round trips’ and increasing buffer sizes

Power consumption of both servers and desktops is reduced through the ability to manage power settings through group policy, and to dynamically throttle power consumption of servers based on workloads.

Quality of Service (QoS) policies can be created using Group Policy to improve performance for specific applications or services that require prioritization of network bandwidth between specified clients and servers (such as Finance users connecting to Finance Servers). This allows administrators to make the most efficient use of bandwidth in the organization.

Receive Window Auto-Tuning continually determines the optimal receive window size on a per-connection basis by measuring the bandwidth-delay product (the bandwidth multiplied by the latency of the connection) and the application retrieve rate, and automatically adjusts the maximum receive window size on an ongoing basis. With better throughput between TCP peers, the utilization of network bandwidth increases during data transfer. If all the applications are optimized to receive TCP data, then the overall utilization of the network can increase substantially, especially for networks that are operating at or near capacity.

Terminal Services Gateway and Terminal Services RemoteApp are designed for easy remote access and application integration with the local desktop, enabling secure and seamless application deployment without the need for a VPN. TS RemoteApp can reduce complexity and reduce administrative overhead in many situations, including Branch office infrastructure, “hoteling” workspaces where users share PC resources, instances where multiple versions of an application are installed locally. Windows Vista SP1 allows Remote Desktop Protocol (RDP) files to be signed, improving security and allowing differentiated user experiences.

Why Concurrent Deployment Can Be the Most Efficient Way to Go

Major improvements with the new Microsoft Deployment toolkit
Microsoft anticipated the demands of deploying a new operating environment across both servers and desktops, and designed the new Microsoft Deployment toolkit to address the challenges of such a complex undertaking. Building on the Solution Accelerator for Business Desktop Deployment (BDD) toolkit, Microsoft Deployment automates the deployment process while optimizing for available resources and bandwidth

New deployment planning, testing and roll-out tools are designed to streamline the effort for IT pros, taking advantage of the common code base between desktops and server operating systems to consolidate processes. Adding more moving parts to a major OS migration may sound crazy, but the integration of planning tools and roll-out processes actually should result in less overall effort. Here are the key tools and how they work together:

Enhanced hardware compatibility analysis: Often, the first step in a large-scale deployment is determining necessary hardware upgrades. The new Microsoft Assessment and Planning (MAP) accelerator allows you to scan the clients and servers in an organization to determine Windows Vista or Windows Server 2008 compatibility and performance expectations of current hardware.

Faster and more reliable OS deployment: The popular Business Desktop Deployment (BDD) toolset has been expanded to support automated Windows Server 2008 and Windows Vista deployment using the same tools and procedures. This expanded toolset, renamed the Microsoft Deployment accelerator, allows users to create images and define the deployment process workflow via an updated task sequencing engine. Predefined deployment task sequence templates are provided for Windows Vista and Windows Server 2008. Microsoft Deployment also integrates and extends Server Manager in Windows Server 2008 to automate server role configuration.

Imaging in Windows Server 2008 and Windows Vista use a new file-based image format (WIM), simplifying image management and reducing the number of images deployed.

Windows Deployment Services (WDS), an update of Remote Installation Service (RIS), provides a simplified, secure means of rapidly deploying Windows operating systems to PCs and Servers by using network-based installation, without the need for an administrator to work directly on each computer, or to install Windows components from CD or DVD media. Two forms of multicasting—ScheduledCast and AutoCast—allow both scheduled ‘push’ and client ‘pull’ deployments while conserving bandwidth.

Volume Licensing 2.0 provides more efficient license initiation and management:

  • Key Management Service (KMS). For larger environments (>25 PCs), KMS provides activation through the DNS hosted locally, automatically configuring Windows Vista machines when they connect to the domain. PCs that activated through KMS will be required to reactivate by connecting to the KMS host at least once every 6 months, and the host needs to renew its activation every 6 months.
  • Multiple Activation Key (MAK) is available for smaller environments and for decentralized infrastructure. PCs are activated once against Microsoft; once the machines are activated they require no further communication with Microsoft. MAK keys have predetermined numbers of activations depending on the agreement type, which can be increased at request.

While tackling the deployment of Desktop operating systems and Server operating systems is more complex than just managing one of the events, the design, structure and tools available in Windows Vista and Windows Server 2008 converge to make concurrent deployment a more efficient option and approach for IT Pros in the long run. Not only is the process streamlined to eliminate redundant tasks and increase automation, the end result provides performance and manageability improvements sooner—perhaps allowing you to get out of the office a bit earlier from now on!

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Server and Windows Vista, are registered trademarks of Microsoft Corporation in the United States and/or other countries.