Dushyanth Nataraj, Director of Product Marketing at Tanium, explores why moving to the latest Microsoft operating system is so different from any that have come before. He breaks down the people, process and technology requirements, and offers guidance on how you can accelerate key aspects of your pre- and post-migration journey.
Windows 10 migration poses significant challenges for IT organizations. The advanced security features in Microsoft’s latest operating system mean you have to do far more preparation than you’ve done for any previous OS migration. In addition, you can face costly post-migration challenges if you don’t cover all your pre-migration bases.
At Tanium, we work closely with customers to help them solve their most pressing IT and security problems. The most exciting challenges are when customers come to us and say “Look, I have a timely problem I need to solve. By my current estimation, my existing tools will not enable me to meet my deadline.” This is what we have been hearing from customers regarding Windows 10 migration.
In fact, the complexity involved in Windows 10 migration is cited by many of our customers as the primary reason they haven’t yet migrated. At the same time, organizations are facing significant pressure to upgrade to Windows 10, with support deadlines for previous versions of Windows operating systems fast approaching.
Beyond the looming support deadlines for older operating systems, there are compelling security and ROI benefits to migrating to Windows 10. For the first time in a mainstream OS, we’re seeing the OS security layer integrated with the hardware security layer. This is extremely compelling as your organization looks to improve its security posture.
Indeed, 85% of companies will begin their Windows 10 migration by the end of 2017, according to a recent Gartner survey. Microsoft estimates 500 million endpoints are currently running Windows 10. Slow enterprise adoption is one of the hurdles Microsoft faces in reaching its previously stated goal of reaching 1 billion devices within the first two or three years of availability.
The three phases of Windows 10 migration
There are three typical phases for every Windows 10 migration:
- Phase 1 – Pre-migration. This phase requires a detailed understanding of every single Windows machine on your network.
- Phase 2 – Executing the migration. This phase often requires involvement of a third-party service provider, such as Tanium partner WWT.
- Phase 3 – Post-migration. This phase involves troubleshooting, and presents an opportunity to realize quick ROI through consolidation of existing endpoint agents.
Your success in phases 2 and 3 depend on how thorough and accurate you are in phase 1.
Phase 1: Why is Windows 10 migration different from previous operating systems?
The migration processes from Windows XP to Windows 7, and from Windows 7 to Windows 8, were relatively simple. In your pre-migration phase, you only had to answer three questions to set yourself up for a successful transition. For each endpoint on your network, you needed to ask:
- Do I have a fast enough, correct architecture CPU?
- Do I have enough disk space?
- Do I have enough RAM?
These questions are still relevant to your Windows 10 migration, but they’re joined by about 20 or 30 additional questions you need to answer about each and every desktop, laptop and server on your network.
Since Windows 10 is a fairly beefy OS image, many of your laptops, desktops and servers may fail the disk space question. We see customers losing a lot of money to early attrition of machines simply because they don’t have an easy way to remediate common problems like this.
In addition, in order to support advanced security features in Windows 10, you need to discover which of the machines on your network have the required hardware to support these new features. This is no simple task. These aspects are not exposed by the operating system on your machines unless they’re already enabled. Getting specific configuration information on these lower-level hardware attributes is, in many circles, considered to be a totally manual process. For example, the task of figuring out whether Trusted Platform Module (TPM) is present and the version information thereof on an endpoint is absolutely necessary and nearly impossible to do if not already enabled (which it typically is not). Some modern endpoints require you go through the advanced startup options menu, while others require you to physically press a specific key during the boot-up process. Not a big deal for one computer, but imagine doing this for your entire fleet of endpoints. There are significant time, manpower and travel costs involved in figuring out whether the advanced hardware elements are present and, if they are, whether they’re the right version.
Whether you undertake this discovery work on your own or hire a professional services firm to do it for you, you’re looking at significant burdens on your budget.
Phase 2 of the Windows 10 migration is a complex process which requires use of third-party tools and professional services to complete the migration. Tanium works with service providers such as WWT to accelerate Windows 10 migration for our customers.
Phase 3 — your post-migration phase — is where you can expect to see a spike in help desk tickets as users grapple with an unfamiliar OS. We asked our customers to tell us what the No. 1 ticket-generating event was when they migrated from Windows XP to Windows 7. Their response? User data didn’t transition properly. While it may sound like a trivial thing when talking about a single user, the onslaught of tickets that follow after you migrate thousands of users will overwhelm your tier-one support team.
Windows 10 migration: Show me the ROI
As you stare down the daunting timeline of a Windows 10 migration, it’s easy to overlook the ROI you’ll uncover. For example, we see customers today deploying and managing a number of security point products on every endpoint. These include antivirus, data-loss prevention, host intrusion prevention and many others. The advanced security features in Windows 10 can give you the same, or even better, protection at a fraction of the cost. In addition, reducing the number of cybersecurity point tools you have to manage will save you time, money and energy.
(Editor’s Note: this post was updated on June 2 and on July 19)