In the second of our three-part series on Windows 10 migration, Egon Rinderer, Senior Director of Technical Account Management at Tanium, explores the migration execution and post-migration phases of the process. In each of these phases, we reveal ways to ease the burden on your resources – human and technical – to achieve a successful migration.
Are you ready to migrate to Windows 10? If you’ve successfully performed the in-depth investigations of your endpoints required in Phase 1 of the process — the pre-migration phase — you’re well positioned to kick off your full migration. As we worked with our customers to ease the pain involved in Phase 1, we discovered a number of ways Tanium can help during Phase 2 — the migration process itself — and during the post-migration challenges which can arise in Phase 3.
Let’s start by exploring Phase 2 – the migration phase.
Before we delve further into the Windows 10 migration process, it’s important to note that, while Tanium does not actually perform the Phase 2 in-place migration of your endpoints, it plays a critical role in this part of the process, and drives much additional ROI.
As we discussed in (/windows-10-migration-reduce-time-effort-required)[Part 1], Tanium can ease the load on resources by allowing for a major decrease in Windows Imaging File Format (WIM) size. We do this by allowing driver packages and application packages to be developed for a surgically targeted audience. The ability to inventory systems in real time with Tanium allows you to determine which drivers and software those systems will need for a successful migration. For example, you can quickly discover a Dell model 123 with a Basic Input/Output System (BIOS) revision of XYZ needs Driver Pack 1.2.3.
Using Tanium, you can target every iteration of hardware and software specifically, and pre-deploy the WIM, driver pack, application packages, and so on using our patented File Sharding technology. In doing so, Tanium can deliver all of this data with almost no measurable impact on your network by throttling it to move as slowly (or quickly) as your network will tolerate.
At the end of it all, though, remember that because we shard, we need not copy the full file set to each endpoint. Rather, the systems will gather the shards as they pass through their collective ring. Tanium’s communication architecture makes it possible to move orders of magnitude less data to pre-stage exactly and only the WIM, drivers, and applications needed on each endpoint. As a result, there is zero additional network traffic generated at the time of migration, unless you choose to move data off the endpoint. In that case, we can give you a real-time assessment of how much data will be moved, per endpoint and collectively, to allow you to plan accordingly.
In the event you choose to use a third-party tool and/or professional services for your migration, Tanium can help further. We’ve done many migrations in tandem with outstanding partners such as World Wide Technologies (WWT) using their CPMigrator tool. CPMigrator is a small executable that can be packaged up and delivered by Tanium along with the other files for pre-staging.
When executed, CPMigrator does an in-place, lossless migration of the endpoint. It resizes the partition, lays down a new OS, installs the applications pre-staged by Tanium, migrates user data, restores all the user settings (you’re welcome, helpdesk), and can even move a system from BIOS to Unified Extensible Firmware Interface (UEFI), enable Trusted Platform Module (TPM), enable SecureBoot, and more.
Tanium acts as a real-time delivery, execution control, and status monitoring capability for tools such as CPMigrator. Tanium also dramatically reduces the number of professional services hours needed during a migration effort.
While it may be the least exciting of the three Windows 10 migration phases, Phase 3 is nonetheless important. In a perfect world, the only activity conducted in this phase would be watching the number of Windows 10 systems on your network increase while watching the number of non-Windows 10 systems decrease.
In reality, things go wrong. Systems need to be rolled back. Problems need to be triaged upon discovery. New migration packages or scripts need to be deployed instantly. This is where Tanium really shines, turning a manual, resource-consuming process into simple tasks you can perform in real time. Did you find a “Zero Day” problem with a particular subset of hardware that didn’t surface during testing? No problem. Make the adjustments necessary for success on that subset and then create a new targeting machine group in Tanium. Within five minutes, you’ve identified and mitigated the problem and broken out the affected systems into their own target set, so the newly mitigated approach will handle their migration.
I cannot stress enough how much time this approach will save in terms of man hours and how much end user frustration it will avoid. For example, one of our Federal customers initially estimated it would take an entire group of support staff traveling from site to site for 18 months in order to complete Phase 1. With Tanium, this customer was able to complete Phase 1 in less than five days.
Thanks for reading. We hope you’ve found Part 2 of our Windows 10 migration series useful. In Part 1, we detail the processes required for a successful Phase 1 – the pre-migration phase. In Part 3, we explore how you can uncover considerable ROI by using Tanium in your Windows 10 migration process.
Like what you see? Click here and sign up to receive the latest Tanium news and learn about our upcoming events.
About the author: Egon Rinderer has more than 25 years of experience in Federal- and private-sector cyber-warfare, cybersecurity operations, and IT operations. In his role as VP of Technical Account Management for Tanium, he manages an organization of 35 engineers who specialize in the deployment and use of Tanium throughout the Federal government. He was previously head of the Tanium Federal engineering team. Prior to joining Tanium, Egon was Senior Liaison to the Intelligence Community for Intel Corporation and served in the US Navy as a Cryptologic Technician, cross-assigned as Tactical Cryptologic Support to the Joint Special Operations Command.