Edugeek @ Microsoft UK - Windows Education Workshop
Edugeek at Microsoft - Windows Education Workshop
Well after the early start on Friday Morning travelling down to Reading the day turned from me being very tired to being very pleased with the whole event.
Myself, Chris (Dos_Box), Ric (Ric_) attended the conference on behalf of Edugeek, the Turn-out was very good just over 50 attendees in the end I believe and I think most of them were Edugeek Members.
A few Edugeek Members sat with us through-out the conference, SoulFish, Robf, AngryITTechnician and GrumbleDook to name a few J Thank You to you guys for showing your faces and for the great conversations.
The Whole day was very "geeky" with various employees from Microsoft Talking to everyone as well as Dave Coleman from Twynham School and Alan Richards from West Hatch School both talking about their experiences when Deploying Windows 7 in their schools.
Alan Richards was infact the first Person to Deploy Windows 7 Fully in a school in the UK (possibly worldwide) so well done to you!
After the conference itself a group of us or the Edugeek Crew as GrumbleDook calls it went out for a few drinks and a lovely meal courtesy of Dos_Box himself cheers for that! It was very nice J apart from GrumbleDook moaning all the way their because he has a very LARGE appetite ;-) poor bloke bet he was starving! Dribbling everywhere hehe.
After the meal we went back to the Hotel for more Drinks, and didn't leave until around 1am J thanks to everyone who stayed behind for a drink and a chat!
Dos_Box even brought me a "White Russian Cocktail" never had one before and it was very nice indeed!
Anyway I won't go down that route! It was a great night well it was until it was time to go to sleep then I had to put up with Ric Snoring all bloody night ;-) going to buy myself some ear plugs next time! Lol
.... but yeah anyway
I would like the thank Ray Fleming - Education Marketing Manager @ Microsoft who organised the whole day and I would like to thank all of the presenters and everyone at Microsoft who attended it was great to speak with you all.
Ray Fleming - Introduction to the day
So Ray Fleming was up first giving us an introduction to the day and that he loves stories! J and I must admit the stories were very interesting! So nice on Ray you may not be technical but you have the knack at PowerPoint Presentations :D
Ray Fleming - Introduction PowerPoint
James Neal - An Evangelists view of Windows 7
Well James what can I say amazing guy, knew his stuff and he really does love memory sticks!! He only carry's 4 with him though ;)
So James started off by focusing on the things IT Departments can do to put across a positive impact in the education environment.
3 Key IT Challenges:
- - IT Departments have to provide a secure and reliable computing infrastructure to support teaching, learning, research etc.
- - IT Departments must help deploy and support tools, like PC's etc that are used to deliver curriculum.
- - IT Departments must fulfill both of the above within limited budgets, which as we all know makes our job a little harder.
James went on to explain that the investments in Windows 7 are shaped by the evolving needs of End Users and IT Pro's. As we all know users are now becoming more computer savvy and expect more from technology they have available to them or have seen in other establishments.
There are 3 points to as why windows 7 benefits us,
- - Allowing users to be productive anywhere, allow them to work from home or from a remote location.
- - Enhance Security and Control, Microsoft have extended the Windows Vista Security Platform, Drive/USB Encryption, control over what applications users can run etc
- - PC Management, Win7 makes it easier to deploy Desktops and Laptops as well as Virtual Environments.
Windows XP mode that comes with Windows 7 Professional and above was never put their for the reason everyone was saying it was
"XP Mode is only there because Microsoft are worried about applications not working, just like with windows Vista"
For you who have been using Windows 7 you will understand that the above statement is totally wrong, I would say 90+% of Applications do work with Windows 7 and most users have not had any problems with drivers. So clearly that was not the reason.
Microsoft have made Windows 7 work very nicely with Microsoft Virtual PC 2 so that you can have the opportunity to run other operating systems such as Windows XP and use older applications that do not work on Windows 7 but also to allow users to enhance their understanding of Virtualisation etc.
By using Microsoft Virtual PC the VHD file can be used in a number of ways, one way that appealed to many IT Support Staff is that you can easily change the boot record and boot your computer using one of the VHD files on your computer. For Example if you had a VHD with Windows Server on you could easily boot your Laptop/Desktop into a Server Operating System and within Minutes you have a functioning Server or for Linux Users who use both Windows and Linux you can easily switch between the two operating systems.
Another main feature in Windows 7 is "Touch" Microsoft have improved Windows 7 by enhancing the Touch Technology now this does not provide as many features as say "Surface" but it allows you to use a Tablet in many more ways than previous operating systems would allow you to.
James then went on to tell us about "Direct Access" and "Branch Cache"
Direct Access is something that had made many IT Pro's Eyes open with Shock! It is a fantastic new feature that allows Simpler VPN (IPv6 & IPSec Based), Seamless connectivity to School/College/Uni Campus.
Direct Access with only work with Windows 7 and you must have Windows 2k8 R2 - There is no MAC Equivalent.
So for example, In Education it is likely that in some circumstances schools/colleges wish to allow students to take laptops home but want to ensure that they can connect to the site without the need of VPN Connections etc.
Also, If a Member of Staff or Student brings their own personally laptop into school this gives you the ability to allow them access to the Internal Network but allowing you to still manage and control that device making it much more secure.
Many IT Managers were unsure of this technology at first, but when they know about the Positives such as that the clients using Direct Access you would be able to push out Group Policies, Updates etc it makes everyone's life so much easier.
Not so much in Education but for Corporate business whom have many employees that work from home this is also helpful because you can remote manage, update, control anyone who works from home allowing them to have the same services as if they were sitting in an office inside your building.
And then comes Branch Cache,
Brand Cache allows users to launch applications etc on your network, at the moment you get very slow access and it annoys end users, but with brand cache it allows content/apps to be cached on Gateway Servers speeding up these processes, it frees network bandwidth and users can access files quicker from the cache.
So one thing that no one really got on with before was Search, Microsoft have spent allot of time improving this. Search Federation which is new to windows 7 allows
- - Allows Teachers and Students to find data across multiple locations/sources using a single search
- - Makes it allot easier for Teachers to compile information for classes
- - Even easier for students to search for content which would be in various places such as
- Learning Platform (SharePoint etc)
- Internet
- File Shares
- Local Storage i.e. Documents etc
One thing that I did like is that now when you search, if you pick one of your favourites you have stored from the internet etc for example Twitter you can search that site for information without even going onto the site itself, which I personally think is pretty cool!
So, moving swiftly on James began to tell us the changes they had made with "BitLocker" and the New to Windows 7 Application "AppLocker"
BitLocker first came on the scene with Windows Vista, at first it wasn't very good allot of people hated it but it did improve after a few updates but it was never brilliant but now Microsoft have made allot of changes to how this programme works.
The Main thing is our case is it allows all schools to ensure Data is taken off the premises and is Protected/Encrypted.
You can enforce policies that only allow encrypted Devices onto the network, it also gives you the peace of mind that if the USB Stick and/or laptop carrying that data was lost or stolen the Data Could not been recovered.
AppLocker on the other hand does encrypt anything ;) but it allows you to have more control over software been used on your computers.
AppLocker is used to Eliminate unwanted and/or Unknown Applications, so you can enforce application standardisation within your school/college.
You can also restrict it so much that users can only install Signed Applications, and also lock it down to versions for example "Adobe Reader 9.0 is allowed - anything other version is blocked"
Also, I gather many of you get very upset with the messages that pop up on your screen in windows Vista / 7 well this is not Microsoft making things annoying for users it is so that Developers of Software start making their programs to meet certain standards. The reason it alerts the users is because that application is trying to gain more access to your computer than what is actually required to install the app. So as long as Software Developers create software that is signed and creates it so it only asks for access to required Directories etc you wouldn't get all these annoying messages.
One thing you will be pleased to hear about though is Microsoft have improved this security feature so you won't get prompted if your an Administrator or if you just want to go onto Control Panel etc. hehe
Hopefully this gives Readers who have not yet used or research Windows 7 a good understanding of some of the things they can expect.
Dave Coleman - Twynham School
Dave was actually quite relieved for a break from talking about SharePoint and to be invited to talk to us about his experiences when Deploying Windows 7 this summer.
A few points Dave made everyone aware of when Deploying windows 7 were:
- - Make Sure the Image is correct, don't rush your image take your time and get it right because the last thing you want to do is keep re-imaging machines which is wasting time.
- - Plan your Deploy! Don't just rush in and throw windows 7 everywhere make sure you test your Applications before you go ahead and run into problems. As mentioned earlier 90+% applications do work with Windows 7 without any problems at all.
- - DONT play with imaging software ;) Such as SCCM as you could accidently re-image the whole school without even knowing!
Dave also mention that he was asked what he thought the best feature was in Windows 7, his reply was there is not a Best Feature Windows 7 as a whole is the Beast Feature :~)
Gareth Hall - Windows Server 2008 R2
Well as I never had the chance/time to play with Windows Server 2008 R2 I was quite interested in what Gareth had to say.
Gareth told us that Customers want regular, compatible and consistent server releases which is correct in my eyes and many others. Microsoft's Roadmap anticipates 2-4 year cadence of releases.
- - Major Updates followed by Minor "R2" Releases
- - R2 Strategy enables improved release refinement and future enhancements.
- - Optional R2 releases give IT more flexibility to leverage the latest server technology without customers feeling forced to upgrade.
Note: Windows Server 2008 R2 is x64 ONLY!
Note 2: Microsoft Exchange 2007 cannot be installed on Windows Server 2008 R2
Gareth focused on 3 main areas of Server 2k8 "virtualization" "management" and SFEW (Solid Foundation for Enterprise Workloads".
In Server 2k8 R2 HyperV and Live Migration has been a great selling point this is in fact built into Server 2k8 so no need to go and buy 3rd party software such as VMWare etc (although I am a VMware User myself).
Live Migration allows you to Migrate virtual machines between hosts with no interruption of service, the benefits of this are quite obvious you don't have any dropped network connections (maybe a few ping delays), Flexible Management and it Enables a Dynamic IT Environment.
With Server 2k8 being 64bit only in enables HyperV the ability to utilize all 64 of the logical Processor Pool , it increases host server density and allows you to easily provide multiple processors to virtual machines.
Processor Compatibility mode allows live migration across different CPU Versions which I think is very important especially with some IT infrastructures adding/upgrading hardware all the time!
Because all of the hard disk files are just VHD files, it enables you to boot from these VHD's easily it will enable you to easily pre-configure Servers/Computers it significantly reduces the amount of images required and simplifies test deployments :~) which is always nice.
As you know Terminal Services is no longer known of that, it is now called RDS (Remote Desktop Services) it is generally just Terminal Services
RDS - VDI is an integrated solution now you have a single broker allowing users to use VDI out of the box, you can experience rich multimedia now VoIP integration, True Colour Multi-Monitor support which is always nice for people like myself who use Multiple Monitors.
Centrally Managed applications now integrate into the start menu so you personalize a non-work laptop with work applications without having to mess around with installing them locally.
Compared to Windows Server 2003, Windows Server 2008 R2 can now save you money which is great especially with many schools getting very high electricity bills at the moment you can do even more to save money. There is a graph in Gareth's presentation on slide 19 which shows this clearly!
The performance has increased dramatically now with support up to 256 Logical Cores, NUMA Enhancements on the CPU side, Live Migration and SLAT support on the Virtualization side of the coin and then on the Power Front with improved Processor Power Management and optimization of server core component usage.
One way of explaining how the Power Management works is basically if your server is not being used or access it will start to turn processors off and the server will go into a low power state. When the power is needed again it will switch them back on! Bit of clever technology!
Direct access was also brought up by Gareth, a fantastic white paper can be found here: https://technet.microsoft.com/en-us/library/dd637827(WS.10).aspx
Again Gareth also mentioned his side of Branch Cache, explaining that it Reduces WAN link utilisation, its completely transparent to the user... it also supports end to end encryption between clients and servers.
NOTE: Don't just go ahead and switch on Direct Access and / or Brand Cache because allot needs to be thought about beforehand. Your network for starters you will need to use IPv6 and you will need to make other changes before hand so make sure you read the documentation and maybe get some training J
BitLocker and AppLocker integrates nicely into Active Directory again make sure you read the instructions as these changes need to be done properly!
And the wrap this up one fantastic bit of advice Gareth gave which I found quite interesting is think about what version of Server 2008 you purchase. If you're going to use a server for Infrastructure such as HyperV, DHCP, DNS, AD etc don't go and get the Full Version just buy the Core Version of Server 2008. It has everything you need to do those core roles without all the extra components being there.
This means your image is allot smaller, the cost is allot cheaper than buying the Full Version so there is plenty to think about. Only get the Full Version for services such as SQL, Applications etc.
Note: SQL, Exchange, SharePoint etc will not run on the core version of Windows Server 2008
Asif Jinnah - How Microsoft IT have deployed Windows 7 and Windows Server 2008 R2
Asif manages the entire internal IT Systems at Microsoft so as you can believe he is a very busy guy and in fact we were very lucky to be able to see him talk to us at the conference.
Asif was involved in the role out of Windows Vista Worldwide at Microsoft and he did it very successfully and even got a promotion out of it! He has now been tasked to deploy Windows 7 globally and at the moment according to some very strong stats he is doing an amazing job at doing so with Microsoft Employees being very happy with Windows 7 and the ease of change.
At Microsoft they don't build your machine for you, you as the employee do it you get given all the software to do it and you sit there in a room with IT Support Staff and a Set of Instructions and Build your own machine to how you want it. Every Employee has access to a shared repository to get all the applications they require to be installed and they install them.
They have to meet a set policy in place such as Anti-Virus, Updates etc etc but I think it's amazing how they have the opportunity to do this.
The one downside Asif mentioned was that this does not help when it comes to them doing global changes, or locking certain things down using AppLocker for example. He was very upset that he can't lock the machines down ;-)
Obviously we could never give our students/staff that kind of privilege! But I thought it would be good to share that with you.
At Microsoft they use "Microsoft Deployment Toolkit" and Business Desktop Solution Accelerator" to deploy certain images to their sites, or employees to use to create their machines.
Visit: https://www.microsoft.com/desktopdeployment for more information on how to deploy desktop images using the above mention software packages.
One thing you have to remember when doing any kind of change on a site is the workforce/employees. How are you going to train them to use the new piece of software or operating system that you have provided them with. Well many of you may think this is something that proves to be difficult but it should never be overlooked! If you train the staff in your best possible way it will make your lives so much easier.
For example because Microsoft IT don't build every single machine for their employees it saves them allot of time because they have trained their employees to do this themselves!
In a school or smaller/medium networks this can't happen, or won't happen but it just a way of explaining it.
For any schools who have not deployed Windows 7 and are thinking of doing it one thing to think of doing to make staff / students feel more comfortable with the change. Put PODs or Demo Machines somewhere that allows them to have a look, let them explore and find out what it's all about themselves. It might actually change their thoughts on things and actually have more trust in the school.
Best Practices:
- - Plan Early
- - Think about Security you want to put in place i.e. group policies etc
- - Don't think you have to purchase new hardware, Windows 7 will run on the hardware you may think is out of date. If it runs windows XP it will run on windows 7.
Alan Richards - the experiences of West Hatch School
Alan was the first person to install Windows 7 across his site in the UK possibly the world which is quite an amazing achievement. He has around 98% done the other 2% are staff laptops which are probably in France somewhere ;)
Alan said there are 2 ways he deployed windows 7 to his site, the majority was done using WDS on Server 2008 R2 and some individual machine were done by an In Place Upgrade. Some of you may as why Alan decided to do an In Place Upgrade on some machines rather than image them like every other machine well the answer is as you all know schools have so much software that can sometimes be upset when deployed using a flat image. Some machines have Software/Setting Complications that mean it can't be done using a global image and therefore it's much better to do an In Place Upgrade.
In Place Upgrade, this can be done by just using the DVD or you can do it via a Network Share BUT! Alan found that doing it using a Network Share it took hours to complete, even though he had just had his entire site re-cabled using CAT 6, new HP Procurve Switches etc so he recommends you just use the DVD rather than a Network Share.
Windows Deployment Services is very easy to setup and configure, it is built into Windows Server 2008 R2, if you do a Multicast installation it is significantly quicker than using Unicast, nothing new there though WDS has been around a while now most of you may have used it and most of you probably understand Multicast and Unicast.
Alan used Microsoft Deployment Tools when deploying Windows 7, it ties in with WDS and SCCM quite easily... you simply press F12 select PXE boot and then select the image and input the settings i.e. Administrator Password, Domain etc
It is script based, but remember to keep the Config file somewhere secure as your password would be in clear text. It is recommended that you create a new user in AD with Domain Admin rights that has a different secure password to your main admin account. When this account is not required disable it.
Alan Recommends you use WDS if you want to use Tried and Tested tools, and that you don't use InPlace upgrade for a Network Upgrade.
He Likes MDT, he thinks it is very quick... he likes the fact it asks you pre-install questions and the fact it ties in with WDS makes it a great package.
MDT 2010 is due out 60 days after Windows 7 Release.
Licensing:
Remember guys as with Windows Vista, if you wish to get the extra features you must purchase Windows 7 Ultimate / Enterprise. Ideally this is so you can get BitLocker as this does not come with any of the other versions and generally in a school this is what you should use so you're on the right path with regards to protecting Data.
If you already have clients that have Windows XP Licences then you will be able to just purchase the upgrades to Windows 7 Enterprise/Ultimate.
If you don't have the Certificate on each machine, then you will need to get this sorted first.
Have any questions regarding licensing email Ray Fleming or go to
Summary
So there you go that is my brief summary of what happened at the event, I hope this is useful for any of you who could not attend and gives you a good idea of what happened throughout the day and gives you the urge to come to the next conference held a Microsoft UK.
I personally had a Fantastic day, It's not every day you get the chance to go over to Microsoft but if you do you will see just like I did how fantastic it is to work there. The atmosphere within the building is excellent! No noise and everyone is very nice to talk to.
If you have any further questions please feel free to ask.
Once again thank you to everyone at Microsoft for a great day, thank you to all the presenters and a big thank you to Ray Fleming for all his time in planning the event.
Now I am going to give my fingers and eyes a break!
Links to Blogs
Ray Fleming Blog: https://blogs.msdn.com/ukschools/
James O'Neil's Blog: https://blogs.technet.com/jamesone/
Alan Richards Blog: https://eportal.westhatch.essex.sch.uk/CServer/blogs/netadmin/default.aspx
David Coleman: https://sharepointineducation.com/