Last week, I discussed the products Microsoft outlined during its TechEd 2012 day-one keynote: Windows Intune 3, which launched during the show, Windows Server 2012, and Visual Studio 2012. This week, it’s all about Windows 8: On day two of last week’s TechEd 2012 conference, Microsoft focused almost solely on its upcoming desktop OS.
Of course, many UPDATE readers know I’ve been fairly obsessed about Windows 8 over the past several months. But I’ve also questioned Microsoft’s positioning of this OS, arguing in "Did Microsoft Just Give Up on Windows 8 for Businesses?" that the software giant might be purposefully targeting consumers almost exclusively with this release for what amounts to pretty obvious and logical reasons.
Not so, says Microsoft. And not only does the company have a slew of business-oriented features in Windows 8 as a counter to my argument, it’s also updating a ton of related business and enterprise technologies to support Windows 8 as well.
Here’s a rundown.
Windows Intune 3. I mentioned this PC- and device-management service last week, but it’s worth repeating two very relevant points about Intune that you might have forgotten. First, all covered PCs get a copy of Windows 7 Enterprise, which comes with free upgrade rights to Windows 8 Enterprise. So when Windows 8 ships, you'll get the latest (and in this case, greatest) version of Microsoft’s desktop OS as part of the $11 per PC per month fee. Second, for just $1 more per PC per month, you can get the Microsoft Desktop Optimization Pack (MDOP) suite too, an incredible value that’s normally available via Software Assurance only.
Secure Boot. This technology, technically a feature of UEFI-type firmware (version 2.3.1 and higher), protects Windows 8 from what Microsoft calls root kits, malware that loads on the PC before Windows starts up.
Trusted Boot. This second boot-related security feature kicks in when Windows 8 is booting. It ensures that boot-critical drivers in the kernel and anti-malware functionality, including Early Load Anti-Malware (ELAM), can't be usurped by “boot kits” (not to be confused with “root kits”), malware that infects the system during boot.
Secure sign-in. Windows 8 features a number of interesting new sign in-related features, including PIN and picture password alternatives, but the big news here for businesses is its support for virtual smart cards, a way to do multi-factor authentication without the management nightmare of physical cards. In this case, the smart card is virtualized by the PC’s TPM (Trusted Platform Module) chipset.
SmartScreen. Microsoft debuted its SmartScreen anti-malware solution in Internet Explorer 9, but it’s only effective in keeping malware off your PC if you use that particular browser. So in Windows 8, SmartScreen is integrated into Windows Explorer, protecting you against known bad and suspicious downloads, whether they come via a competing browser or through other means, such as over the network on a USB memory stick.
BitLocker. Microsoft has been evolving its BitLocker and BitLocker To Go full-disk encryption technologies for years, and the version we’re getting in Windows 8 is the best yet. It features a much simpler user interface, as well as a new feature called Used Data Only Encryption, which will prep the drive for encryption but only encrypt those parts of the disk that actually have data, dramatically speeding the process. As new data is added to the BitLocker-encrypted disk, it’s just encrypted on the fly. Also, BitLocker has been enhanced to support a coming generation of self-encrypting SSD disks that should be going mainstream sometime next year.
DirectAccess and BranchCache. These two enterprise technologies have been around for years and of course require modern Windows versions on both the client and server to work as efficiently as possible. But Windows 8 improves matters yet again, in tandem with Windows Server 2012, by providing some new features. DirectAccess, which is basically a seamless, no-configuration alternative to VPN, now integrates directly into the new Windows 8 networking experience and provides a heads-up in the networking pane when it's in use. And BranchCache, which can cache WAN-based downloads on servers and PCs in a branch office, now uses more efficient block-level algorithms for content caching, while enabling encryption out of the box, with no configuration required.
VDI. Microsoft’s Virtual Desktop Infrastructure solution lets you virtualize your PC desktops in the data center and stream these environments to thin clients. Both Windows 8 and Windows Server 2012 are “optimized” for VDI, Microsoft told me, and if you can accept the defaults, you can actually get a full VDI environment up and running in 7 clicks. More to the point, there are actual improvements across the board, including “bootstorm” protection that uses randomization to ensure that an office full of thin clients don’t all hit the same server at 9:00 a.m. each morning, causing delays. The GPU requirement in RemoteFX is no longer enforced, so those without GPUs in their servers can use software-based rendering. And Windows 8 performs significantly better than Windows 7 in VDI, while adding support for USB redirection.
User Experience Virtualization (UE-V). Microsoft’s new user experience virtualization tool, part of the MDOP suite, will hit a Beta 2 milestone before the end of June, adding, yes, Windows 8 support. Interestingly, it will also support users who move between both Windows 7 and Windows 8 PCs, synchronizing those parts of the user’s customized experience that can be replicated in both. UE-V Beta 2 will also add custom app templates for Office 2010 and IE 7, 8, 9, 10 -- and more.
Application Virtualization (App-V) 5.0. App-V is one of the most popular components in MDOP, and the next version will support Windows 8. It will include a new, Metro-look, web-based management console and app provisioning portal. Most important, perhaps, App-V will let admins connect two or more virtualized apps into connected groups that can be managed and used together. So you might combine, say, Office 2010 and Lync 2010 so that they integrate well with each other.
Windows To Go. I had a lot of questions about this eagerly awaited technology, which will let you boot a customized and secure Windows 8 environment off a USB memory stick. The management and deployment tool for the Windows 8 Enterprise-based Windows To Go will appear at RTM, not before, and Microsoft has so far only certified two USB sticks, the Kingston DT Ultimate and the SuperTalent RC8, because it requires specific performance criteria. Windows To Go works with both 32-bit and 64-bit versions of Windows 8, supports key Windows 8 technologies such as Secure Boot and BitLocker, and can work with both BIOS- and UEFI-based PCs. I’ll be writing a lot more about this feature in the coming weeks.
Despite all this, of course, I do expect Windows 8 enterprise and business adoption to be fairly light. But for those who wish to deploy both Oss -- and Microsoft does offer some compelling exceptions, such as for businesses that want to use Windows 8 in specific scenarios like tablets and Windows To Go -- the software giant has got you covered.