News

Engineer Makes Case for 'Windows as a Service' in Treatise

• By Kurt Mackie
• August 21, 2017

A recent article by a Microsoft engineer attempts to nail down the Windows 10 update process that Microsoft has been explaining in dribs and drabs over the last two years.

In "Automating Windows as a Service," David das Neves, a Microsoft premier field engineer for EMEA and Germany, posits that IT pros with reservations about Microsoft's accelerated "Windows as a Service" delivery approach are not practicing good ITIL, application lifecycle management and project management skills. They need to get with the program.

General Advice
Das Neves recommended tapping certain end users in organizations to test Windows 10 releases in their three phases ("Insider Preview," "Semiannual Channel Targeted" and Semiannual Channel"). Such distributions to end users can be set up once and then automated to recur for Windows 10 upgrade releases. He concluded that "automating the Windows as a Service Model is possible and I actually recommend doing this for every enterprise customer."

System Center Configuration Manager (SCCM) is the tool he recommended to triage Windows 10 releases among end users. It can be used to deliver Windows 10 updates to so-called user testing "rings," das Neves explained:

By defining well chosen computers into your rings you predefine the possible impact and completely control your testing approach. The best toolset for this task is probably SCCM with Servicing Plans, but it is also possible with WSUS standalone or Windows Update for Business (or even a third-party solution) -- you have just to implement the automation steps.

A "servicing plan" in SCCM is "much like automatic deployment rules for software updates" and can be used to "define the deployment rings that you want in your environment," Microsoft explained in this document. A servicing plan rule will just apply to Windows 10 upgrades (which arrive in March and September). It does not apply to monthly cumulative updates. IT pros can create servicing plans from the Windows 10 servicing dashboard within SCCM using the "Create Servicing Plan" wizard.

However, despite das Neves recommendation to use servicing plans in SCCM, he acknowledged that organizations typically aren't using them. They're sticking with the older Upgrade-TS method in SCCM:

As you have read this you may think, that Servicing Plans is the way to go. It is, but unfortunately it seems that no customer has even tested Servicing Plans and the cause is pretty understandable. The Upgrade-TS is a known and very approved way how to create and work with deployments in SCCM. All admins know how it works and how to set it up.

The explanation by das Neves in "Automating Windows as a Service" is detailed, but a lot of it is similar to past descriptions by Microsoft, including a recent talk by deployment luminary Michael Niehaus, director of product marketing for Microsoft's Windows Commercial group. The main difference is that das Neves acknowledges the greater scope of testing that needs to get done in organizations to accommodate the faster Windows 10 release approach.

Theory vs. Practice
Past explanations by Microsoft of the Windows 10 update model have often been a bumpy ride at best. The model has had seemingly ad hoc shifts with regard to when upgrades get released and how long they are supported. IT pros have had to suffer incessant Windows 10 update terminology name changes. The latest twist is that Windows 10, along with Office 365 ProPlus and Windows Server 2016, now will be getting regular biannual upgrades (one in March and one in September), with releases now called "channels." Niehaus recently attempted to sum up the latest changes in this "Windows as a Service in a Nutshell" blog post.

In theory, Microsoft's agile Windows 10 release process should work without a hitch, but theory may fall short in the real world of organizations. Microsoft admits that it only tests 250 critical business applications before its Windows 10 updates get released. While Microsoft is seeing 100 percent pass rates with this testing process, it's apparent that experience in the field has been different. Organizations see problems even with Microsoft applications after upgrades.

One reader of the article by das Neves commented that the use of servicing plans with SCCM isn't possible because it's not easy to use with multiple-language Windows 10 deployments.

Another reader expressed dismay in the rapid changes to the update process with Windows 10, including the "nonsensical word salad Semi Annual Channel Pilot and Broad," referring to Microsoft's older terminology.

An objection was raised about Microsoft's testing-rings recommendation. End users just want a computer to do their work and have no idea about Windows 10's various deployment phases. And the IT department is just too busy to test every Windows 10 release, it was argued.

Some organizations are stumbling over bandwidth issues associated with Windows 10 upgrades because of their network architectures. They're also getting Group Policy Object settings broken by Windows 10 upgrades.

Another reader, "TwittApic," noted that Windows 10 installations are slow, taking about two hours, which is downtime that users won't tolerate. In addition, users typically see value in application improvements, not in operating system feature additions, so the Windows 10 upgrades are of little value to them. Software applications sometimes become incompatible with Windows 10 upgrades, such as anti-virus software, it was noted. (Kaspersky Lab recently dropped legal complaints over not having sufficient time to review Windows 10 upgrades, so possibly that situation will improve.)

In response, das Neves suggested that organizations seeing such software incompatibilities with Windows 10 upgrades could "involve your PFE/TAM" (Premier Field Engineer/Technical Account Manager). However, Microsoft Most Valuable Professional Susan Bradley, whose expertise is with small businesses, noted that not every organization has such access.

"And if you recommend calling Microsoft Support, I challenge every Microsoft employee to call your own non-Premier Support department and see how well the experience is," Bradley added.

Overall, das Neves pleaded it was just necessary for organizations to adapt to the Windows 10 update model.

"Hackers are improving their techniques daily -- and staying on old operating systems was never a good idea from a security perspective," das Neves wrote in the comments section of his article. "The new pace of two OS versions per year allows to react just in time on current hacker movements (like removing SMBv1 and PowerShell v2), as well to bring up new technologies in place, without the necessity to roll out a complete new OS as a complete project (how it was done in the past and costed millions of dollars)."

Microsoft's Windows 10 upgrade model apparently has been stabilizing to a degree in recent months. However, it clearly has not been working well for some organizations, based on the comments in das Neves' article.

Possibly, though, IT pros may be in favor of the more frequent Windows 10 upgrades. A recent industry poll of IT pros found that most respondents (70 percent) thought it would take no more effort to maintain Windows 10 than it does to maintain Windows 7 and Window 8.