Our columnist ponders the demise of virtual private networks (VPNs), examines virtual hard disks (VHDs), and chats with Gavriella Schuster, Microsoft's Windows client general manager, and Ward Ralston, Windows Server product manager.
As with today's typical celebrities, there isn't much about Windows 7 which remains unexpressed or unexplored. So, to come up with a column to wrap around my podcast, I've been forced to nibble around the edges. Fortunately, I've come up with some software margin doodles which are fairly interesting, and potentially relevant to your enterprise utilization of Microsoft's new client operating system.
First, though, about that podcast. I chatted with Gavriella Schuster, general manager of product management for Windows client, and Ward Ralston, group product manager for Windows Server. We met in New York shortly before the October 22 consumer launch of Windows 7. (Click on the play icon right here to access the podcast, or scroll to the bottom to see the full player.)
Our discussion focused on issues relevant to enterprise users. One of the big bullet points here is admins' ability to create a single OS image that's deployable regardless of the heterogeneous hardware configurations you've got out there in your organization. Further smoothing deployment is the Microsoft Desktop Optimization Pack (MDOP), a toolkit containing virtualization technologies and a bunch of management tools.
When deciding whether to upgrade to a new OS, the biggest question is, what will it buy you in terms of the ability to do new things. Of course, unique circumstances have effectively pushed this question into second place. Because many business skipped Vista, they're now forced into an upgrade cycle by the lengthy passage of time since the launch of -- and end of support for -- Windows XP. So bean counting has shoved the technical assessment into the background, and what one thinks about most is, how much is this going to cost and can I afford it in the current constrained economic environment?
Despite the resentment this must be causing, Windows 7 nevertheless comes out looking pretty good on the what can you do for me (technology wise) lately front. The beauty of Windows 7 is that it's very amenable to setting user permissions for app access. It's also got the data security side of the equation locked down to an unprecedented degrees.
Finally, it's good to note that Microsoft has made sure not to duplicate the initial problems which plagued Vista's deployment -- namely, that not all the necessary drivers were in place at launch time. Yet the one lingering potential "gotcha" is related. Before pulling the trigger on deployment, you need to make sure that your key applications are Win7 compatible. If they're not, they can still run in the OS's handy Windows XP virtualization mode. This is a decent, near-term solution for niche verticals where app vendors may just be beginning the process of porting.
Of course, one thing no one talks about is that there are likely to be many niche apps which won't get ported quickly. As well, there are probably many small- and medium-sized businesses which will eschew the expense of upgrading in favor of running an OS -- Windows XP -- which going forward will technically be unsupported but at the same time has the richest support ecosystem out there which any unsupported OS ever had.
Let's turn from the OS's frontal issues to my two interesting tangents. The first concerns whether Windows 7 will render virtual private networks obsolete. Allow me to mimic Jeopardy by providing the answer first: Yes, it will, as far as user perceptions are concerned. However, since it will still be performing authentication in the background, one can also make the argument that this is simply VPNing by another name.
Windows 7 includes a feature, called DirectAccess, which automatically connects users to their enterprise network without having to go through a VPN client, effectively eliminating the need for users to fiddle with (or hide from ) virtual private network clients.
DirectAccess connects users via IPv6 over IPsec. The IPsecurity portion is used for both authentication and encryption. The other notable point is that you don't have to have IPv6 deployed throughout your organization to use DirectAccess -- you can use an IPv6-over-IPv4 tunnel -- but it helps, security-wise, if you implement a full IPv6 network.