Managing the Windows 10 update tsunami
Connecting state and local government leaders
Windows 10 marks a fundamental shift in the way agencies will manage and deploy system upgrades and cumulative patches.
The deployment of Windows 10 -- notably in the 4 million Defense Department machines slated for the transition -- is not proceeding quite as smoothly as was initially hoped. Agencies are starting to see the full scope and impact of Windows 10 and beginning to realize the new OS will be putting quite a strain on existing processes and infrastructure.
One of the biggest challenges coming up for Windows 10 administrators will be two main update types: branch upgrades and cumulative updates, also known as patches or Windows updates. Branch upgrades, new to Windows 10, can be as large as 4GB and occur as often as every six months.
It’s important to understand what Microsoft means by branches upgrades before exploring the effect of cumulative updates.
Branches upgrades are the new mechanism that delivers a large set of new features and fixes to Windows 10. They are somewhere between a service pack and an operating system upgrade. They are similar to a service pack in that they are a combination of new features and fixes, but they differ in frequency, size and impact to the end user. As agencies roll out Windows 10, they will need to consider the branch upgrade process and size, branch frequency of releases, branch types and the implications of what branch is selected.
Windows 10 updates, or patches, are different from anything else experienced with previous versions of Windows. A significant change for government IT managers will be the new cumulative updates. Rather than doling out updates piecemeal -- the previous Microsoft practice -- IT will be getting hit with an updates that include all previously released fixes. Instead of a controllable variable, IT may have to deal with 10 to 20 fixes in one package. Thus, patch management becomes a critical factor in ensuring that an agency environment remains stable and secure.
Consider these five issues to begin planning what will be a rather different process for managing changes to Windows systems:
1. Impact of branches vs. service packs
There are four servicing branches that deliver upgrades at different frequencies. Enterprise users will likely deploy Current Branch for Business, in which upgrades are released twice a year, or the Long Term Servicing Branch that gets upgrades every two to three years. These branch upgrades are going to have a much bigger impact on the network and local storage than the old service packs. They are bigger, will be released more frequently and entail far more significant changes.
See the following table to understand how Windows 10’s version 1511 branch upgrade compared to older Windows’ service packs.
|
Windows Update |
Size x86 (MB) |
Size x64 (MB) |
|
Windows Vista Service Pack 2 |
475 |
745 |
|
Window 7 Service Pack 1 |
542 |
912 |
|
Windows 10 1511 ISO |
3,400 |
4,116 |
2. Branch selection strategy
IT managers must plan on deploying and supporting multiple branches. The challenge with Windows 10 is the perpetual introduction of new features, not to mention the all-or-nothing approach to patching with the cumulative updates. Branch selection is not a one-size-fits-all choice; it adds another layer of complexity and security risk to Windows 10. Agencies that must minimize any service disruptions may opt for the Long Term Servicing Branch, with upgrades every two to three years and a long service lifetime. They could also deploy one of the more frequently changing branches on a subset of computers to gather early feedback for potential application compatibility issues. This subset would be targeted to power users who can work with IT to explore any issues that may arise.
3. Security protection
These branch upgrades will be more disruptive and affect security if they are not rolled out. With Current Branch, patches are supported for potentially as little as 18 months, and Current Branch for Business patches get only 14 months of support. With this short life, agencies must become both proficient and efficient in these branch upgrades to get the latest security updates. As noted, agency IT managers may find that moving some systems to a different branch will increase efficiency.
4. Update compatibility tsunami
One of the important factors with Windows 10 cumulative updates, or patches, is that agencies will no longer have the flexibility they had with prior OS models. Previously, agency IT managers could evaluate the security risks of each patch. Now they will be forced to make a decision between security and application availability. Because Windows 10 updates are cumulative, IT managers will be unable to selectively exclude problem patches; therefore, application compatibility will be a much bigger issue.
5. Patch strategy
Just as agencies must decide on a branch strategy, they also should be thinking now about patch management and an update rollout strategy. It’s time to implement test pilot and staged production groups and, in each phase, decide on acceptance criteria for exiting and proceeding to the next group. For government agencies with distributed offices, IT should plan how it will update remote devices. It’s imperative that IT has a systematic plan in place because these cumulative updates will be large, put more pressure on the network and could put systems out of compliance.
Windows 10 marks a fundamental shift in the way agencies will manage and deploy system upgrades as well as cumulative patches. It is truly a tsunami in the making, but with careful strategic planning, government agencies can mitigate risk and maintain security as these changes roll out. The DOD deployment provides insights into how challenging this change can be and how important it is to think through not only about the initial deployment but also consider the updates to come.
NEXT STORY: How cities use data to plan bike routes