Last Friday, two interesting and complementary blog posts appeared, each with its own discussion of security in the latest Windows 10 Technical Preview version. The first comes from Microsoft itself, in a post by Jim Alkove for the Windows for Your Business blog, entitled “Windows 10: Security and Identity Protection for the Modern World.” The second occupies a significant portion of Paul Thurrott’s mind-bending Windows SuperSite article entitled “Windows 10 is the Most Audacious Release in the History of the Platform.” This is pretty strong stuff, and will take a little time to work your way through. Hopefully, the summary that follows will give readers the impetus to do just that.
It is too facile to say that Windows 10 locks things up from a security perspective, though it certainly adds and extends protection at many levels.
Source: Shutterstock 210211225.
The MS blog post raises the following issues:
- Windows 10 is intended to “move the world away from the use of single factor authentication options, like passwords.” Once mobile devices are enrolled, they become one of two factors required for authentication, where the second factor could be a PIN or a biometric (e.g. a fingerprint). This lets a user’s smartphone vouch for his PC and requires attackers to compromise two devices to mount a successful attack. MS describes this functionality as allowing a mobile device to “…behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.” It works with existing PKI infrastructures, and with Active Directory, Azure Active Directory, and Microsoft Accounts. MS is also taking steps to protect user access tokens created upon authentication from attack by storing them in a secure Hyper-V based container.
- Windows 10 will build “robust data loss prevention right into the platform itself.” This involves use of strong encryption technologies from BitLocker, Azure Rights Management, and Information Rights Management in MS Office, but adds DLP technology “that separates corporate and personal data and helps protect it using containment…” so that there’s “… no need for … users to switch modes, or apps, in order to protect corporate data, which means that users can help keep data safe without changing their behavior” (emphasis mine). This applies equally to mobile devices running Windows Phone and to other devices (also possibly mobile) running Windows. VPN control options for remote access are also extended and improved, including “app-allow and app-deny lists” as well as controls aimed at “specific ports or IP addresses.”
- “When it comes to online threats, such as malware, we’ll have a range of options to help enterprises protect against common causes of malware infection on PCs.” This includes options for device lock down, mechanisms to allow users to install only trusted apps (though MS provided signing services) that covers “anything that can run on the Windows desktop” for both mobile and desktop devices and PCs.
Thurrott follows up with his own salute to security improvements, including:
- Use of Azure Active Directory (AAD) instead of Microsoft Accounts (MSAs), which “enables corporations to federate their on-prem Active Directory with AAD and continue using the Universal apps platform and other features that required an MSA in a way that respects their internal policies” (emphasis mine).
- Integrate multi-factor authentication more deeply into the platform (ties into the use of mobile devices as what Thurrott labels as “virtual smart cart technology” through use of mobile devices as explained above).
- Information protection is another way of describing data loss prevention (DLP), which Thurrott views as an “evolution of the rights management technologies Micrsofot has been working on for over a decade…”
- Secure remote access, which Thurrott explains as an “evolution of the managed VPN technologies that debuted in Windows 8.1 and Windows Phone 8.1” which he sees as “extend to individual desktops and Universal apps (per-app VPN) and managed via MDM” (Microsoft Device Management) and made “available to all third-party VPN providers.”
The MS post conveys all the key points, but Thurrott is better at estimating their impact on enterprises and organizations that will deploy the new OS sooner or later (probably later, if history is any guide, though these new features may actually provide a real impetus for businesses to speed things up, somewhat). Good stuff!
PCs are not dead and neither is Microsoft.
The company proved the skeptics wrong and posted strong revenue for its fiscal year first quarter 2015 earnings. Microsoft posted $23.2 billion in revenue, up 25% compared with the same period last year. However, net income was down $4.5 billion, compared with $5.2 billion a year ago.
While Microsoft’s fortunes are tied to a variety of technologies from PCs, servers, tablets, and Windows to Office 365 and cloud services, its transition to a mobile and cloud-first company is clearly making headway.
Indeed, Microsoft is actually making money from its hardware and posted nearly $11 billion in revenue in its Devices & Consumer group. Not only is the Xbox console doing well, even Surface is making a comeback. This quarter Surface posted $908 million in revenue, much of it driven by sales from the Surface Pro 3. That’s a big turnaround considering Microsoft had to take a $900 million inventory write-off for Surface RT during its fourth fiscal quarter of 2013, causing the company to miss Wall Street’s expectations.
On Windows Phone, Microsoft only enjoyed “modest gains,” said CEO Satya Nadella during the earnings call. Those gains took place in Europe where Microsoft captured some market share due to low-cost phones.
It’s clear Microsoft has a lot of work to do against the smart phone leaders. The company hopes its Windows ecosystem of universal apps will drive sales but what matters is how Microsoft executes its strategy. The company must convince device owners to make the switch away from Apple iOS and Google Android. Today, it’s all about the apps. Good luck, Microsoft. That’s no small feat.
What will be interesting is whether enterprises make the shift towards PC refreshes once Windows 10 ships next year.
Both Microsoft and its OEM partners enjoyed some growth during fiscal 2014 due to businesses refreshing their PCs with the end of support for Windows XP in April 2014. But now, there’s little incentive for IT pros to go through another PC refresh, especially if the upgrade cycle occurred within the last two years.
PC growth will continue and the overall worldwide decline in shipments is not as high as before according to recent market data from IDC. PCs are not getting cannibalized by the tablet market as much as before and the growth of well-designed notebook PCs and Chromebooks all factor in to a more stable market. IDC forecasts PCs to decrease 3.7% in worldwide shipments for 2014, which is less than was previously forecasted with a decline of 6%.
Nadella said he expects the enterprise to go back to its normal PC business refresh rate in 2015. I suspect, though, that despite early positive feedback for Windows 10, it won’t motivate businesses enough to upgrade their employee’s PC as most likely they’ll be able to run the new OS on a “fairly new” PC. By that I mean one that was bought or leased only within the past two years.
Where Windows OEM Pro licensing reflects the PC market forces, overall Windows volume licensing did grow by 10%. However, it’s going to be a tough battle for Microsoft now that they’re offering Windows licenses for free for phones and tablets below 9 inches. That’s lost revenue, which they think will be offset by the emerging low-cost $199 Windows PCs the industry will see unveiled this fall and winter.
For IT pros wondering whether they should move their organization’s on-premises Office productivity suite to the cloud, more companies seem to be doing so as sales of on-premises Office are getting cannibalized by Office 365.
With Office, one-third of the renewals include Office 365, according to Amy Hood, Microsoft chief financial officer. “We are seeing a mix shift from on-premises to the cloud, from transactional purchasing to annuity, and from standard to premium versions,” Hood said.
Let’s say you’ve been meaning to install Windows 10 on a test machine, but you haven’t gotten around to that just yet. Because MS has already released another version of the Windows 10 Preview, this might mean you’d have to download and install the original build (9841), then do likewise for the latest version (Build 9860) to play catch-up. “Wouldn’t it be easier,” I can hear many readers grumble, “if MS just provided a new ISO file so that those just getting started with Windows 10 could just install 9860 in one fell swoop?” Alas, that’s not what MS provides, but there is a way to get there from what is available, thanks to Chris Holmes, an automotive electrician from NYC who dabbles pretty seriously with Windows stuff as an avocation (and thanks also to Sergey Tkachenko of WinAero.com for alerting me to this possibility by posting a nicely illustrated blog about an ESD Decrypter tool and how to put it to work).
Holmes has actually blogged on this topic himself in a post called “Make an ISO for Windows 10 9860,” wherein he describes how to take the ESD file from the 9860 Win10 update and convert it into an ISO for direct installation. ESD stands for electronic software download, and for Windows updates, it refers to an encrypted and heavily compressed Windows Imaging Format, or .wim, file. This file is part of the download for the 9860 update: it’s named install.esd and it resides in C:\$Windows.~BT\Sources while the download and install process is underway.
Once you’ve downloaded and installed the ESD Decrypter tool, you can use it to create what the program calls a “traditional Windows ISO” from the install.esd file you’ve obtained and stashed in a directory of your choosing. You can either shell out of the download and install runtime environment on a Windows PC while the install gets underway and save a copy of install.esd, or you can grab the x64 or x86 versions of that file directly online (thanks to links from Tkachenko’s blog post on the subject). Either way, you’ll run the decrypt.cmd file from an administrative command prompt windows, and type the number 4 at the command prompt input line to build a traditional ISO image. From there, you can use Rufus to construct a bootable UFD installer for the latest Windows 10 build, and be off and running with the latest version without first having to install Build 9841 and immediately upgrade it to Build 9860. I like it, and you probably will, too! In fact, this is a nice addition to my overall Windows image management toolkit.
In the last week’s technology news, I’ve been struck by the recent confluence of several business and technology factors that either promise or threaten — I can’t yet really decide which — to remake the world of personal computing as it’s currently understood by those who come at it from the Windows direction. Certainly, it’s already clear that for the bulk of the world’s low-end consumption of processing power, the advent of low-cost high-function smartphones and tablets primarily based on Android has broadened the total user population enormously. Microsoft is by no means oblivious to this trend, and has been casting about (along with technology partners such as Intel) to find a counter to the otherwise inevitable loss of its market position to Google and the hordes of budget device designers and fabricators driving the Android phenomenon relentlessly forward.
The HDMI stick is the same size as a typical USB flash drive; plug it into a suitably-equipped TV, add keyboard and mouse, and you’ve got a PC at your disposal.
Here are some examples of what I’ve been seeing that lead me to believe that the Windows team may be closing in on some interesting and possibly effective low-budget counter-thrusts:
In this story at Neowin, a $200 Windows 8.1 PC that’s small enough to fit into a pocket is depicted and discussed: “ZOTAC unveils the ZBOX PI320, a $200 Windows 8.1 PC the size of a chunky smartphone” (10/21/2014; Quad-core Intel Bay Trail Z3735F CPU, 2 GB RAM, 32 GB Flash SSD, 3xUSB3 ports, full-size HDMI, microSD, Ethernet GbE, 802.11n Wi-Fi, Bluetooth 4.o).
Sean Portnoy at ZDnet profiles an E Fun Nextbook in a story entitled “$179 10-inch Windows 8.1 tablet coming to Walmart,” (10/21/2014; Quad-core Intel Bay Trail Z3735G CPU, 1 GB RAM, 32 GB Flash SSD, 1xmicroUSB2, mini-HDMI, microSD, 10.1″ 1280×800 IPS touch screen, attachable POGO keyboard base, 802.11n Wi-Fi, Bluetooth 4.o, one year free Office 365 subscription with 1 TB OneDrive cloud storage and 60 free Skype world minutes monthly).
Shreyas Gandhe writes about a $125 UFD form-factor PC in another Neowin story entitled “Intel Bay Trail-based HDMI stick capable of running Windows 8.1 goes on sale” which recounts an Alibaba affiliate selling a complete HDMI dongle-based PC for $110 (the extra $15 covers shipping world-wide; 10/19/2014; no OS included or pre-installed; Quad-core Intel Bay Trail Z3735 F or G, 2 GB RAM, 16 or 32 GB Flash SSD, 2xmicroUSB2, micro HDMI, microSD, 802.11n Wi-Fi, Bluetooth 4.0). Here’s the link to the English-language product page at Aliexpress for “Merry He’s store” in mainland China.
In all three cases, users gain access to usable computing for $200 or less, in form factors that range from a mid-sized tablet with clamshell keyboard (E Fun Nextbook), to a sub-NUC supercompact PC (ZBOX PI320), to an HDMI plug-in PC ready to add to just about any modern TV set to turn it into a fairly full-featured PC that can run either Windows (all models) or Linux (HDMI stick). These devices put reasonable computing power into just about anybody’s hands in an affordable and compact vehicle, where a TV set can act as a first (or second) monitor. A modest outlay for peripherals (keyboard and mouse) turns these offerings into usable desktops, even.
What we see here, I think, is a real riposte at the emerging dominance of Android based smartphones and tablets, at the same price points as those “other” devices already deliver. It remains to be seen whether the low-end buyers at which these offering are aimed will “get” that PC capability buys them more than what Android devices deliver, or it they will even care. I do think this latest wave of low-cost Bay Trail devices has a chance to retilt current buying trends in the global marketplace, but only time will tell if that chance will turn the tide or not.
In working with the Windows 10 Technical Preview, and reading others’ reviews of that environment, I’ve been forcibly struck by the major improvements and additions to the venerable old command line prompt environment, accessed in Windows versions through cmd.exe since time immemorial. The key to exploring this facility’s new features and capabilities lies in the Experimental tab in the tool’s Properties window as shown here:
Check all available checkboxes after enabling experimental features (top checkbox) to explore the full range of added features.
There’s a nice blog post in the Building Apps for Windows blog dated 10/7/2014 from Rich Eizenhoefer that explains all these features. It’s entitled “Console Improvements in the Windows 10 Technical Preview” and it’s very much worth a read-through. The checkbox items in the preceding screen cap do tell most of that story, for those who know how to read between the lines, but here’s a quick recap to help make things clearer for those who may not immediately grok all the potential implications involved (verbatim text from the screen cap is bolded to make it stand out from the rest of the following information):
- Enable experimental console features (applies globally): turns on the new cmd.exe features for all users, and also applies to the PowerShell environment, too.
- Enable line wrapping selection: You can turn line wrapping on or off inside the Command Prompt window at will (but it’s necessary for it to be turned on to support the “Wrap text output on resize” item below).
- Filter clipboard contents on paste: TAB characters are removed when pasting, and smart quotes get converted to dumb quotes likewise.
- Wrap text output on resize: In keeping with the newly-added ability to arbitrarily resize the Command Prompt window using standard controls (mouse to stretch horizontally, vertically, or diagonally), the window can also wrap text automatically to fit the current window size.
- Enable new Ctrl key shortcuts: There are lots of Ctrl key shortcuts for navigating and selecting text in Windows applications. For those familiar with these shortcuts they now work in the Command Prompt window; those unfamiliar with them will find all of them nicely documented in the aforelinked Building Apps for Windows blog post that precedes this bulleted list.
- Extended edit keys: No more need to right-click the Command Prompt title bar to cut-n-paste text using pop-up menu selections. You can now cut and paste text inside the Command Prompt window using Ctrl-C (cut) and Ctrl-V (paste) keys, and the mouse cursor to select text without opening or navigating any menus at all. Hooray! For the complete set of editing key options available, check the blog post again.
- Trim leading zeros on selection: When numbers include leading zeros, these will be removed from the paste buffer by default when using cut-n-paste operations in the Command Prompt window. If you need to retain leading zeros for some purposes or specific applications, be prepared to toggle this on and off as needed.
- Opacity controls can be set between 30% and 100%; lower values allow you to see into the window behind the open Command Prompt window, which may be helpful in some situations. When it comes to this setting, YMMV clearly prevails.
There are a few other new features not explicitly called out in this window that are nonetheless worthy of mention:
- High-res display support: The Command Prompt window supports selection of TrueType fonts via the Fonts tab, where that facility automatically scales fonts to an appropriate size based on monitor size and pixel resolution. For high-res displays, especially those at 2K or larger, this makes Command Prompt text much easier to read (or even see, for those approaching geezerhood, like yours truly).
- PowerShell support: Everything that goes for the Command Prompt window in Windows 10 also goes for PowerShell, too. Among other nice benefits, this enables easy back-n-forth action between both environments with consistent features across the board for cut-n-paste, window resizing, high-resolution readability, and transparent windows. Hooray again!
This is good stuff, and worth getting to know, especially for admins who tend to spend more time on the command line than do most ordinary Windows users.
On October 15, the Microsoft Open Technologies initiative announced that it plans to “deliver new container technologies in the upcoming wave of Windows Server releases.” At the same time, the company also announced a partnership with Docker Inc. that is intended to add Windows Server support to existing Docker tools, where the Open Tech group will contribute software to the Open Source Docker Client to “support the provisioning of multi-container Docker applications [running] on Azure.” Here’s the image that MS used to depict what’s on its way in the next version of Windows Server:
Microsoft Azure already supports Linux hosted containers; the next Windows Server version will support them natively.
MS plans to demonstrate this capability at Docker Global Hack Day #2 coming up at the end of this month (October 30). A technical preview of what Mary Jo Foley wisely labels “Windows Server vNext” — given that we don’t yet know what MS intends to call this product family — is available on MSDN to those with access to that service. It appears there under the heading of “Windows Server” as “Windows Server Technical Preview,” “Windows Server Technical Preview (VHD),” and “Microsoft Hyper-V Server Technical Preview.”
The way in which MS describes this effort is both interesting and accurate enough to be worth presenting verbatim, so here goes:
Docker is an open source engine that automates the deployment of any application as a portable, self-sufficient container that can run almost anywhere. This partnership will enable the Docker client to manage multi-container applications using both Linux and Windows containers, regardless of the hosting environment or cloud provider. This level of interoperability is what we at MS Open Tech strive to deliver through contributions to open source projects such as Docker.
Docker containers simplify the development of software applications that consist of micro-services. Each service then operates as an isolated execution unit on the host. Common use cases for Docker include:
- Automating the packaging and deployment of applications
- Creation of lightweight, private PaaS environments
- Automated testing and continuous integration/deployment
- Deploying and scaling web apps, databases and backend services
This promises to be an interesting development for Windows Server, which has been perceived to be lagging behind in the container field, despite Hyper-V’s substantial virtualization portfolio. I expect this to be one of the biggest and most heralded new features to be discussed and explored as the next version of Windows Server makes its way through the preview process and into general release around the middle of 2015.
Yesterday was the second Tuesday of the month, Microsoft’s customary day to unleash its latest batch of updates, fixes, patches, and so forth. The October 14 collection included 30 mandatory items on my Windows 8.1 and Office 2013 equipped desktops and notebooks, along with at least one optional item as well (a fix to avoid an unwanted camera switch on PCs with more than one camera attached: this usually means a tablet or mobile device with cameras fore and aft). Eight bulletins were released to address a total of 24 vulnerabilities that touch upon most modern Windows versions (server and desktop), the MS .NET Framework, MS Office, and most versions of Internet Explorer. The most current Security Bulletin Summary provides all the gory details, but I am coming to really appreciate the “summary graphic” from the talented art staff at ghacks.net which released this gem yesterday afternoon:
Most exploitable items are numbered zero; otherwise, bulletins are ranked by severity. Lots of action — and restart items — here.
The bulletins of greatest interest appear at the top of this very informative table:
- MS14-056: Critical: Cumulative Security Update for Internet Explorer (KB2987107)
- MS14-057: Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB3000414)
- MS14-058: Critical: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (KB3000061)
Microsoft also release three security advisories worth digging into this month as well — namely:
- 2871997 Update to Improve Credentials Protection and Management: designed to enhance and improve credentials protection and domain authentication controls to help reduce credential theft for Windows 7 and 8.1 versions plus Windows Server versions 2008 R2, 2012, and 2012 R2.
- 2949927 Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2: adds support for SHA-2 signing and verification functionality (not needed in Windows 8 and Server 2012 versions; already included therein).
- 2977292 Update for Microsoft EAP that enables the Use of TLS: Update to the MS Extensible Authentication Protocol (EAP) to enable use of TLS 1.1 or 1.2 through system registry modifications. Works for all modern Windows versions (7 and up on the desktop; 2008 R2 and 2012 on the server).
Admins planning for update deployments should also ponder the security advisories as well, and plan their next scheduled deployments as soon as their testing and open time slots will permit. There’s some important stuff in here!
Here’s something I hadn’t seen before, on the lighter side. Check out the following screen shot, which shows the Windows 7 game collection running on the Windows 8 desktop (it works on the Windows 10 preview, too, according to Russian blogger and Windows maven Sergey Tkachenko).
Windows 7 games windows on the left, Windows 8 system widget on the right, thanks to a clever tool.
The clever tool that makes this possible is a zipped install file at MediaFire.com entitled “Windows-7-Games-For-Windows-8-8.1-32-and 64-bit.zip.” Tkachenko describes the download and install process, liberally illustrated with screenshots, in a recent blog post entitled “Get Windows 7 games for Windows 10.” For long-time Windows users like me, who learned to appreciate these games as far back as Windows XP, this makes a welcome return possible for some familiar inhabitants of the Windows desktop. Today’s blog post certainly doesn’t count as anything more than a waste of time, but it does bring back some software I’m glad to be able to use again (and again…) myself. If you feel likewise, be sure to grab and install the afore-linked download!
My son’s desktop PC is a Haswell-vintage version of the excellent Dell XPS2720 touchscreen All-in-One. Mostly, it’s a solid, stable, and dependable machine. But in the last two weeks, the network connection — which comes through a Killer N1202 wireless 802.11n interface, there being no GbE access readily available in his bedroom — has gotten increasingly flaky. Last night, he told me he couldn’t get on the network at all, so while he was getting ready for bed, I launched into a little impromptu troubleshooting. In a clear-cut case of hubris, I thought to myself “How hard can this be?” And sure enough, it turned out to be pretty darn difficult.
The Symptoms and the Trouble
Each time I reboot the machine, the network comes up with the warning asterisk on the signal strength icon in the notification area. At first, I’m able to connect to our target home network (but the “View Connections” display shows far fewer local hotspots than usual; 2 instead of the usual screen full and more). But once the machine runs for two or three minutes, the network connection drops, and I’m unable to restore it without another reboot, and the same thing repeats ad nauseam.
At this point, I’m thinking “corrupt or failing driver,” so I start researching others reporting similar trouble. I find numerous posts on the community.dell.com servers from users running the N1202 on Windows 8.1 Update 1 and newer who are reporting similar symptoms, and even when Dell recommends uninstalling the current driver, then installing the latest version from the Qualcomm servers (the makers of the Killer N1202, having taken over the BigFoot operation a couple of years back), the problems aren’t always fixed.
First thing I try is the uninstall/install latest driver approach. The Killer N1202 works with a collection of software called the Killer Suite. It’s a Windows Store (Modern) UI app, and there’s no way to uninstall it through Programs and Features, nor does the program collection itself come with an uninstall utility. So I try out the newer version of that software (184.108.40.2063) to replace the current version (1.0.30…). That installer is smart enough to uninstall the old version before installing the new one, but that requires two reboots along the way: once after uninstalling the old version, and again after installing the new one. I grind through the process, then try to establish a network connection using the new driver. No joy, as so many other online users reported.
This is when things could get really interesting, in the sense of the famous Chinese curse (“may you live in interesting times”). But I don’t feel like a deep dive into driver troubleshooting, and the Dell Support Tech’s instructions to “restore to factory default settings” can’t work for me, because I’ve long since blown away that restore partition, en route to switching from a configuration with a small SSD acting as a cache for a large conventional HD, to a configuration with a 256 GB boot SSD, and using the 2GB HD solely as a data drive. If you want to see a pretty complete litany of troubleshooting approaches, check out this set of Microsoft Social Forums postings, with special attention to the sequence described by FelixLII on 4/27/2014.
Recalling the famous tale of the Gordian knot, I decide to adopt the “Alexandrine solution.” Because I keep a couple of cheapo, low-profile 802.11n USB NICs around (I picked them up from Newegg late last year for the entirely unimpressive price of $10 a pop), I simply installed one of them in one of the three unused USB3 ports on the back of the Dell unit. The OS immediately recognized the device, loaded the appropriate driver, and I was able to connect to my home’s WAP without difficulty. It’s hard to justify hours of extended troubleshooting when for $10 (which I can cheerfully confess is significantly lower than the value of an hour of my time) you can sidestep the issue completely and effectively. As an added bonus, overall performance is at least on par with the Killer NIC; better, if you factor in non-stop, ongoing operation without intermittent failures!
This approach — namely, blow off difficult troubleshooting with a balky peripheral, and replace said peripheral with a cheapo replacement — may not be viable in all situations, but it’s certainly something to bear in mind when replacement devices are inexpensive, easy to come by and install, and don’t impose much of a burden on the users who must live with the solution. If we were talking about a Surface Pro 3 with only a couple of USB3 ports on the tablet (and only 1 port into which the device will plug without a mini-USB to conventional-USB converter), it would be a totally different story. But for this story, I’m more than happy to accept this outcome and move on to other, more pressing problems. Wouldn’t you do the same, given those options?
It’s been five months since Microsoft’s Azure RemoteApp service went into preview and some users have turned into pseudo-IT pros out of necessity.
Two professors from Creighton University Heider College of Business in Omaha, Neb. recently began deploying a pilot test with approximately 100 students on their own. The school’s IT department was already committed to other projects so the professors were largely on their own.
The pilot test started because the University had problems supporting a mixed operating system environment for its students, said Trent Wachner, associate professor of marketing at Creighton University.
With students already bringing Macs, PCs and tablets, the professors needed to learn to deploy Windows applications to students efficiently.
“This platform benefits us in different ways,” said Charlie Braymen, assistant professor for the department of economics and finance at Creighton University. Students with Mac laptops needed access to Windows applications and software from the computers without having to go to a computer lab.
The business school tested a number of offerings including those from Citrix and VMware before turning to Azure RemoteApp.
One of the key benefits to Azure RemoteApp is its ability to scale and support occasional use or leverage heavy usage from students in an entire classroom, Braymen said. In addition, the professors use Azure RemoteApp to create custom images.
While the business school has not encountered many glitches so far, the one obstacle they had was when students all logged into the service at the same time.
“It took a while for the additional virtual machines to fire up,” said Braymen. The issue was resolved quickly. Microsoft adjusted the setup to increase the number of servers and CPU cores allocated, he added.
But even if the professors turned into pseudo IT-pros for this project, they still needed support from their own IT department. The service needed to be integrated into the college’s own campus authentication system, requiring help from Microsoft and the university’s IT department to resolve the issue as quick as possible.
Creighton’s Heider College of Business has so far had a positive experience but whether the university adopts the service throughout all its colleges is unclear. The business school is ready to roll out the service when Microsoft announces pricing and moves into general availability mode.
But service licensing issues remain. Microsoft still must clarify Azure RemoteApp’s licensing and pricing policies.
Indeed the business school is working through issues as to whether licenses available for one location can be used at another.
“It’s a work in progress,” said Wachner.
Some hiccups encountered
On the other hand, some testers have encountered hiccups with hybrid deployment and accessing OneDrive uploads.
Some reported challenges include Internet latency and file access problems with OneDrive and inability to attach files to emails. Others believe the core technology works but the management features are still in its infancy.
“The biggest difference between traditional RemoteApp and Azure RemoteApp is the management [of the service],” explained Gabe Knuth, a virtualization expert and TechTarget columnist, based in Omaha, Neb. “The protocols and operating systems are the same, but managing Azure RemoteApp from the cloud is not the same as managing RemoteApp locally.”
Issues such as hybrid deployment set up, configuration of the VPN, load control and custom apps are not easy to set up, said one tester.
The setup has been so difficult that blogger Freek Berson for The Microsoft Platform published a post teaching IT pros about how to set up an Azure RemoteApp hybrid deployment.
“The team is aware of these requests and interacting closely with customers to resolve issues…,” said Klaas Langhout, principal director for program management of Microsoft’s remote desktop group.
Most users and IT pros are cognizant the service is still in beta mode and work needs to be done before companies can deploy the service.
For now, whether one deploys the service or waits, companies needs to determine whether the Azure Remote App service is for them. Companies can also look at offerings like Amazon’s Workspace or other competitive DaaS products.