Wipe and Replace to Update Your Devices
With the release of Windows 10, many IronKey Windows To Go customers are upgrading their Workspace devices to the latest Windows 10 Enterprise build. The reasons why? Many are doing it for their main Windows To Go devices— like me— and many others are doing it for the ability to do trial deployments of Windows To Go in their offices. Here at IronKey, we wipe and replace to update our devices. To do this, back up your Windows data and any information you require to rebuild your device, replace the Windows OS using either Microsoft’s Windows To Go Creator or IronKey’s Provisioning Tool or Scripts (if you are mass provisioning), and simply recreate. To the best of our knowledge no Microsoft upgrade tools will permit an in-place upgrade of Windows To Go devices from Windows 8 or Windows 8.1 so this is the best option.
Windows as a Service: When in-place upgrades may be important for Windows To Go
As Microsoft moves to a Windows as a Service model, they’ve introduced new update rings – Current Branch, Current Branch for Business (CBB), and the Long Term Servicing Branch (LTSB). I won’t go in to what license model allows you access to which path, but instead focus on the philosophy. Microsoft’s intention of a single Windows as a Service model with on-going updates is to build an OS ecosystem in which most customers will, by following along, be on an identical or very recent version of Windows 10. So here’s the advantage. If you have a Windows app or application, compatibility will be improved because a majority of PCs (WTG, desktops and laptops) will be on a recent Windows 10 version. This is a huge benefit to development and should alleviate a major headache for the deployment of apps and applications as you can expect a much more homogenous set of OS versions in the field.
The Challenges of Windows as a Service
As with anything new, there are challenges. The first is deciding on which branch is right for you and/or your organization. The Current Branch is the one consumers will use and is available for Home, Pro, Enterprise, and Education W10 editions. In this branch you get all the updates through Windows Update and receive all security and feature updates. The next ring out is Current Branch for Business (CBB) which allows for organizations on Pro, Enterprise or Education Editions to (1) delay feature update until testing is completed, and (2) use a wider variety of delivery options (adding Windows Update for Business and Windows Server Update Services (WSUS)). The delay allows for testing, and includes a bit of a stick that Microsoft will stop support if you delay too long and do not update Windows. Mary Jo Foley notes in an article that “Business customers on the Current Business Branch are going to have 12 months before they are required to deploy fixes and new features,” so Microsoft is providing a fair amount of lag time before nagging customers. Long-term Servicing Branch (LTSB) (available to Enterprise Edition only) allows for more stability for a longer time period (think ATM), but may require some IT calculus around decisions to take if there are features that look attractive. IT must then decide to move to a different update branch, like CBB, or wait for a newer LTSB.
Here is a table that shows the different servicing options, the supported OS editions, and delivery options:
The In-Place Upgrade Dilemma
The catch is that some updates will require not just a patch, but an in-place upgrade! It is unclear what features or functions, and on what cadence, an in-place upgrade will be required. But until Microsoft deploys an updater to work with Windows To Go devices, you may need to hold updates or be prepared to wipe and replace when Microsoft pushes an update that requires an in-place upgrade (something larger than a security patch). For IronKey Windows To Go customers who are leveraging WTG as a secure endpoint— for example by providing a VDI Citrix or VMWare client on a secure workspace to bypass potential host PC malware issues— this may not be a big issue. In these cases minimal OS functionality may be required, or a very locked down OS is sufficient and IT does not expect to adopt many new Windows 10 features. On the other side, for organizations leveraging Windows To Go for broader OS deployments (like IronKey!) where many of us are interested in the latest OS features for testing, security and convenience; any time an in-place upgrade is required, we will need to recreate our Windows image and wipe and replace our devices.
And there is the dilemma: As we wait for Microsoft to update their tools we’ll be in a pinch whenever an in-place update of the OS is required for new functionality.
We’re looking at some other options on how to do this— PowerShell scripts is one thing we’re investigating— so we’ll keep you informed as we learn new information from Microsoft and any insights our team discovers.