When deployed in conjunction with Windows Server® 2008 R2, Windows® 7 Enterprise provides the mobility and accessibility end users want, while preserving the security and control that IT professionals need.

by Jay Parkes

In our "Better Together Finally Comes Together" article about the launch of Windows Server® 2008 in the February, 2008 issue of the Tuesday Technology Report, we introduced Microsoft's notion of the added benefits organizations can gain from the integration of desktop and server operating systems–beyond the strong value proposition that each product offers on its own. Microsoft calls it "Better Together", and in that case, we were talking about Windows Vista® and Windows Server 2008 (WS2008).

When Microsoft launched Windows® 7 Enterprise this past October, they also introduced Release 2 of Windows Server 2008, once again espousing the "Better Together" added features and benefits of integration that simply aren't available, or at least not available to the same degree, if both products aren't installed.

"Even though the 'Better Together' moniker may be relatively new, this isn't a new approach for Microsoft," suggests Darin Stahl, lead analyst at London, Ontario-based Info-Tech Research Group, who claims that Microsoft has been doing this since back in the days of the Microsoft NT Server and Client. "Numerous incremental benefits on the desktop will come from adopting the new Windows 7 client OS, but over time, those benefits will be extended considerably as organizations upgrade their backend server infrastructure to WS2008 R2," adds Stahl.

Along with System Center products and the Microsoft Desktop Optimization Pack (MDOP) 2009 R2, the integration of Windows 7 and Windows Server 2008 R2 comprises what Microsoft calls the Windows Optimized Desktop solution. Research that Microsoft conducted when planning Windows 7 revealed that mobility/accessibility, manageability, and security and risk management were key sources of tension commonly found between end users and IT. The Windows Optimized Desktop (WOD) solution is expected to relieve that tension by providing the mobility and accessibility end users want, while preserving the security and control that IT professionals need.

"In spite of shrinking budgets and a difficult economy, there is continued pressure on IT organizations to meet end-user needs, while delivering business value from their IT infrastructure investments," says Elliot Katz, senior product manager, Windows Client at Microsoft Canada. "One way to help organizations address such demands is to make sure they understand the value of the Windows Optimized Desktop."

To that end, let's look at how WOD addresses accessibility, security and manageability requirements:

The number of remote and mobile workers in today's organizations is growing rapidly, and along with it the need for workers to have access to centralized corporate information and applications regardless of where they are working. Connecting remotely to corporate resources, however, often entails setting up a VPN link–a private 'tunnel' through the Internet. This can take time, generally requires special client-side software and isn't always reliable–if the link goes down, it has to be set up all over again.

With the new DirectAccess feature, made possible through Windows 7-WS2008 integration, users can simply click on the DirectAccess icon on their PC and be automatically and immediately connected to the corporate network without requiring a VPN. DirectAccess uses industry-standard protocols, including IPv6 and IPsec, to enable remote users to quickly and easily access centralized applications, file shares and intranet Web sites accessible from anywhere they have an Internet connection.

"This feature is both an accessibility and productivity feature since it makes it easier and faster for remote users to access the resources they need to do their jobs every day," says Katz, adding that it is also seen as a desktop manageability feature. "Because the connection to the central domain server stays active as long as the client PC is turned on, even if the user isn't actually logged onto the corporate network, the PC can be easily updated with new software or security patches, for example, through the use of automated deployment tools such as SMS."

"DirectAccess has the potential to displace a lot of existing infrastructure, including the VPN infrastructure, which has to be maintained separately and involves third-party component costs," says Info-Tech's Stahl.

A Forrester Research study states that of the 60 per cent of employees that work outside their organizations' headquarters, about 29 per cent work in branch or remote offices.[1] However, typical branch office WAN connections to corporate resources can be expensive and slow, negatively impacting user productivity. The BranchCache feature, made possible through Windows 7-WS2008 integration, drastically reduces WAN-related problems and performance bottlenecks by caching data locally in the branch that has been downloaded from corporate servers.

Protecting data is of primary importance to any IT department, and many organizations are bound by industry or government regulations to protect data from unauthorized access. With a little help from Active Directory, Windows 7 Enterprise and Windows Server 2008 R2 can help this effort through policy-based network security and features such as Network Access Protection (NAP), which monitors and assesses the security 'health' of client computers when they attempt to connect to or communicate on a network. Those that do not meet proper requirements, such as having all the latest security patches installed or running anti-spyware programs and anti-virus programs based on the latest anti-virus signatures, can be restricted from accessing the network until their configuration is updated and brought into compliance with security policies. NAP provides an extra layer of protection in conjunction with similar hardware protection provided by Cisco and other network component vendors.

"NAP ensures that only healthy PCs access network resources, thus reducing the number of potential problems associated with virus outbreaks and malware, which in turn results in a more consistent uptime experience for users," says Katz, who adds that, "Although NAP is not new, there are enhancements with Windows 7 and Windows Server 2008 R2 and it runs faster."

NAP boosts an organization's client monitoring capabilities, allowing them to proactively check if their environment has any trouble spots and to pinpoint gaps in their security framework. It also provides auto-remediation for simple services, such as turning on a workstation's firewall.

In the new release of Windows Server 2008 R2, Terminal Services (TS), Microsoft's server-based computing solution, or "session virtualization" as it is often called, includes new and improved features for traditional TS scenarios, as well as providing a platform for a Virtual Desktop Infrastructure (VDI). VDI provides a centralized desktop delivery architecture that enables Windows 7 Enterprise to run and be managed on virtual machines within one centralized server. To better reflect the broader support of TS and VDI scenarios, the Terminal Services server role in WS2008 R2 has been renamed "Remote Desktop Services" (RDS).

RDS makes it possible to run an application, or an entire desktop, in one location (i.e., where the user needs to be for maximum productivity), but have it be controlled in another (i.e., centralized, where IT needs it to be for greatest control, security and manageability). With RDS, session-based desktops and applications or virtual-machine-based desktops can be installed and managed on centralized servers in the datacentre.

Key RDS benefits include:

• Accelerates and extends deployment of desktops and applications to a wide array of client devices, making organizations more agile, with work scenarios such as hot-desking and work from home;
• Helps organizations secure critical information and simplify regulatory compliance by removing applications and data from user desktops;
• Increases remote worker efficiency by simplifying remote connectivity, enabling rich applications to be accessed from a Web page and seamlessly integrated with a local desktop.

"When you run RDS with Windows 7 and Windows Server 2008 R2 deployed together, you get a seamless environment in which to access server-based applications," states Katz. "With RDS, IT can now publish application icons directly to a user's desktop in a single action, while previously, it took them a number of steps to accomplish the download of these icons."

Concluding his comments about W7 - WS2008 R2 integration, Info-Tech's Darin Stahl says, "Although we are seeing a lot of enterprise-level interest in the benefits of Windows 7, a number of key ones won't be fully realized unless organizations also migrate their server infrastructure to Windows Server 2008 R2."

Find out through Compugen's Core Infrastructure Optimization (Core IO) Assessment Service, based on the Microsoft Infrastructure Optimization Model and a Microsoft assessment survey framework. The assessment makes it easy for IT management to determine the current maturity level of their infrastructure and plot a roadmap of optimization initiatives to move them along the path toward a more secure, efficient, well-managed and dynamic core IT infrastructure. That roadmap could include migrating PC operating systems to Windows 7. Call 1-800-387-5045 or visit www.compugen.com to find out whether Windows 7 is right for your enterprise.