Windows XP Death March: Tips, Tools and Last-Ditch Support Options
A black day for many IT pros will be coming less than a year from now when the venerable Windows XP operating system hits its end of life. Experts are cautioning against panic, but it's looking kind of grim.
After April 8, 2014, organizations and individuals still using Windows XP will be running "unsupported software." The product's lifecycle will have come to an end, and security patches will have stopped arriving. The operating system will continue to work in computing environments, but using it will expose organizations to greater security risks.
IT pros know all about the impending demise of the nearly 12-year-old OS. There have been plenty of warnings. Experts have long warned that it can take six to 18 months to move off it, and the time to move is fast running out. Research and consulting firm Gartner Inc. advised its clients to get off Windows XP this year. However, there may be a number of reasons why organizations are having difficulty. They may have applications that can't move off Windows XP, such as custom-built Web apps based on Internet Explorer 6. Many organizations may not have touched the underlying OS in a decade, and now the IT pros remaining in the organizations will have to check and see that all of the plumbing and apps will work with a new OS, with no organizational down time.
The death of Windows XP is still a major problem for organizations because it still accounts for about 39 percent of all OSes used, according to Net Applications' data. However, that number is expected to plummet markedly this year, particularly among organizations.
"Overall, we believe organizations are doing pretty well getting off Windows XP, but we are speaking with many every week that have barely started and are beginning to panic," said Michael Silver, research vice president and distinguished analyst for Gartner mobile and client platforms, in an e-mail. "We expect more than 15 percent of midsize and large enterprises will still have Windows XP running on a least 10 percent of their PCs after Microsoft support ends."
A recent survey of Redmond magazine readers found a mixed bag on OS migration progress. Survey results indicated that 95 percent have deployed Windows 7, but 76 percent still have Windows XP. There were 41 percent that had some Windows 8 deployed. The survey indicated that 20 percent have Windows Vista.
Gartner offers a compendium of steps to carry out in a Windows XP migration in a recent publication (PDF). Another research and consulting firm, Forrester Research, has similar advice and has been seeing an increase in inquiries about Windows XP migration issues over the last two months. The questions fall into a few categories, according to David K. Johnson, senior analyst for infrastructure and operations at Forrester Research.
"Some [organizations] have already attempted to migrate to Windows 7 and failed," Johnson said in a phone interview this month. "They failed because they failed to take the time to analyze their applications well enough or didn't really communicate the plan effectively across the organization and had problems. [They] didn't put enough automation in place to do it effectively either, and some are facing restarts of the migration. Those are rare, but happening. We are also seeing cases where companies are asking about extending beyond the deadline of 2014, and wanting to know what's going to happen to the Windows XP environment and what the relative risks are if they are no longer using regular security patch updates and other things from Microsoft. And our answer is obvious: it's going to definitely put your security situation at risk and we would not recommend any unpatched systems being used on the network unless they are completely isolated."
Johnson shared a little of Forrester's advice for migrations, which is a checklist of pain. IT pros need a triage approach of sorts, separating machines capable of migration to Windows 7 from those that must be replaced. Alternatively, some older PCs could be used as thin clients in virtual desktop scenarios. Batch migration is still possible before the April 8, 2014 deadline, but IT pros can expect that many machines will require manual migrations to Windows 7.
"To execute, there are two basic options for migration," Forrester advises. "It can be done in-house or outsourced to a firm such as CSC, Dell, HP, etc. -- each of which has both the skills and the tools to complete the process in the desired timeline, but the cost will be significant; likely $1,000 per workstation without the hardware costs, once application compatibility resolution is factored in."
As for using virtual desktop infrastructure (VDI) solutions as a means of addressing Windows XP migration and app compatibility issues in the near term, Johnson indicated that "it will be a viable solution in some cases." He added that "we've also been recommending app virtualization."
Microsoft has warned that the use of its own commercial-grade desktop virtualization solution, known as "Microsoft Enterprise Desktop Virtualization" or MED-V, doesn't extend the loss of security support for the expiring Windows XP. Gartner concurs with that view and advises using MED-V sparingly, indicating that it doesn't fix the underlying compatibility problems with applications.
And forget about using Windows XP Mode as a potential long-term desktop virtualization solution, too. According to a Microsoft spokesperson, support for Windows XP Mode follows the same product lifecycle as Windows XP itself, so support for it will end on April 8, 2014. Windows XP Mode is a more limited desktop virtualization solution than MED-V in any case as it lacks MED-V's centralized management controls.
Microsoft's published advice for a Windows XP to Windows 7 migrations can be found here. The advice includes a roster of tasks for IT pros to complete, including asset inventory, application analysis, application testing, application remediation and Windows 7 deployment. Some free tools are available through the Windows Automated Installation Kit, which includes the Windows User State Migration Tool (USMT). The USMT solution provides help in moving XML templates associated with data on a machine, including user settings. A guide to using USMT can be found in this Redmond article.
Microsoft's Custom Support
Other options for organizations that can't or won't move off Windows XP by its extended support end date are to either pay for Microsoft's "custom support" service or rely on third-party independent software vendor support.
Getting Microsoft's custom support requires setting up a Premier Support agreement with a Microsoft account representative. It's "an avenue of last resort" for organizations moving off Windows XP, according to a Microsoft spokesperson. The spokesperson added that third-party support won't address security issues in the Windows XP kernel.
"After April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft," a Microsoft spokesperson explained via e-mail. "Third parties may provide ongoing support, but it's important to recognize that support will not address fixes and security patches in the core Windows kernel. If an organization continues to use Windows XP and purchases Custom Support, they will receive critical security updates as new threats are discovered, along with technical support through their Premier contract. Customers are encouraged to invest in migration efforts over Custom Support, though, as the latest technologies provide the optimal chance to be and stay secure."
Microsoft's custom support also can be a bit pricey.
"Custom Support from Microsoft runs around $200 per device for the first year," Silver said. "There's a minimum charge and no ceiling -- we've seen proposals from Microsoft into the millions of dollars for the first year. For organizations that believe they are at high risk, especially in regulated industries, Custom Support may be the best way to claim compliance. Many other organizations are looking for less expensive ways to reduce surface area for attack and/or increase security."
Some organizations just won't move and will pay for custom support. However, staying on Windows XP could be a potential money pit. Analyst and consulting firm IDC has calculated that organizations can save about $701 per PC each year by moving to Windows 7, according to a report commissioned by Microsoft.
There's also another option that won't get recommended by Microsoft or by expert advisors. Some organizations may try to play chicken with Microsoft's April 8, 2014 deadline. In addition to customers working on migrations or just paying for Microsoft's custom support, some customers are indicating that they will tempt fate and do neither, according to Gary Schare, president and chief operating officer at Browsium.
"I think these customers are doing some game theory, figuring that if enough customers take the same position, Microsoft will have to capitulate and extend support beyond April 2014," Schare stated via e-mail. "Right now this group has the numbers to back their position, with 600 million Windows XP systems still in use and only a one percent drop in the last six months after five percent in the prior six months."
The decline in Windows XP use may have actually hit a stall, according to some recent stats. That's the position of a Browsium a blog post, citing Net Applications data. Windows XP use started to drop below Windows 7 use in August of last year, but that decline seems to have leveled off by March of 2013. That potential stall is "worrisome," according to Schare, a 14-year Microsoft veteran who once worked on the Internet Explorer team. Browsium offers its Ion and Catalyst products, which are designed to help organizations with browser compatibility and security issues.
So far, Schare has been seeing Windows XP migration problems at larger organizations, such as in the financial services, government and healthcare sectors. For them, the Windows XP migration issue represents a real pain point.
"In those segments, we see a lot of pain -- that is, it adds up to a lot of PCs [to migrate]," Schare said, in a phone interview. "It's really depending on what their starting point is. If they've kept their applications current, kept up with support for Oracle, for example, then they tend to do better. If customers have sort of buried their heads in the sand a bit and kept running older software, maybe trying to save money by not taking upgrades and maybe even letting their maintenance agreements expire, that's where the real pain is. And we see a lot of customers running Siebel and various Oracle suites who have just let support lapse."
In terms of application support, Schare added that most ISVs, including Microsoft, are still supporting Windows XP. Even Office 2003 is still supported by Microsoft.
"I think the rest of the industry will continue to provide support for years to come until that number gets really small," Schare said, with regard to the current 39 percent Windows XP use. However, he noted that all organizations will have to move off Windows XP. "There's no way they can sit this one out," he said.
First Steps: Taking Stock
Inventory discovery, performed with an eye toward IT asset rationalization, is the typical necessary first step for organizations planning Windows XP migrations. However, if it's not done right, organizations can trip themselves up.
One of the vendors offering tools to help with this process is Dell with its ChangeBase and other migration-support products. ChangeBase is designed to automate the application compatibility testing, remediation, packaging and virtualization phases of a migration. The ChangeBase team at Dell has been hearing what some larger organizations have been experiencing with their Windows XP migrations, and some have reported having false starts, according to Ann Maya, a senior product manager for Dell ChangeBase.
"They might have started their migration project a bit prematurely," she said, in a phone interview. "So they started immediately with assessment, without having done proper discovery. Or maybe they didn't do enough of their planning in advance to see how many applications in their estate they needed to have assessed or mediated before they could actually start their deployment."
The quantity of remediated apps is important to consider before making a move, Maya added.
"Back in the old SMS [Microsoft Systems Management Server] days, deployment teams used to quote numbers like 70 percent of the applications needed to be done before they could carry on," she said. "But now [with] application packaging -- and a lot of people are taking advantage of virtualization -- they feel that the packages can get prepped faster so that they're not requiring that rigid control of 70 percent. It might go down to 50 [percent], but I'm not getting very clear numbers on that."
Dell's Asset Manager for ChangeBase product (acquired by Dell with the acquisition of Quest Software) can be used to find a list of applications in order to rationalize them. The rationalization process sorts through multiple versions of an app when only one is required, or it can be used to weed out old apps that aren't being used. Once that rationalization process is done, the list of apps can be loaded into ChangeBase, which performs the assessment work via a "red, amber and green" color scheme. The system has autofix remediation capability for the "amber" apps that can be fixed.
"We can fix up to 95 percent of detected issues for Windows 7," Maya said. The red apps are another matter because ChangeBase has detected something in the app that won't work. It's part of the discovery process to find those red apps to gain time in the overall migration process. For those apps that won't work, Dell offers app modernization services for in-house apps, provided that the customer has the source code, Maya explained.
The whole application assessment process can take up to 18 months if done manually, according to Maya. She also warns that ISVs likely will stop supporting Windows XP about six months before the end of Windows XP's extended support.
Essentially, IT pros that haven't begun the process will be approaching Gartner's late-2013 "danger zone" milestone. That's the estimated period in which getting Windows XP migrations accomplished will likely prove problematic.
"The first step is 'don't panic!' Get all of the information you can from your real estate," Maya said. "Don't try to speculate or extrapolate. Use something like ChangeBase." She explained that ChangeBase works by tapping information from application MSI installer files.
"They're essentially just little databases," she said. "We can read every part of it that's not binary. We can pull in all of the information from those little installers and we can run our checks against all of that metadata. So what we're doing is we're not speculating. We're actually using real data to come up with whether or not we've detected issues in an application."
The automation is necessary for this process because "no one's smart enough to do that," she added.
The "Largest" Windows XP Migration
No one seems to be keeping records on the kind of massive Windows XP migrations that may be happening out there. However, data-as-a-service company BDNA claims that its tool was used to help a single company move more than 400,000 PCs.
"The largest Windows migration effort in the world, about 400,000-plus desktops, was done using our help and the data that we provided," said Mahesh Kumar, chief marketing officer at BDNA, in a phone briefing. "And the customer had a very large team of about 10 to 15 people trying to assimilate this information and figuring out what is compatible and what is not compatible."
BDNA's Technopedia tool plowed through 800 million rows of data during the discovery process and then cut it down to 14 million rows of data that was relevant and actionable, Kumar explained. The tool delivers a precise count of the apps that will need an upgrade, he added.
"In the Windows migration scenario, we were able to take the information from 450,000 desktops and process that and provide them with a complete breakdown of exactly what the PC has in compatible software…in under four to five hours," Kumar said.
The Technopedia catalog helps to check for software and hardware compatibility issues via a list of 220,000 different software titles and more than 300 hardware elements, he added. That's done through a product called Technopedia Normalize, which "normalizes the incoming data from different systems into the Technopedia taxonomy" and then mashes it up to provide a compatibility picture. The service runs from the cloud or on premises, although the cloud service gets the most frequent updates, at about 2,000 updates per day.
The critical part of the migration process is during the planning phase, which necessitates having accurate information before making the move.
"A lot of decisions have to be made, and for that you need super-accurate information," Kumar said. "Because once you're in the midst of it, it's very hard to actually turn around and reset your decisions." He added that the kinds of decisions that need to be made are "self-revealing" from the data generated by BDNA's tools.
To date, the company claims to have helped with the migration of a total of five million PCs on behalf of clients. In addition to helping with OS migrations, BDNA's tools can be used to support software audits, Kumar said.
Third-Party Migration Tools
There are a number of independent software vendor-produced tools out there to help with Windows XP to Windows 7 migrations, as well as migrations to Windows 8. Of course, Microsoft's Windows Automated Installation Kit is a free tool for the purpose, too. Vendors offering migration solutions include Dell, Laplink PCmover, SmartDeploy and Zinstall, among others.
One company specializing in desktop migrations is Laplink. Its PCmover tool is designed to help with the transfer of applications, data and settings. The company has seen more interest in PCmover during this past first quarter, according to Thomas Koll, Laplink's CEO. Most companies will have to move, but they may lack the tools and expertise, he indicated.
"It might be that not every company is moving to Windows XP because they don't fear the end of support, but I'd say a high majority will need to move off," Koll said, in a phone interview. He added that customers "are getting very concerned that if they are waiting to the last minute, there are no outside resources to help them because everybody's busy." He estimated that by the third or fourth quarter of this year, it "will be very hard to get the right expertise to staff migration projects."
Koll claims that organizations don't need expertise to use PCmover, which can be installed and run from either the desktop or server. "The expertise is in the tools," he explained. "And that is very different from some of the tools you might find on the market, especially from Microsoft, where you need XML developers, consultants and a lot of external resources," he added.
Laplink's PCmover tool doesn't perform the initial software and hardware inventory and analysis steps. The company partners with other vendors, such as Dell, to support those kinds of activities, which need to get done before the migration. However, the PCmover tool does create white lists and black lists, which can be used to mitigate the move risk for applications, Koll explained.
PCmover also can be used to move Windows XP instances into a virtual machine.
"You can run XP in a virtual machine, whether you buy that from VMware, Parallels or Microsoft," Koll said. "And I think you're probably pretty secure because that piece is not going out to the Internet."
Desktop virtualization as a means of dealing with Windows XP migration problems is still an option, according to Koll.
"People realize that running a virtual machine has limitations as well, and they'd rather want to be on the tools-supported operating system," he said. "So yes, running a virtual machine is a good idea if you have applications right now that you can't update. It's a good idea to look at VMware or Parallels to do so, and we work with them, so we will move your XP into the virtual machine and you can use our product to do that." The process also works with a Mac, he added.
Running Windows XP in a virtual machine doesn't change that fact it will eventually lose security support. However, experts seem to agree that using desktop virtualization or VDI can be effective temporary solutions when some applications can't be remediated or replaced. And while Windows 8 comes with Hyper-V for the client, the hosted OS still needs to be licensed for that machine, so there may be some expense to consider in going that route. Microsoft's descriptions about why it included Hyper-V with Windows 8 is that it's there for IT pros to use for software testing or for developers to test applications in different environments, rather than as a remedy for compatibility issues.
Microsoft also may not see its own Windows XP Mode and MED-V desktop virtualization tools as anything more than a temporary measure for Windows XP migration issues. However, other companies are quite bullish on virtualization -- VMware, for instance, which notes the Windows XP migration pain out there.
"I've talked to customers who started to migrate and then they've told me that 'It was a huge project last year when we started and then we had to roll it back.' And they just didn't plan ahead," said Betty Junod, director of desktop product marketing at VMware's End-User Computing group. "They just figured that 'Oh, we only have 5,000 endpoints or what have you, so we'll just mass-push a new image'."
Organizations with simpler computing environments have already completed their Windows XP migrations. However, other companies are still trying to figure out what to do with their applications," she said.
"Just the updating of the OS part is relatively straightforward…but when you have a bunch of applications that are natively installed, what do you do with them? Will they all work on the new OS? Can they be remediated? Can some of them be virtualized? They all say they're in progress," Junod added. "It's only a year out, but they still have a year. A lot of people are still thinking that they have enough runway to get it done."
The smaller companies typically buy all new hardware while larger companies do a mix and try to do in-place migrations. Some companies choose to virtualize and use technologies such as thin clients. VMware doesn't offer application scanning solutions for inventory and remediation purposes but it does partner with companies that do offer those solutions, Junod said.
VMware essentially offers three virtualization technologies that can be used to support migrations: the VMware Horizon Suite, Horizon Mirage, and Horizon Workspace. The suite contains application virtualization and VDI technologies, along with Horizon Mirage and Horizon Workspace. Horizon Mirage is VMware's layered VDI technology acquired from Wanova last year. Horizon Workspace is used to bring together "diverse applications, data stores, as well as mobile, into one workspace," Junod said. "Horizon View and Horizon Mirage are really the areas that help with the Windows environment and also from a migration standpoint," she added.
Horizon Mirage is currently being used by a mix of customers, according to Junod.
"For the large companies, we see a lot of Windows migration interest right now, with the impending deadline," she said. "Also, they want to have unique desktop continuity like backup and restore. For some of the smaller companies out there, they've been using this [Horizon Mirage] as way of managing their desktops holistically."
Horizon Mirage takes a scan of the current state of the system and backs it up to the datacenter. Once that's done, it takes the end-user portion -- the apps, data and settings -- and migrates it to a new machine, she explained. It works under low-bandwidth conditions and can be used by organizations with widely distributed users, she added.
Move to Windows 8?
Getting off Windows XP can be a problem for organizations big and small. Most experts advise moving to Windows 7, rather than Windows 8. Even Microsoft has given that very same advice. However, for those small or medium-size organizations willing to make the leap to Windows 8 and Office 2013, Microsoft rolled out a "Get2Modern" financial incentive program. This 15 percent discount deal is in effect just until the end of June.
"For further incentive, SMBs can take advantage of the Get2Modern campaign by upgrading their existing Windows XP Professional machines to Windows 8 Pro and Office Standard 2013 at a 15% discount through June 30," the Microsoft spokesperson explained. "(Each customer can purchase up to 100 licenses at the promotional value -- 100 licenses of Windows 8 Pro and 100 licenses of Office Standard is the maximum.)"
The Get2Modern deal is offered through Microsoft's partners and is for organizations with no more than 249 seats. Those organizations pursuing this deal need to purchase Windows 8 Pro and Office Standard 2013 together under Microsoft's Open license program to get the discount.
Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.