Microsoft Gives Windows 10 Patching and Update Advice

Microsoft wants IT pros to take a freer approach toward installing Windows updates in production environments.

If they do that, it will help them prepare for the arrival of Windows 10. That view, which may seem contraindicated in the minds of many IT pros, apparently is the new marching order stimulus coming from Redmond, based on some Ignite talks this month.

Windows 10, when it gets released as a final product, will have a faster update cycle that will include the delivery of new features along with security patches. Microsoft currently gets millions of devices worth of telemetry from its Windows consumer users each month. They typically use the Windows Update (WU) service to automatically install the latest operating system updates without testing them first. Microsoft has a WU participation rate among consumers of 96 percent.

That's all good, but Microsoft hasn't been getting the enterprise feedback it wants, explained Thierry Paquay, a member of Microsoft's Windows CXE patch team. He outlined Microsoft's new hopes for IT pros that patch Windows systems in an Ignite talk this month, called "Getting Ready for Windows 10: Servicing Windows Client and Server in a Managed Environment Today."

Microsoft's New Advice to IT Pros
Paquay explained that Microsoft would prefer it if IT pros would be more "proactive" about installing optional updates and update rollups than they have been in the past. They should also turn on telemetry reporting so that Microsoft can get the feedback it wants. This talk was aimed at organizations that currently manage Windows clients and that are considering managing Windows 10 clients when the new OS gets released.

Of Microsoft's many update types, Paquay just described four: security updates, hotfixes, optional updates and update rollups. First, organizations should deploy security updates as soon as possible, Paquay said.

Hotfixes, on the other hand, are designed to solve a particular problem. In the past, Microsoft had published information saying that hotfixes should only be deployed if an organization was experiencing the specific problem being addressed. Paquay said that Microsoft's new recommendation for installing hotfixes is that organizations should deploy them proactively. He said IT pros can do testing if they need to, but "don't wait" to deploy hotfixes.

Optional updates that come out each month also may have gotten ignored by IT pros over the years but Microsoft now wants organizations to test and deploy these optional updates proactively, too, Paquay explained. He added, "I know that's a big ask."

Update rollups, which are collections of hotfixes in a single package with a reboot, also should be deployed proactively, Paquay said.

He also talked about a so-called "convenience rollup" but never explained what it was. Based on his description, they sound a lot like update rollups, or maybe they are service packs.

Paquay's bottom-line advice to IT pros was to deploy security updates as soon as possible. Next, deploy hotfixes. IT pros should validate optional updates and then deploy them proactively. Lastly, they should update their Windows computing environment baselines with convenience updates (see chart).

[Click on image for larger view.] Figure 1. Microsoft's new patch recommendations for IT pros. Source: Ignite session.

He added that if IT pros start carrying out these tasks now, then they will be ready to do the same thing when Windows 10 arrives. However, if organizations just focus on deploying security updates, then things will be more difficult when Windows 10 arrives, he warned.

Microsoft has already changed its traditional patch approach. For instance, Paquay informed his Ignite audience that Microsoft no longer issues regular monthly Windows rollups. The last one happened in December, he said.

Paquay did not explain what the frequency of Windows 10 updates would be. However, Microsoft officials have previously suggested that Windows 10 updates would arrive when they are ready, rather than according to a set schedule. Possibly, there might be multiple updates per month.

Microsoft plans to provide more information about this update concept in a future Windows IT pro blog post that's going to arrive in coming weeks, according to Paquay. His talk is also described in this blog post by a Microsoft Premier field engineer.

Paquay's talk was an appeal of sorts to IT pros who had paid to attend Ignite, and who get paid for exercising caution and keeping systems running in organizations. The talk comes at a time when Microsoft has had notable troubles in issuing problem-free software updates. For instance, just last week, Microsoft reissued Service Pack 1 for SQL Server 2014 after a flawed initial release. The flawed patch, described as rendering SQL Server 2014 "unusable," had 270 downloads before being halted by Microsoft. Such context may make Paquay's somewhat of a hard sell among IT pros.

Another Ignite talk illustrated how Microsoft hopes to streamline the Windows 10 patch process via its new servicing models.

Windows 10 Servicing Options
A different Ignite described Microsoft's coming "service branch" options for organizations for managing Windows 10. Microsoft first started talking about this new model, which includes "long-term servicing branches" and "current branch for business servicing" approaches for managing Windows 10, back in January, but important details were lacking. The Ignite talk, "Windows as a Service: What Does It Mean for Your Business?," by Michael Beck, a partner director for Windows CXE at Microsoft, provided just a few more details.

Microsoft conceives of Windows 10 as being "Windows as a service," a phrase that's usually associated with apps accessed over the Internet. It already functions that way for consumer Windows users, according to Beck. Hundreds of millions of consumer devices get updated by Windows Update each month. Windows Update keeps those devices always up to date.

Some organizations, on the other hand, have "special systems" that maybe can't tolerate lots of change. These special systems handle so-called "mission-critical" workloads. Examples include air traffic control organizations and emergency rooms, Beck explained. These sorts of organizations might fall into a "long-term servicing branch" approach to managing Windows 10. Beck explained that a long-term servicing branch is declared by Microsoft every two to three years. Examples are service pack releases. Long-term servicing branch customers get security updates but they don't get the latest OS features.

In response to a question, Beck said that when Windows 10 arrives, it will not be possible to separate security updates from feature updates. He added that all Windows 10 updates will be "cumulative" updates.

Business users are in the middle, with workloads that aren't quite mission critical, but they're not consumers. Beck said that business users could be set up as special systems users, but it would be expensive and end users would not get the latest features. Microsoft's recommendation for business users is to "treat them as the professional they are," Beck said. And that's carried out via a Microsoft Windows 10 update plan called Windows Update for Business (WUB).

WUB apparently is plan terminology that's associated with Microsoft's "current branch for business servicing" plan. Beck said that current branch for business is equivalent in meaning to "ready for business." In response to a question, Beck said that the WUB plan will be for Windows 10 Pro and Enterprise edition customers.

WUB can have "testing rings" in which updates are rolled out to smaller groups before being broadly released. Microsoft follows that approach itself before rolling out its software for internal testing. Beck showed this slide during his talk, which shows different test rings (fast and slow) that could be arranged under the current branch for business servicing approach:

[Click on image for larger view.] Figure 2. Microsoft's internal testing, current branch (Windows Update) release and current branch for business update model. Source: Ignite session.

Essentially, Microsoft is claiming that its Windows software is tested by millions of users before being more broadly released.

The stream of WUB updates to organizations won't cause a bandwidth hit because it will have peer-to-peer delivery of Windows 10 updates, Beck contended. IT pros can set "maintenance windows" that determine when an update is taken and when reboots happen. This approach will integrate with existing tools, such as Windows Server Update Services (WSUS), System Center and third-party software tools.

About every four months, Microsoft declares a "current branch" and delivers it to market. WUB users get the "opportunity" to test and validate those features before they are declared business ready, Beck explained.

Essentially, there will be three update options for Windows 10 users: WU, WUB and special systems updates. A slide presented by Beck seems to suggest that WSUS will be the tool for special systems updates:

[Click on image for larger view.] Figure 3. Suggested use cases for Microsoft's Windows 10 update options. Source: Ignite session.

Beck talked a bit about hardware requirements. Windows 10 will have hardware requirements that have been unchanged since Windows Vista. If an app worked on Windows 7, it will work on Windows 10, Beck said. Windows 8.1 apps in the Windows Store will run fine in Windows 10, he added. Microsoft's Internet Explorer 11 enterprise investments will continue in Windows 10.

He also talked about deployment options. Windows 10 will still have a wipe-and-load option for operating system upgrades. However, Beck said that "in-place upgrades" will be viable for commercial customers. He said that in-place upgrades are the recommended approach for organizations running existing devices with Windows 7 or Windows 8/8.1.

Microsoft's advice, according to Beck, is that organizations should start profiling their end users to be part of various Windows 10 testing rings. Organizations should join the Windows Insider Program, download the Windows 10 preview and see if their line-of-business apps will work with the new OS. In response to a question, Beck said that Windows Insider testers will get upgraded automatically to the Windows 10 "release to manufacturing" (RTM) version. However, Windows Insider testers also get all subsequent Windows 10 updates, too. "You get the RTM, but it just keeps going," he said.

Possibly, Microsoft's new service-branch options will be dependent on which Windows 10 edition is deployed. Microsoft hinted at that idea when it provided very limited information about the coming Windows 10 editions earlier this week.

Speculative Talk
Veteran reporter on all things Microsoft, Mary Jo Foley, talked with unnamed sources in Microsoft's partner community that apparently have been briefed in greater detail about Microsoft's Windows 10 service-branch plans. Based on that information, Microsoft seems to have plans to provide access to different servicing branches based on the different editions of Windows 10 it will roll out.

In an article, Foley said that Windows 10 Home users will have no choice except to elect "current branch" servicing (meaning automatic delivery of updates via the Windows Update service). Windows 10 Pro users will have the option to use current branch servicing (Windows Update) or current branch for business servicing (namely, the WUB plan). Her sources speculated that current branch for business users might be able to defer feature updates for just a "set period of time," but Microsoft hasn't explained this point, if it's so.

Only the Windows 10 Enterprise edition users will have access to using the long-term servicing branch option, Foley's sources told her. They can defer feature updates, but not security updates, she added.

WSUS can be used to manage Windows 10 Pro, Enterprise and Education editions. But WSUS can't be used if an organization accepts Microsoft's free Windows 10 upgrade deal, according to Foley's sources. Those getting the free upgrade have to accept using the automatic Windows Update service, she explained, per her unnamed sources.

Possibly, what Foley described is Microsoft's plan. If so, company officials didn't bother to tell its IT pro audience those details at its Ignite conference. Windows 10 is set for release this summer, so it likely won't be long before Microsoft provides more substantial information. IT pros may or may not feel comfortable about Window Update-style patch delivery to end users, but Microsoft is already corralling their options. And possibly the free Windows 10 update offer will serve as a kind of cattle prod to steer them.

Asking business customers to put more trust in the patch process may seem like a big step. Microsoft, though, seems driven toward this approach, mostly by a need to keep pace with its mobile OS competition in the consumer space.


comments powered by Disqus

Subscribe on YouTube