Windows To Go Getting a Second Shot with Windows 10
Imation execs discuss Windows To Go portable desktops as enabled by Windows 10.
Windows 10 could be the thing that finally jumpstarts Windows To Go, Microsoft's portable desktop product.
With Windows To Go, organizations provision the corporate desktop onto a thumb drive. The end user simply plugs the thumb drive into the USB port of a PC, tablet or a Mac and then has access to the imaged work environment, even on a non-assigned device. It enables secure access for workers in the field.
Despite its potential, Windows To Go seems to have gotten off to a slow start. The product had its debut with Windows 8 back in September of 2011. In February of 2013, Microsoft announced five hardware vendors that were certified to provide Windows To Go USB thumb drives for Windows 8, including Imation, Kingston, Spyrus, Super Talent and Western Digital. Not just any thumb drive would do. The drives had to meet certain requirements, and Microsoft ran a Windows To Go certification program toward that end.
Microsoft released Windows 10 in July of 2015. Today, just three hardware vendors advertise certified Windows To Go drives with support for Windows 10. Those Windows To Go-certified vendors include Imation, Kingston and Spyrus. Possibly others will join the field.
Last month, I spoke with Imation officials about that company's Windows To Go efforts associated with Windows 10. Imation makes Windows To Go products for Windows 8/8.1 and Windows 10 which are sold by its partners as part of Imation's IronKey Workspace product line. There are five IronKey Workspace products, ranging from the entry level W200 drive to the W700 model, which has FIPS 140-2 Level 3-certified hardware encryption. The company separately sells a Workplace Provisioning Tool suite that includes scripting capabilities for organizations needing to mass-provision Windows To Go devices.
What follows is an edited Q&A from a talk with Eric Krauss, director of channel sales and business development at Imation IronKey, as well as Marina Donovan, executive director of global marketing for Imation Mobile Security.
Q: Windows To Go seemed very promising when we first heard about it, but we haven't heard much about it since. Why is that the case?
Donovan: We're just starting to see it take off and I think that the launch of Windows 10 will help to accelerate it. All customers we've talked to love the product. They love the concept. It's just that Windows 8.1 didn't take off. Now they have a new opportunity with Windows 10.
Krauss: With the "slow adoption" of Windows 8/8.1, it really didn't catch on from our perspective. Now that Windows 10 has come out, those same customers and prospects and channel partners that were excited when we first saw Windows To Go are really embracing this and moving forward.
What does Windows To Go do?
Krauss: What it does is it turns virtually any PC into an IT-managed workspace solution. It comes in at roughly one third to a quarter of the cost of a laptop. We have our W300, which has been out for a while. Microsoft wanted us to come out with a device that would allow them to load BitLocker, which is their software encryption component. Our strength is hardware encryption, that's what IronKey is known for, so we also manufacture products called the W500 and the W700. The W500 is ruggedized with a metal casing and has our hardware encryption in it. The W700 adds FIPS 140-2 Level 3 validation, as well as the ability to include CAC [Common Access Card] and PIV [Personal Identification Verification] for certain government departments. We just also recently announced a W200. It's a bit more price conscious for those smaller projects and it does not have hardware encryption but it does support the BitLocker component.
What are the use cases for Windows To Go devices?
Krauss: Certainly BYOD [bring your own device] is a use case. Users may have a preference for Macintosh environments but the business apps that the companies are providing are PC related. Instead of having to carry two laptops around, a user can plug in one of our drives provisioned with what the organization requires them to use on a day-to-day basis, and they use that. And then, on their own side, using custom apps, whether it's a CRM or online access or any of the other tools they may have, they can go and run it off a Mac. So any Apple product that's an Intel-based device is basically going to support this device. Travel and mobile workers are use cases. Creating a secure endpoint is a use case. For those who are using VDI remotely, it adds a layer of security that makes sure that when a person stops working and the device is pulled out, the VDI connection is turned off. Education is another market were seeing, everything from medical environments to lab environments. They can utilize old technology and they can very quickly refresh these devices to an original state and then push them back out. Another use case is having devices that are virtually crush proof, dust proof, waterproof, and that can be stored in a safe. Last but not least is contractor use. If you have a group of employees that are coming into a project, such as new lawyers working on a case, you can issue them one of these devices. When project is over, the device can be remote terminated.
Has licensing been somewhat of a stumbling block for Windows To Go adoption?
Krauss: So, Windows To Go is a feature of Software Assurance, and this is an option with volume licensing agreements with Microsoft. The good news is that most companies have volume licensing agreements and SA and it's easy for them to check that. The Enterprise Agreements all include Software Assurance. If the customer does not have a volume license agreement, Microsoft has other options available that can be implemented with as few as five seats. We've actually documented a lot of this.
Why does a Windows To Go device need to be certified by Microsoft?
Donovan: The reason you want it to be certified is that Microsoft has done all of the testing on hundreds of different laptops. The other great thing for enterprise customers is that, if it's Microsoft certified, then the first line of support is from Microsoft. People can do their own rogue devices, but they are not built for running enterprise workspaces. They're not going to stand the test of time like an IronKey.
What sort of security is afforded by IronKey's Windows To Go devices?
Krauss: We have our own layers of security that we put on the device itself. It looks and feels like a thumb drive but the architecture inside is very different. It's very specific to Windows To Go. A standard thumb would probably just burn up as you were trying to provision it and wouldn't really work properly. When you do boot to the IronKey Workspace device, you bypass the hard drive. So what you utilize really is the keyboard and the monitor and any of the ports that you open up, like a USB port or a print port, or Wi-Fi. And there is no access to the hard drive onboard for that laptop or desktop. So the security for that aspect is very strong. There is no shared access.
Are there complications at the boot level for end users using Windows To Go?
Krauss: When you first plug the device in you have to go through a boot sequence to make sure you're booting off the USB port as opposed to booting off the hard drive. If you are an IT person or regular user, you don't have a problem. You get it. We did realize after Windows 8/8.1 testing that some users out in the field really didn't grasp that, so we've come up with something called the Startup Assistant. It's a tool that will automatically configure the host computer to boot from the IronKey Workspace device on any startup. So this tool sets the boot order of the qualified host computer so that first boot passes from the USB drive. If the host computer is not supported by the Startup Assistant, then you will have to manually configure this.
What's the provisioning process like for Windows To Go devices?
Krauss: The provisioning process is actually much faster than it is for a laptop or a desktop. We can provision multiple devices simultaneously with our Provisioning Toolkit. It takes between 20 and 30 minutes to run though a sequence. We can do 15 or 20 different devices or larger simultaneously. It speeds up the deliverables of getting this out to customers. If organizations have customers that are still on Window 7 or on Windows XP, they can get Windows 10 for testing. Organizations can source multiple drives, provision them with Windows 10, and then issue the devices out to key employees within the organization.
How does Windows To Go work in the era of "Windows as a service"?
Krauss: When this thing is issued and pushed out, it's going to look and feel like any other endpoint to an IT manager. So if he is going to push out updates or change policies, it's going have the same effect as if he were talking to a laptop that's out there. Whatever tools he is using today to push out those new policies or changes, those same tools are used for a Windows To Go device.
What sort of partner support does Imation have with Windows To Go?
Krauss: With Windows 10, we put a lot of work in place early, making sure we understood the Microsoft channel -- who delivers the licensing, how it's delivered and making sure that we have aligned ourselves with that. If you look at Microsoft's initial LAR [Large Area Reseller] group, which does a big bulk of their licensing -- CW, SHI, Insight, PC Connection, Zones, PC Mall and so on -- we have relationships with all of them today. Several of those large VARs already have been trained and certified by Imation.