When Deputy Secretary of Defense Bob Work in February 2016 mandated the DoD’s conversion to Microsoft’s Windows 10, most thought conversion would begin right away. The new operating system (OS) was chosen to strengthen the DoD’s cybersecurity posture and streamline the IT operating environment.
Windows 10 offers powerful multi-tasking capabilities and the return of the user-friendly start menu, as well as Cortana integration — a digital assistant that gives users the ability to order food from a restaurant, make travel arrangements, transcribe video messages, schedule meetings, and more. The upgrade also comes with Windows Hello, which supports face and fingerprint recognition, but the game changers from a security perspective are Device Guard and Credential Guard for Windows 10 Enterprise.
With these selling points, why wouldn’t conversion occur immediately?
As with any large conversion, the machinations of government move slowly, and much of the work is just now getting underway. As the roll-out begins in earnest, here are seven points agencies must consider and plan for to ensure a successful transition.
What’s going to break?—The average home user predominantly uses the tools and applications installed on their machine out of the box — Word, Excel, various browsers, etc. Many government organizations, however, have developed custom applications that are compatible with an older version of Windows or an older browser, and some of these apps may be considered mission critical. In these cases IT organizations must ensure that critical applications will operate effectively with the new operating system before upgrading.
Federal agencies should make every effort to take inventory of all applications in use to determine the functional requirements of each — what OS or browser it requires, how much storage is needed — and it’s also a great opportunity to reassess the need for certain applications. If only a small fraction of users are using custom application X, do you really need it? Or if your organization has several applications that all accomplish the same task, consolidating and offering user training might be a way to cut costs. For those implementing upgrades, it’s important to work with customers to identify all baseline apps and test them with Win10 before they are scheduled to be migrated, to ensure compatibility or identify a workaround where needed. In some of my recent work, my teams identified three applications that rely on Oracle or Java back ends that will not have vendor support until after the customers are scheduled to be migrated. As a solution, we set them up with Citrix to remote into a Win 7 machine and run the apps from there until they can upgrade the application to be Win10 compliant.
Find the potential problem before it becomes the actual problem—Rather than just upgrading all your users at once and waiting to see who calls the Service Desk about a broken application, ask for volunteers for pilot testing. Once you get volunteers, make sure you have an accurate representation of your user base — desktop users, mobile users, power users — and your tool base. With a pilot, you can identify potentially large problems with a subset of users, allowing most your organization to carry on with the mission and, ultimately, fine tune the requirements and plans for enterprise-wide deployment. To put this in practice, you may need to perform scans to determine what software and applications are on the network and which components are using those applications. You should then develop a test plan for each component and application to make sure it is tested on a Win10 machine. Once determined, you should get customer concurrence before scheduling that component for migration. I would recommend that customers also test solutions internally before deploying to their customer community.
Plan for deployment and for rollback—There are several keys to a successful deployment:
Recognize compatibility issues and determine if, in instances where data cannot be transferred, you need to retain the data on the old OS.
Develop a schedule to include planning, testing, piloting, testing, upgrading, testing, training and — did we mention testing?
Organize your deployment phases functionally, geographically, and organizationally.
Train and survey your user base to prepare them, and improve each phase based on what went well — or not so well — in the previous phase.
Using user surveys, feedback from the service desk and feedback from weekly IPTs, evaluate the strengths and weaknesses of each phased deployment and determine methods and actions for improvement.
And remember, a plan to rollback is just as important as a plan to move forward.
Train your users—Some probably think “it’s still Windows; how hard can it be to figure out Win10?” That all depends on the prowess of your user base. Those who have already upgraded at home should be comfortable with the interface; for others, it might take some getting used to. Consider developing a few different training courses — a short, high-level course for those interested, a more detailed course, or even computer-based training, and custom courses that deal with specific application changes (e.g., application X won’t work on Win10, so we’re switching to application Y).
Be flexible with the training times and continue to offer the courses after the upgrade. Some users might not think they need the training, only to find themselves searching YouTube for “how to…on Windows 10.” Solution implementers should be prepared to offer a wide array of training from simple things like quick reference guides to computer based training videos, to formal classroom training. After all, your job is not done until the customer not only has the upgrades, but knows how to use them efficiently.
Staff and train your service desk—Staffing, training, and preparing your help desk is just as important as training your end users. Making sure you have the appropriate staffing levels to support a surge in tickets, and that all your staff are prepared to troubleshoot issues that arise because of the upgrade, are essential not only to maintaining the operational state, but also to keeping your end users from getting frustrated and losing productivity. Offer training in advance of the rollout and have your support staff make the videos and course materials for the end users. What better way to learn something new than to make the training materials yourself? To counter the surge in tickets, prepare self-help guides, video tutorials and other self-service materials that the service desk staff can share with users having problems with the upgrade. This will shorten call time and allow technicians to respond to more calls and tickets in a shorter amount of time. No matter how great your training materials, how comprehensive your pilot or how much you try to prepare your users, you should still expect an influx of service desk calls and tickets. Pilots don’t include every single user, so when you go live, don’t be surprised if a subset of users experience unforeseen problems. Like the full-scale rollback discussed above, develop a rollback plan for individual users with issues that can’t be solved quickly.
Upgrade in phases—A phased approach is a good way to reduce overall risk to your users and organization. If something goes wrong in phase one, only a portion of users are impacted. Once those initial issues are resolved, you can adjust for them in phase two. However, a phased approach takes time and can lead to disruptions in service and productivity. For example, users in phase one using Win10 may not have access to an old application that the rest of the users on Win7 are still using. The applications used by a particular user should influence when that user is migrated and which other users he or she is migrated with. It might take a while for the dust to settle. Document all the problems reported to create a knowledge base for the service desk to reference with new tickets. Don’t be surprised if an issue is reported months after the upgrade — it can take a while to realize issues with those less frequently used applications.
Budget for the expense—Organizations should budget in the short-term for the added expense of the new OS, but should also plan on cost savings in the long-term. The short-term costs include not just the licenses, but the labor hours required for the upgrade, the hours required to develop and provide training to end-users and IT staff, the time lost from normal operations due to the need to attend training, outage and downtime costs and expenses, testing and pilot costs, and any additional unforeseen expenses. That may seem like a significant total short-term cost, but with an improved security posture, the likelihood of ransomware attacks and other data breaches is significantly reduced — saving organizations the expense, headache, and damage to their reputation.
The benefits of transitioning to the Windows 10 platform far outweigh the potential drawbacks of sticking with an obsolete system like Windows 7. Win10 is more secure, more efficient, and more cost effective, as the OS is still receiving official support from the vendor. Upgrading may feel like a daunting challenge, but with proper planning, deliberate changes, and sufficient training in place, the growing pains will be minimized and your organization will soon reap the benefits of the more modern platform.
Whether your agency is investing in thick clients, a virtual desktop infrastructure or upgrading each machine individually, make a plan, discuss the challenges with your provider, and do the job right the first time, even if it does take a little longer for full conversion — it will be worth the time and effort.
Vasili Ikonomidis is the senior program manager and service desk manager at NetCentrics Corp.