Dynamic Desktop Solutions for the Enterprise

We live in an always-on world where technology is crucial to success. End-users must be able to work productively and securely from any PC, any time—without draining IT resources. The way you manage enterprise desktops can make the difference between a thriving organization, and one that just tows the line.

If you want to transform your desktop management, subscribe to the Microsoft® Desktop Optimization Pack for Software Assurance. It delivers a dynamic, highly cost-effective IT infrastructure that gives you greater control over enterprise desktops, accelerates and simplifies administration, and makes IT highly responsive to all users, everywhere.

Microsoft Desktop Optimization Pack

Dynamic IT Infrastructure

Deploy virtualized software applications that are never installed and do not require application to application regression testing. Turn Windows applications into centrally managed services that won’t conflict with other applications and are delivered instantly to any desktop or laptop.

Advanced software inventory scanning technology analyzes all applications installed on the desktop and translates inventory data for many titles into admin-friendly information, available instantly.

Increase control over Group Policy Objects (GPOs) through better GPO change management, versioning and roll-backs, and robust role-based administration and delegation.

Proactively manage problems with applications and system components that crash or cause your live PCs to hang.

Quickly repair unbootable or locked-out systems, recover lost data, prevent future downtime, remove malware, and pinpoint the cause of PC problems.

INTRODUCTION : 1

The Microsoft Desktop Optimization Pack extends the value of Windows Vista. It lets you reduce application management costs, instantly deliver applications as services, and better control enterprise desktop environments. When combined with Windows Vista Enterprise, it delivers the Optimized Desktop—the most cost-effective and flexible means for managing Windows desktops. Subscribing to the Microsoft Desktop Optimization Pack, an additional subscription available only to Microsoft Software Assurance for Volume Licensing customers, gives you these innovative technologies:

Innovative Technologies

Enhance deployment and management of Virtual PC images on a Windows Desktop while also providing a seamless user experience on a Virtual PC environment independent of the local desktop configuration and operating system.

BENEFITS : 2

Together, the Microsoft Desktop Optimization Pack technologies change the way you manage desktops by:

Improving PC manageability and driving down TCO by eliminating time-consuming processes, centralizing desktop management, and better managing software assets.

Quickly deploying and benefiting from the latest Microsoft software applications.

Improving end-user uptime by ensuring that productivity impact is reduced during deployments, upgrades or patching, and minimize downtime from PC problems.

Reducing IT burden by enabling end-users to automatically get approved applications and the newest software versions without local desktop intervention, and by quickly monitoring, diagnosing, fixing and preventing PC problems.

Accelerating OS migrations by minimizing application-to-OS compatibility issues and regression testing.

Effectively managing software asset inventory to ensure compliance and optimize IT budgets.

Enhancing desktop control and stability through centralized control of application permissions and simple change management and rollback of Group Policy.

Transforming static environments into a dynamic, services-oriented infrastructure that more easily accommodates future changes.

Ü

Ü

Ü

Ü

Ü

Ü

Ü

Benefits and Results

Ü

Case Studies

CASE STUDIES : 3

CASE STUDIES : 4

Forsyth County, North Carolina Microsoft Advanced Group Policy Management

“Advanced Group Policy Management has been like a magic bullet for us. Its automated change management and work-flow-enabled delegation capabilities are impressive. I wouldn’t be able to manage GPOs without it.”

MIChAEL WILCOx MIS CLIENT SERVICES SUPERVISOR, FORSyTh

The Challenges:

In Forsyth County’s IT department, which supports approxi-mately 1,400 users and 1,650 PCs and laptops, PCs and serv-ers are managed by two separate divisions. Wilcox’s group handles PCs. They needed Group Policy, however the tools to do so were managed by the server group. Because the server and PC groups share a single domain, granting Wil-cox’s team the permissions needed to manage GPs would mean that any changes the PC team made could affect the servers as well. Also, because Wilcox’s team couldn’t change configurations on the fly, they only made systemic changes when it was time for PC replacements. In extreme situations, they would have to spend time re-imaging entire groups of PCs to get them configured correctly. Finally, Wilcox’s team had resorted to pushing out changes, such as registry settings, by using scripts.

The Solution:

Wilcox needed to manage PC configurations with Group Pol-icy, but without the necessary Active Directory permissions they were unable to create or edit GPOs. Then he learned about Microsoft Advanced Group Policy Management. “It’s amazing. Managing our desktop configurations is so much easier. We’d be floundering without it,” Wilcox said.

The Results:

• Easily and safely build Group Policy Objects: Wilcox’s team can now easily build GPOs, optimize and test them by linking them to a test organizational unit (OU), and then send them to the server group for linking to production OUs. Forsyth no longer has to wait for PCs to be replaced or implement wide-scale changes manually in order to manage PC settings; they can roll-out changes as needed with Group Policy.

• Simplify delegations and permissions: With Microsoft Advanced Group Policy Management’s workflow-enabled review process and offline editing features, Wilcox’s team can develop and manage PC group policies while being assured that deployed GPs will not negatively impact pro-duction PCs or Forsyth’s server team’s environment.

• Streamline change management: Microsoft Advanced Group Policy Management provides automated, self-doc-umenting capabilities, so Forsyth admins don’t have to document any changes to group policies themselves. “The change management capabilities are compelling. By not having to change information in two places and put pro-cesses in place to keep the information synched, we elimi-nate a lot of time-consuming tasks. Knowing that we can always trace a GPO back to its beginning is a great benefit,” Wilcox noted.

GPOs Easily and safely built

The Forsyth team can now easily build GPOs, optimize and

test them before deployment.

Expedia Inc.Microsoft Asset Inventory Service

“This technology enables Expedia to quickly and efficiently discover software installations in all remote, mobile, and corporate locations, as well as provide a facility to compare these findings with our license entitlement information from an Independent Software Vendor. The rapid set up time, ease of use, and effectiveness positioned us to recover our invest-ment eight times within 90 days of initiating the deployment.”

TERRy BLAKE DIRECTOR OF IT PROCUREMENT, ExPEDIA

The Challenges:

Expedia Inc., the parent company of Expedia.com online travel company and more than a dozen other online services and companies, is challenged with managing software assets on the company’s 5,700 desktops and other PCs. It was extremely difficult to get an accurate handle on what software resides on which workstations.

The Solution:

To help Expedia reduce its IT management and support headaches, as well as gain insight into the software on the company’s client devices, they turned to Microsoft Asset Inventory Service. Microsoft Asset Inventory Service sends a single “pulse” across a company’s IT network to identify all installed software by name, ISV, family and category. The tool reconciles the data against a knowledge base of many software titles. This information is then used to decipher the data and create detailed, browser-based reports for Expedia that provide views by organization, individual workstations or employees.

The Results:

Discovering rogue software: Expedia found that 25 percent of the software on its employee workstations and other PCs wasn’t supposed to be there. This included software down-loaded by employees without the IT staff’s permission. Many of these rogue programs performed the same tasks as ap-plications the company already licensed and supported. In addition to increasing the strain on the company’s servers, these applications create compatibility problems and expose the company to potential legal risks if they aren’t properly licensed. “For the first time, we had solid proof. Before we just had to guess,” Blake said. Now, Expedia can take the neces-sary steps to control what software resides on its employees’ computers.

Financial savings: Expedia’s first inventory recouped the cost of the Microsoft service eight times over. The company had thought it was running many more versions of a vendor’s software than it actually was. “If you don’t perform accurate inventories, you are either spending money on software you aren’t using or don’t possess—or you are increasing your unfunded liabilities,” according to Blake.

8 Investment

recovery

Expedia recovered its investment eight times over within just 90 days

of initiating the deployment.

CASE STUDIES : 5

Swedish Medical Center Microsoft Application Virtualization

“Application Virtualization resulted in huge benefits right off the bat, including the ease and speed of deploying applica-tions, true roaming experiences, and the ability to easily swap out desktops. It’s been a fantastic solution for us.”

MIKE CRISS MANAGER OF INFRASTRUCTURE ENGINEERING, SMC

The Challenges:

Swedish Medical Center’s IT department supports more than 500 applications on 4,500 desktop and laptop PCs and 150 thin terminals. Its clinicians and administrative staff are spread across multiple hospital campuses and clinics. Deploy-ing and supporting applications for users who need to work from many different locations was incredibly challenging:

• Time-consuming deployments: It typically took Swedish weeks, if not months, to deploy applications. Applications were deployed in one of two ways: 1) Enterprise applica-tions were delivered using Novell Zenworks. “These things exploded into incredibly long engagements just to deploy a single application,” said Mike Criss, manager of infrastructure engineering for Swedish. “Before rolling out an application, we’d do some testing and then wait until it went into pro-duction to see what broke. It was a brutal way to test. It wasn’t uncommon for new deployments and the resulting conflicts to shut down functionality, such as key features in Word or Excel macros.” 2) For applications that were only going to be used by a small group of people, IT would send a staffer to install them on-site on each desktop because packaging for Zenworks would have taken too long. This resulted in many manhours spent in the field, diverting re-sources that could have been used more strategically.

• Limited patching and updates: Although Swedish wanted to deploy patches and updates on a continual basis, they didn’t because “doing so was so painful,” according to Criss. Rather than deploy point releases, for instance, Swedish would wait for the full upgrade of the next major version of an application before initiating deployment processes.

• Constrained access for roaming users: Swedish has mul-tiple campuses and many applications were localized on servers for each campus. As a result, when users went to another campus, their applications wouldn’t be available. “We had a broken environment for roaming users. It was a common complaint,” Criss noted.

The Solution:

To upgrade its environment, Swedish worked with Kennedy Consulting, who developed a strategic plan for improving their overall efficiency and effectiveness. With Kennedy’s as-sistance, Swedish decided to migrate from Novell Netware and the older versions of Windows OS to Windows xP SP2 and Microsoft SMS for patching, upgrades and other func-tions. Swedish knew that migrating 400+ applications to xP would be incredibly resource-intensive because of all the re-gression testing they would have to do. They considered outsourcing the migration and got a bid for $500,000 for this one-time project. Swedish would then have to spend even more resources anytime they wanted to roll out a new appli-cation following the migration.

During the planning process, Criss and his team came across articles about Microsoft Application Virtualization. They thought it might solve their anytime/anywhere roaming and regression testing issues. Criss noted, “We worked with Ken-nedy Consulting to do a proof-of-concept with four of our toughest applications—McKesson STAR, ESI, IDx Lastword and Kronos timekeeping—and Microsoft Application Virtualization worked exactly as promised.” Also important, it eliminated the need for the expensive outsourcing of regression testing.

The Results:

Microsoft Application Virtualization has transformed the way Swedish manages applications and supports its diverse user base:

CASE STUDIES : 6

• Fast deployments and continual updates: Microsoft Ap-plication Virtualization, which Swedish used to virtualize approximately 500 applications, eliminates the need for extensive compatibility testing, enables applications to be assigned centrally through Active Directory, and automati-cally provides the newest version of authorized applications every time a user logs onto a PC. Now, instead of taking several months to deploy an application enterprise-wide, it takes less than three days: “One day for sequencing, one day for testing, and then we just turn on the AD group and let it go. It’s truly that fast,” according to Criss. “We go from packaging to virtually instant roll-out.” In addition, where-as in the past Swedish wouldn’t roll-out updates or patches on a regular basis, now IT handles about five deployments every week. “We’re so much more agile and flexible with our roll-outs and upgrades.” Swedish also doesn’t have to send IT staff on-site to install applications for smaller groups. Everything is handled centrally.

• Anywhere access for roaming users: Because Microsoft Application Virtualization follows the user, not the ma-chine, nurses, physicians and staff can now roam from campus to campus and access their applications without worry. “We interviewed users after the deployment to ask whether their experience had changed. They consistently cited the ability to get their desktops no matter where they were working. They had no idea what we did to fix it, but were very happy with the results,” Criss said.

• Accurate application licensing and tracking: With Mi-crosoft Application Virtualization, Swedish knows every version of software that’s deployed on its clients and ex-actly how people are using each one. As a result, Swedish ended up eliminating a few applications because nobody was using them. With other applications, they adjusted the licensing to reflect actual use. For instance, Swedish had 150 licenses for a clinical application but found out through Microsoft Application Virtualization that only 25 people used it concurrently. Not only did they save money on the license reduction, they saved on ongoing mainte-nance fees as well.

• Instant desktop replacement: Prior to using Microsoft Application Virtualization, Swedish IT had 20 images that they had to support and manage. They have since trimmed that to just three images. Now when a desktop must be replaced, IT sends it out with a base image and when the user logs onto the network he automatically gets all his applications. Before, it often took 3-8 hours, if not days, to get a desktop up and running, and it wasn’t even always fully functional. “With Microsoft Application Virtualization, desktops become agnostic devices that, when attached to the network, get everything the user needs instantly,” Criss explained.

• Cost savings: In addition to saving the $500,000 that Swedish would have spent on outsourcing the xP migra-tion, Microsoft Application Virtualization helps save money on licensing and on personnel-related tasks such as test-ing, deployment and associated helpdesk support. In all, Swedish saved more than $1 million in the first year alone.

• Improved Citrix management: Microsoft Application Vir-tualization has enabled Swedish to reduce the headache associated with managing silos on its Citrix server farm and has given them more flexibility in the way they manage terminal services. Whereas in the past they could only run a few applications on a single Citrix server, today they can run any of the 500 Microsoft Application Virtualization-based applications. “If an application works on xP it will work on Win2003 via Citrix. There are no conflicts, and we don’t have to silo the way we did in the past,” Criss noted.

CASE STUDIES : 7

Swedish Medical Center saved $1 million-plus in deployment and support-

related activities, and cut deployment time from 2-3 months to 3 days.

1 Million -plus

savings

The Technologies

Transform applications into virtualized services that are available instantly, anywhere

Today’s business desktop is awash in applications. Each in-stalled application requires lengthy application to application regression testing and deployment processes before it reach-es production. Because applications are only available where they are installed, users are tied to their computers. All of this makes complex yet critical business projects such as OS and application migrations, security refreshes, and disaster recov-ery plans even harder to complete.

Microsoft Application Virtualization changes that. It renders the many time-consuming steps that drain resources obso-lete. With Application Virtualization, desktop administration is a simpler, automated process for deploying, patching, up-dating, and terminating applications. And it requires much fewer IT resources than you’ve ever had to use.

Microsoft Application Virtualization works by transforming applications into virtualized, network-available services that are never installed, which minimizes conflict and costly ap-plication to application compatibility testing. your users and their application environments are no longer machine-specif-ic. The machines themselves are no longer user-specific. All of this helps you be much more flexible and responsive to busi-ness needs, while slashing the cost of PC management.

Application Virtualization: Advantages

Minimize application conflicts and regression testingBy reducing the requirement to install applications on desk-tops or terminal services, and shielding the OS and applications from changes created when applications are installed, Micro-soft Application Virtualization minimizes problems that hinder application deployments. This also reduces lengthy applica-tion to application regression testing. Now applications that would traditionally conflict with each other can easily co-exist on a single desktop or Terminal Services session.

TEChNOLOGIES : 9

Simplify OS migrations and patchingTurn time-consuming, tedious migration and patching projects into largely automated, conflict-free processes. Most applica-tions do not have to be repackaged for OS migrations, and this eliminates regression testing. Not only does Microsoft Applica-tion Virtualization accelerate migration to Windows Vista®, it sets the foundation for easier future operating system migra-tions as well.

Build business continuity for applicationsReplicate your virtualized applications like any other en-terprise data to maintain a rapid failover plan for your applications, significantly cutting end-user downtime. If you configure Application Virtualization user profiles to persist on the network, all user-specific virtual application preferences can also easily be replicated to a back-up site.

Application Virtualization: Components

Application virtualizationMicrosoft Application Virtualization’s patented ability to vir-tualize applications—without changing source code—means applications can execute without installation, with appropri-ate levels of operating system and inter-virtual application interaction, while minimizing conflicts, or changes to the host computer. Microsoft Application Virtualization decouples ap-plications from the OS and enables them to run as network services. This simplifies image management of the desktop and reduces degradation of the host operating system or other applications.

Dynamic streaming deliveryRather than “pushing” down and installing entire applications, the first time an application is requested, the client rapidly “pulls” only the code necessary to start the program from a central server—typically 20–40% of the total code. When the session terminates, application settings and profiles are saved in a non-volatile cache, providing instant access for subsequent use. The cached code enables applications to run locally with full functionality, even without a network connection.

Flexible, centrally managed deployment options Customers have a number of choices to deliver virtualized applications including a scalable management and deliv-ery infrastructure that comes with the platform. Application management tasks—including mobile, branch office, and disconnected users—are more easily administered. Active Di-rectory® services integration reduces application assignment and change management to a few clicks. Streaming delivery may also be integrated with existing SMS, SCCM or third par-ty electronic software distribution systems. These capabilities are further extended to rarely connected, remote field users using the MSI based standalone deployment option.

Application Virtualization: Customer Impact

Customers have lowered application management costs by reducing—and sometimes eliminating—many of the tradi-tional steps needed to deploy and maintain applications. Customers have also been able to cut help desk costs by up to 30% by reducing call volume for application-related prob-lems, and reduce downtime by up to 80% by ensuring business continuity of applications.

TEChNOLOGIES : 10

TEChNOLOGIES : 11

Translating software inventory into business intelligence

Getting an accurate, real-time handle on all the software installed on enterprise desktops is incredibly difficult. Yet, doing so is critical for everything from license compliance and policy management to migration and true-up planning.

Microsoft Asset Inventory Service changes this multi-faceted, time-consuming endeavor into a streamlined, manageable task. It delivers an intelligent and comprehensive view of your enterprise’s desktop software environment through advanced software inventory scanning and by translating inventory data into useful, actionable information.

Asset Inventory Service: Advantages

• Effectively manage your software asset inventory to ensure compliance and optimize IT budgets.

• Identify unapproved applications and installations.• Analyze usage to forecast organizational needs.• Enhance productivity in your IT infrastructure and staff.

Asset Inventory Service: Components

Advanced inventory scanningGather data on all of your software assets in a single “pulse” that takes just seconds per system—and is transparent to your users. It identifies all installed software by name, ISV, family, and category. It efficiently scans systems for software through Add/Remove Programs, chases referral links, PIDs, MSI history, and much more. The agent that enables all of this has a small footprint on the client. To minimize the impact on bandwidth, scanning is automatically randomized—at inter-vals you can adjust—so that clients run at different times.

Comprehensive inventory reportsWe help you make sense of your data. The inventory data is reconciled against the Microsoft Asset Inventory Service

Application Knowledgebase with many titles representing the vast majority of commercially available software (i.e., purchased version of Adobe Reader vs. Free Adobe Reader), to produce meaningful application information. This infor-mation can be transformed into actionable, browser-based reports that you can securely view online, anytime. you can see reports from an organization-wide perspective or drill down to view individual workstations/users. Software license managementBy getting the most complete view of the software installed on your PCs, you can ensure that licenses you’ve paid for have been deployed and are being used—and that all software within your enterprise is compliant with your license agree-ments. you can even compare software licenses discovered within your enterprise with tables of software purchased. Microsoft Asset Inventory Service analyzes how you have deployed your Microsoft volume license agreements to help you manage true-ups, renewals, and license reallocation.

Easily administered serviceMicrosoft Asset Inventory Service was designed for your ease of use. As a service, which can be enabled in just a few hours, inventory data is securely hosted by Microsoft, so there are no servers for you to maintain.

Security and privacyMicrosoft ensures that the data gathered in this hosted ser-vice is secure and remains confidential to your organization. In addition to equipping our data center redundant systems, we protect web sessions with secure socket layer (SSL), use Windows Live ID to authenticate users, and secure data trans-fer via Indigo-based protocols.

Asset Inventory Service: Customer Impact

Microsoft Asset Inventory Service reduces application man-agement lifecycle TCO through advanced software inventory scanning and inventory tracking.

TEChNOLOGIES : 12

Increase end-user productivity while lowering the total cost of Windows client ownership

One of the most severe, and difficult to resolve, desktop problems is when an operating system or application stops responding. End-users typically deal with this by rebooting their systems. They rarely tell IT about the problem. Because of this, IT has limited visibility into these issues and, as a result, no way to proactively resolve them.

Microsoft System Center Desktop Error Monitoring helps IT proactively manage these problems. It is an enterprise-ready, scalable, and low-cost deployment solution for granular error filtering and alerting. Through agentless crash monitoring technology, it identifies the impact, probable cause and reso-lution for failures—making desktops more stable and reliable.

System Center Desktop Error Monitoring: Advantages

Enhances IT help desk effectiveness, reducing cost of Windows ownership:• Identifies the highest-occurring crashes.• Reduces resolution time via crash details and responses.• Assists in triaging patch deployments and updates.• Provides metric for monitoring post-deployment effects.

Improves desktop stability, increasing end-user productivity and satisfaction:• Reduces downtime throughout organization.• Reactive: real-time awareness of critical errors.• Proactive: address errors in pre-production.• Enables IT-controlled custom error responses to end-users.

System Center Desktop Error Monitoring: Components

Microsoft System Center Desktop Error Monitoring makes it easy to collect, aggregate, report, and manage application and operating system failures that cause PCs to crash.

Easy, fast deploymentThe core technology needed for Desktop Error Monitoring—called Windows Error Reporting—is already on Windows

desktops. Windows Error Reporting causes the pop-up that appears on clients when applications hang, asking users if they want to send an error report about the problem to Microsoft. Desktop Error Monitoring leverages this technology to capture and forward errors without your IT department ever having to deploy an agent to the client. Using Group Policy, an administrator can redirect these sources to a central server in your department. If desired, you can also configure the system so that your server passes crash data on to Micro-soft’s Error Reporting servers, to help Microsoft learn from and prevent these types of problems from occurring. Rich SQL databaseAll client crash and hang data that is redirected to your IT department’s server is stored in a relational SQL database. Robust SQL reporting enables you to gather and analyze data in actionable, IT-ready form for internal and custom client applications. Troubleshooting/Resolution KnowledgebaseUse Microsoft and third-party solutions to resolve issues that cause clients and applications to fail. System Center Desktop Error Monitoring can automatically download the latest trou-bleshooting and resolution knowledge about Microsoft and third-party software from Microsoft. This feature can help you manage, or even avoid, these types of problems. Customers can collect additional diagnostic information from the Windows desktop to help them with quicker resolution of problems by configuring custom diagnostic data collection rules.

Customers using Microsoft System Center Desktop Error Monitoring have the option of upgrading to System Center Operations Manager 2007. Doing so adds collective and busi-ness-critical monitoring capabilities to the agentless crash monitoring solution, enabling complete application, desktop, and server application monitoring.

System Center Desktop Error Monitoring: Customer Impact

By enhancing IT effectiveness and improving desktop stability, System Center Desktop Error Monitoring reduces the cost of Windows desktop ownership.

Powerful tools that accelerate desktop repair

Protecting corporate and employee data is one of IT’s most important, and daunting, functions. While many IT depart-ments proactively back up network data, they tend to be reactive in planning for desktop system failures. Unfortu-nately, not having an effective diagnostics and recovery plan in place can be devastating.

Microsoft Diagnostics and Recovery Toolset can save signifi-cant time and reduce the headaches associated with repairing and troubleshooting common system failures. System admin-istrators may now run powerful recovery tools on unbootable systems, and can quickly restore failed systems in much less time than is required when restoring PCs from backup or re-installing operating systems. This also helps keep the users’ states and personalizations intact. IT managers can ensure they will recover failed systems whenever the need arises, and end users will realize faster, more accurate resolutions with minimized downtime.

Diagnostics and Recovery Toolset: Advantages

Rapid recoveryThe suite of tools provides many options for recovery, rather than simply subjecting IT to “reinstall Windows,” even when Windows Safe Mode or normal boot will not function. An easy-to-use, offline boot environment allows rapid recovery of a problem computer, including recovery of deleted files, and manipulation of services, devices, local passwords, auto-matically started software, and more.

Robust anti-malware Diagnostics and Recovery Toolset provides a comprehensive on-demand antivirus and antispyware scanning capability. Recover an infected machine back to full health by utiliz-ing Standalone System Sweeper, an offline malware removal tool that provides comprehensive on-demand antivirus and antispyware scanning capability that is especially effective at removing malware that tries to avoid detection by utiliz-ing rootkits. By scanning the infected OS while it is inactive, Standalone System Sweeper ensures that malware is not loaded into the computer’s memory and, therefore, cannot remain hidden.

Flexible recovery options The boot time GUI environment presents multiple tools for IT professionals to use in diagnosing system issues. These tools can perform offline or online repair of the problem(s) that may be causing a system to behave incorrectly.

Unique toolsUsing a bootable diagnostic environment with a Windows Explorer-like GUI, the toolset enables disk partitions to be re-paired or regenerated, hard disk drives to be securely wiped, local account passwords recovered, and much more.

Cost savingsThe tools also reduce IT personnel costs through the use of a unified tool suite. They reduce downtime as the flexibility of the toolset results in systems returning to normal function in a shorter amount of time.

Diagnostics and Recovery Toolset: Components

The Diagnostics and Recovery Toolset 5.0 supports Microsoft Windows 2000, xP, and Windows Server 2003. The 6.0 ver-sion will support Windows Vista (32 and 64-bit) and Windows Server 2008 (32 and 64 bit). The Standalone System Sweeper feature of DaRT 6.0 will also support Windows xP.

At the heart of both versions is ERD Commander, which en-ables you to boot into a Windows Recovery Environment on a down PC while working offline. ERD Commander contains these powerful tools:

Diagnostics and Recovery Toolset: Customer Impact

The toolset improves continuity and productivity for end- users, and significantly reduces costly downtime.

Admin Tools System Tools Network Tools

Service & Driver Manager unbootable system

Disk Wipe Map Network Drive

Event Log Hotfix Uninstall File Sharing

System Info Locksmith

Disk Management FileRestore

Search Crash Analyze

Computer Management Disk Commander

Bitlocker unlock support Anti-malware (Stand-alone System Sweeper)

Autorun / startup Extended Diagnostics • Windows Complete PC

Restore • Windows Memory

Diagnostics ToolSystem Boot File Repair

Read from USB drives

TEChNOLOGIES : 14

Enhance Group Policy through change management

Changes to Group Policy can affect every user and computer on your network. however, without a change control system, changes are made against live Group Policy Objects (GPOs) and start affecting computers even before they can be tested. If changes have an unexpected adverse impact, there is no way to quickly revert them to a known good state. Although Group Policy provides a granular delegation model, the edi-tor role has full permissions to deploy changes to the live environment, and must do so to edit settings. With the pos-sibility of multiple editors per GPO, there is no way to detect who has made what changes, or to accept or reject changes before they are put into effect.

Microsoft Advanced Group Policy Management makes it easy for you to manage Group Policy enterprise-wide. Through added change management of GPOs and role-based delega-tion, you can more easily control the desktop and ensure less downtime from conflicting or improperly configured GPOs.

Advanced Group Policy Management: Advantages

• Granular administrative control through robust delegation, role-based administration, and change request approval.

• Reduced risk of widespread failures through offline GPO editing, difference reporting, audit logging, deleted GPO recovery, and live GPO repair.

• Effective Group Policy change management through the creation of template libraries, subscription-based policy change notifications, version tracking, history capture, and rollback or deployed changes.

Advanced Group Policy Management: Components

Change controlMicrosoft Advanced Group Policy Management provides a secure archive for controlling changes to GPOs. To change a GPO, an administrator “checks out” the GPO from the vault. When changes are complete, the GPO is “checked in” to the vault. Differences between archived versions and live versions are reviewed using Group Policy Management Console (GPMC)-style reports. When a GPO is ready for deployment, it can be transferred to the live environment. At any time, one or more live GPOs can be “rolled back” to an archived version.

Offline editingGroup Policy is the centerpiece of security and configuration management on Active Directory-based networks and, as such, configuration changes can affect a large number of computers. Offline editing enables you to configure and test changes without impacting live operations, and to deploy those changes with the knowledge that they can be quickly reverted if there are unexpected consequences.

Role-based delegationMicrosoft Advanced Group Policy Management provides an optional workflow process that includes role-based delega-tion, review, and approval before deployment to a live environment. At the same time, it preserves the granular del-egation inherent in native Group Policy.

GPMC integrationGroup Policy Management Console (GPMC) is the central management interface for Group Policy. Advanced Group Pol-icy Management provides smooth integration within GPMC.

Advanced Group Policy Management: Customer Impact

Advanced Group Policy Management increases GPO control and reduces downtime previously associated with conflicting and improperly configured GPOs, facilitating lower total cost of ownership.

TEChNOLOGIES : 15

Dramatically simplifying deployment and management of Virtual PCs

IT is challenged with meeting a series of seemingly opposing desktop needs: increasing IT control over laptops while provid-ing users with greater flexibility; migrating to the latest OS while still supporting legacy applications that run on older OS ver-sions; giving users multiple desktop options without needing to train them on new technologies.

Microsoft Enterprise Desktop Virtualization can help you meet all of these needs, while simplifying desktop deployments and management, and enhancing user productivity. It transforms operating systems into centrally-managed services that are available whenever and wherever needed. Microsoft Enterprise Desktop Virtualization enables applications to run in a seamless UI on a Virtual PC environment independent of the local desktop configuration and operating system, and enhances deployment and management of Virtual PC images on any device.

Enterprise Desktop Virtualization: Advantages

• Easily deploy managed Virtual PCs to any desktop device, even in less controlled environments such as subsidiaries, branch offices, and offshore operations.

• Drive business continuity by rapid reconstitution of corporate desktops.

• Accelerate OS migrations by minimizing application-to-OS compatibility issues.

• Eliminate historic trade off between IT control and user flex-ibility by applying policies in locked down corporate Virtual PCs, while allowing users to run personal applications on their desktops and laptops.

• Speed user adoption of desktop virtualization by making Vir-tual PCs “invisible” to users.

• Reduce IT investment in desktop image management by delivering virtual images independent of hardware or local desktop configuration.

Enterprise Desktop Virtualization: Features

Control access to virtual PCs• Require users to authenticate using valid Active Directory

account prior to accessing the virtual desktop.

• Apply corporate policies and usage permissions to Virtual PCs, centrally enforced per user/group.

• Centrally manage corporate data residing on the Virtual PC by granting permissions for inbound/outbound copy-paste and file transfers, and blocking Virtual PC access to physical devices such as USBs and CDs.

Increase helpdesk effectiveness• Ease IT support and troubleshooting for Virtual PCs on desk-

tops by centrally monitoring client activity, and remotely watching for malfunctions and errors.

• Revert Virtual PCs back to base image for immediate resolu-tion of severe desktop malfunctions.

Quickly integrate new technology• Minimize training for deploying virtual PCs by making vir-

tualization “invisible” for end-users. Users can launch virtual applications from Start Menu or shortcuts, appearing side-by-side with native desktop applications. Administrators can define Web sites, (i.e., corporate intranet) to automatically launch with a virtual browser.

• Simplify deployment of Virtual PCs across diverse desktop setups by adjusting the amount of RAM allocated for the Vir-tual PC according to available RAM on the endpoint.

Simplify virtual desktop management• Enterprise desktops are packaged in a Virtual PC and delivered

on a DVD, USB key, or over the Web.• Virtual images are retrieved by the client using a standard web

infrastructure. This automated process keeps users updated with the most recent corporate build without interrupting users.

• De-duplication technology speeds downloads of initial and up-dated Virtual PC images over LAN or WAN.

• Centralize virtual PC image management in a single repository.• Automate common, time-consuming IT tasks for deploying or

rebuilding PCs.

Enable a Dynamic Enterprise• Accelerate OS Deployments. Provision virtual OS environ-

ments on demand to end-users according to user role, affiliation, or business needs.

• Run corporate Virtual PC images in heterogeneous desktop environments.

• Easily replace hardware, assign new computers, and assign new users to existing computers.

Enterprise Desktop Virtualization: Customer Impact

Lower desktop deployment, management, and change costs by adopting desktop virtualization, and reduce many of the steps need-ed to incorporate virtual desktops in an enterprise environment.

Extending the Value of Windows Vista

Microsoft offers a range of technologies that help extend the value of Windows Vista Enterprise and Software Assurance. Organizations that are considering the Microsoft Desktop Optimization Pack should also evaluate Windows Vista Enter-prise and Windows Vista Enterprise Centralized Desktop.

Windows Vista Enterprise

Windows Vista Enterprise is a premium desktop operating sys-tem available to Software Assurance customers. It is designed to meet critical challenges facing medium-sized and large organizations, from protecting sensitive data and improving legacy application compatibility, to simplifying IT deployment and management, and supporting mobile workforces. When combined with the Microsoft Desktop Optimization Pack, it delivers the Optimized Desktop—the most cost-effective and flexible means for managing Windows desktops.

Windows Vista Enterprise includes:

• Windows BitLocker™ Drive Encryption: Locks out unau-thorized users, keeping them from accessing sensitive data and intellectual property. Real-time encryption and de-cryption of all data stored on the hard drive reduces the risk associated with lost or stolen PCs, and reduces costs incurred by stolen data on recycled or refurbished old PCs.

• Diskless PCs and Remote Boot: Enables centralized man-agement of the operating system. Booting is handled centrally; the OS is stored in an image file on the server but is delivered on-demand at boot time and executes locally. This provides the ability to instantly upgrade or roll back the version of Windows on a system, which makes it par-ticularly useful during OS migrations.

• Four Virtual Operating Systems: Gives Software Assur-ance customers the rights to four additional copies of the OS, enabling them to leverage up to four VMs in Virtual PC. This simplifies many functions, including running help desks, conducting training classes, and performing soft-ware application testing.

• Subsystem for UNIX-Based Applications: Provides platform services for UNIx-based applications, simplifying integra-tion between Windows and UNIx/Linux environments.

• Multi-lingual User Interface (MUI): Enhances support for global workforces by enabling you to configure a single worldwide image by including any user interface language your global business operations may need. With multiple language configurations on their desktops, Windows Vista Enterprise end users can toggle between languages.

Windows Vista Enterprise Centralized Desktop (VECD)

VECD enables enterprise early adopter customers to deploy Windows Vista Enterprise on centralized desktops. It lets you run Windows Vista in VMs using the same base image that is already deployed on the desktop. Equally important, VECD isolates users from each other through VMs, making it easier to enable scenarios such as outsourced development.

VECD can be deployed for PCs and/or thin clients in static or dynamic modes. PC licenses require an annual VECD sub-scription purchase in addition to SA. The annual subscription license for thin clients has SA built in.

• Static Mode: Each user has his/her own dedicated VM on the server that essentially houses the user’s hard drive that is executed on the server. This results in a one-to-one mapping of VMs to users.

• Dynamic Mode: Instead of having to manage many dedi-cated images, you support one image that is automatically replicated as needed for users. This makes it easier to manage the VMs and dynamically provision your desktop environments, and helps reduce maintenance and support costs. VECD dynamic mode works by having a master VM image on the SAN or NAS along with application images and individual user settings using Microsoft Application Virtualization, available with MDOP. When a user calls for a VM, the master OS image is replicated and executed on the server.

The Optimized Desktop—

Q: Why did Microsoft release the Desktop Optimization Pack for Software Assurance?

A: We wanted to make it easier for you to manage your deploy-ments. We polled many customers to better understand the key enterprise pain points associated with a successful deployment and they described challenges around application and OS com-patibility, desktop manageability, help desk costs and software asset management. To mitigate these problems, we pulled togeth-er best-of-breed technologies that enable you to optimize your deployment. This offering ensures that customers are ready to ac-celerate deployment of Microsoft Office and Windows Vista. This enables Microsoft to continue to deliver on our commitment to our customers that Software Assurance will provide the most cost-effective and flexible means of managing the Windows desktop.

Q: What is the price of Microsoft Desktop Optimization Pack for Software Assurance?

A: Microsoft offers optional subscriptions that help extend the value of Windows Vista Enterprise and Software Assurance. The Optimi-zation Pack is available for purchase at Select Level A ERP of $10/Desktop/year. This pricing is in addition to the base Windows Vista Enterprise/Software Assurance. Option to purchase as many sub-scription licenses not to exceed the number of desktops covered under Windows Client Software Assurance. Coverage co-terminates: we strongly recommend you purchase the subscription on the same enrollment as the covered Client Enterprise Agreement/Software Assurance desktops. Available in Enterprise Agreement and Open Value programs. There is an additional discount of 10-15% off of the annualized subscription price for company-wide coverage.

Q: Does the Optimization Pack work with System Center Configuration Manager?

A: yes. The Optimization Pack is complementary with System Center Configuration Manager. With the Application Virtualization con-nector for Microsoft Systems Management Server (SMS), you get all the benefits of the Application Virtualization Platform—includ-ing application virtualization and dynamic streaming—from within the SMS infrastructure. This combination allows you the flexibility to choose the best way to deploy and run applications while main-taining OS level patches, updates, inventory, asset tracking and much more from a single, integrated management point.

Q: How does Microsoft Desktop Optimization Pack for Software Assurance enhance other management solutions available from Microsoft?

A: Microsoft delivers a robust set of management solutions through SMS, MOM, Remote Installation Services, Intellimirror, etc., that enhance your ability to deploy the Windows desktop operating system, manage the application lifecycle, and provide a complete inventory. The Microsoft Desktop Optimization Pack for Software Assurance extends the manageability of the Microsoft desktop to enable more control, better asset tracking, and accelerate the deployment of the operating systems and the applications within the environment.

Q: Will using these tools help me improve my infrastructure maturity level?

A: yes. The technologies in the Desktop Optimization Pack for Soft-ware Assurance will help you improve your desktop maturity level. The Optimized Desktop includes both Advanced Group Policy Management which enables group policy workflow and versioning, and the Diagnostics and Recovery Toolset—both of which enable the processes necessary to move from basic to standardized. The third and fourth components are the Asset Inventory Service which enables you to collect business intelli-gence on your software assets, and the System Center Desktop Error Monitoring—which both move you from standardized to rationalized environments. The final two components are Micro-soft Application Virtualization and Microsoft Enterprise Desktop Virtualization., which not only allow you to minimize application-to-application and application-to-OS compatibility issues and accelerate OS deployment, but will also transform your applica-tions and OS into centrally managed, on-demand services which could help move you from the standardized stage through the dynamic stage, depending on your implementation.

Q: Is there any advantage having 100% of my desktops on the Microsoft Desktop Optimization Pack?

A: Yes. You may find that you can maximize the technology value by deploying the technology on all of the desktops in your environ-ment. In addition, customers can receive up to a 15% discount in their Enterprise Agreement by choosing to purchase the Micro-soft Desktop Optimization Pack for 100% of the desktops in their environment under their agreement.

Frequently Asked Questions

Learn more about the Microsoft Desktop Optimization Pack for Software Assurance, Windows Vista Enterprise and Windows Vista Enterprise Centralized Desktop at www.windowsvista.com/optimizeddesktop.

Part. No. 098-109932