One of the most interesting tidbits to emerge from the Ignite conference so far has been Microsoft’s announcement of its “Windows Update for Business” service. Terry Myerson himself, Microsoft’s EVP for Operating Systems, made this announcement — and offers an equivalent Blogging Windows post on the topic — which shows that the company really gets how important handling updates at the enterprise level truly is, and has put some serious thought into accommodating a very different set of needs and priorities when it comes to staging and deploying such updates in a business environment.
With Windows 10, MS will finally offer a different kind of Windows Update for business users, emphasis on enterprise-class deployments.
[Click image for full-size view, if the “fine print” is too challenging.]
What does Windows Update for Business involve? There’s a lot of hoopla in the announcement about matters related to protection, for devices, identity, applications, and information, but I’ll let the announcement handle those details. What I — and most enterprise IT organizations — care about even more is support for how updates get managed and deployed. Historically, the consumer-grade version of Windows Update has been totally at odds with business needs in that it’s endpoint driven, automatic, and more or less involuntary. In enterprise environments, the first concern about change management is to ensure that introducing change does not also introduce unwanted side effects, particularly those that might affect the proper operation of mission-critical line of business and custom applications. Perforce, there’s no way for MS to test against such things before unleashing updates on the world, so enterprise IT organizations have no choice but to test such things themselves, and only to permit updates that don’t create negative impacts to be deployed in their production environments. In addition, most enterprise IT organizations have only short intervals during which update deployment is scheduled to occur (usually on a monthly or quarterly basis) and they must be able to stage and deploy safe updates within the time windows available to them, or roll back problem or incomplete updates before the update time window closes, so as to leave their production environments in a stable, working state for employees, contractors, and partners to use when production work resumes immediately thereafter.
The MS announcement takes strong cognizance of these needs and the enterprise update situation. To that end, it includes the following capabilities:
1. Distribution rings: a means whereby IT can specify which devices go first in an update wave, and which devices will come later (this provides an opportunity to pilot new or changed elements to power users, developers, and the like, to enable issues to manifest and be solved, before rolling updates out to the entire world of production).
2. Maintenance windows: enables IT departments to establish the dates and times when updates may occur, and — more important — when they may not occur.
3. Peer-to-peer delivery: permits IT to deliver updates to branch offices and remote sites only once, after which they can fan out to individual nodes and devices at the edge of the network. This is essential to conserving bandwidth across private or high-cost WAN links from central, highly-connected corporate sites to the network edge.
4. Integration with existing tools: permits management tools and environments (e.g. System Center or Enterprise Mobility Suite) to continue to function as the “single pane of glass” through which to manage update deployment along with the myriad of other functions needed to care for and troubleshoot enterprise IT environments. I’m curious to see how well this will play in enterprises that use non-MS tools to perform such functions (where connectors may need to be built before full-scale integration is possible), though MS platforms already seem to be covered.
As somebody who’s witnessed a few holiday weekend exercises in update deployment, with a battery of experts on tap to escalate and shoot the inevitable trouble that often pops up as the time window expires, I’m delighted to see that Microsoft is getting with the program that has been in place in enterprise IT environments since the beginning. All I can say is “About time!” And again, it will be fascinating to see how the elements described above play out in actual high-volume deployments once Windows 10 has been deployed in sufficient numbers to make it suitable to put Windows Update for Business to work in the real world.